Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91824 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Malware or redirecting program [Solved]


  • This topic is locked This topic is locked
32 replies to this topic

#16 morrisoncredit

morrisoncredit

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 19 November 2013 - 08:20 AM

Looks to be running good...other instructions?


    Advertisements

Register to Remove


#17 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 19 November 2013 - 10:30 AM

When you ran OTL the very first time there was a file created named Extras.txt.  Could you post that please?  If you don't have it please do the following....
 
Please open OTL.

  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, click the None button near the top (it may looked greyed out)
  • In the Extra Registry section change it to All
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open 2 notepad windows, OTL.Txt and Extra.txt. Please post the Extra.txt.
----------


Posted Image
 
 

#18 morrisoncredit

morrisoncredit

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 19 November 2013 - 02:13 PM

OTL Log

 

OTL logfile created on: 11/19/2013 3:12:16 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Juanita\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.21 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 50.68% Memory free
6.43 Gb Paging File | 4.74 Gb Available in Paging File | 73.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.32 Gb Total Space | 897.25 Gb Free Space | 96.34% Space Free | Partition Type: NTFS
 
Computer Name: JUANITADAVIS | User Name: Juanita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

< End of report >
 

 

Extras Log

 

OTL Extras logfile created on: 11/19/2013 3:12:16 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Juanita\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.21 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 50.68% Memory free
6.43 Gb Paging File | 4.74 Gb Available in Paging File | 73.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.32 Gb Total Space | 897.25 Gb Free Space | 96.34% Space Free | Partition Type: NTFS
 
Computer Name: JUANITADAVIS | User Name: Juanita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D484031-14EB-4C9E-830D-1564C8C83943}" = lport=445 | protocol=6 | dir=in | app=system |
"{48CAE653-9609-431B-A9F6-F43D42CC2CE9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{4C3576A1-6AC9-4032-835C-4C56618ED6E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75D242BE-71BE-48C8-A0C6-4E81EABEE648}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9B17B891-77D9-4DC7-AE61-3686A2E50849}" = lport=138 | protocol=17 | dir=in | app=system |
"{9FBB91E8-845C-43FB-898E-C49999A1F469}" = rport=137 | protocol=17 | dir=out | app=system |
"{AAE7FEA5-88F6-4B6C-A20A-1342A556D7BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{AEA39082-6861-4117-989E-7DDD1C4BC3E5}" = rport=138 | protocol=17 | dir=out | app=system |
"{B361B3A2-C0A2-41A3-9945-93F7D6074393}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8D4A4A6-8570-4F6B-98E1-2ECA8367116B}" = rport=139 | protocol=6 | dir=out | app=system |
"{C6008137-38E9-4C94-9156-727F054130B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6FA86BC-BAAE-4E92-9FB2-D72A0DE8AC42}" = lport=139 | protocol=6 | dir=in | app=system |
"{E1C72E79-3DBF-49C7-A5A3-FCCF4945642B}" = lport=137 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0435DA49-6C9B-4A4B-9D66-297A303B9C77}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{09477289-D93E-4CFA-AF6A-B03FEC10CFE1}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{2419D5F9-DCF4-4A14-9C34-6C28D03CFF55}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{271D73E4-7F8F-4C5A-8292-4C673F49BA82}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4EC9BA2F-7B79-4C84-A7F7-BD708985D698}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{55EC25A2-1957-46A9-8644-0A5D2EDD5165}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{9C798235-0D92-4677-A2B1-29425761BA36}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A92EB3E4-686C-4B9D-9DC6-8EDC2D99E0A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ADD5056A-C8EB-481A-9EAC-2BE8D4D721DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B21CBFB1-D1C3-46AF-B22D-97FA09C276DB}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{CC2CF829-8E4B-4C61-B7B4-2FDCB46FA048}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F3B109BA-9EBD-4828-9AB7-5659CC5613FD}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{FF1891AD-2C59-469C-A64B-526A6693BD58}" = dir=in | app=c:\users\juanita\appdata\local\microsoft\skydrive\skydrive.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{177D00EF-F325-43CB-9036-023A70EEAB61}" = QBSetup
"{2421E8FE-AE35-493A-94F5-66307E006ECF}" = QuickBooks_VC10_Debug
"{286B09BC-F9BD-4F71-B767-2AE0CE2F8CE5}" = ScorpionSaver Services
"{294EA84A-B5AA-4C41-90EF-144A2A7EAA16}" = QuickBooks
"{29DFD408-77A0-405D-A62E-17AA38E9EE6E}" = QuickBooks Enterprise Solutions: Retail Edition 12.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B65F9A3-9D24-452A-B6EF-1457D65E4259}" = ScorpionSaver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{D39BAE47-1B85-41F6-9348-44E965009B56}" = PC Meter Connect
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avast" = avast! Free Antivirus
"BD561D5D94E7AFC181BE8A098D2EC2B90BD07068" = Windows Driver Package - Pitney Bowes (DM150Drv) USB  (07/04/2010 2.0.1.5)
"CCleaner" = CCleaner
"DYMO Label v.8" = DYMO Label v.8
"Free Window Registry Repair" = Free Window Registry Repair
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Chrome" = Google Chrome
"IECT3310511" = SweetPacks Toolbar for IE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Revo Uninstaller" = Revo Uninstaller 1.95
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WNLT" = IB Updater Service
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{856AD396-519D-4C7A-BED6-6785F64924BC}" = GreatArcadeHits
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/15/2013 1:18:21 PM | Computer Name = JuanitaDavis | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 11/15/2013 1:18:23 PM | Computer Name = JuanitaDavis | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Got unexpected error
 5 in call to NetShareGetInfo for path \\SERVERHP\Company Files\ar2012.Q
 
Error - 11/15/2013 1:20:10 PM | Computer Name = JuanitaDavis | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions:
 Retail 12.0": Got unexpected error 5 in call to NetShareGetInfo for path \\SERVERHP\Company
 Files\ar2012.Q
 
Error - 11/15/2013 1:20:12 PM | Computer Name = JuanitaDavis | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions:
 Retail 12.0": Got unexpected error 5 in call to NetShareGetInfo for path \\SERVERHP\Company
 Files\ar2012.Q
 
Error - 11/15/2013 1:25:07 PM | Computer Name = JuanitaDavis | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 11/15/2013 1:25:07 PM | Computer Name = JuanitaDavis | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 11/15/2013 1:25:07 PM | Computer Name = JuanitaDavis | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 11/15/2013 1:25:52 PM | Computer Name = JuanitaDavis | Source = WinMgmt | ID = 10
Description =
 
Error - 11/15/2013 1:27:36 PM | Computer Name = JuanitaDavis | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions:
 Retail 12.0": Got unexpected error 5 in call to NetShareGetInfo for path \\SERVERHP\Company
 Files\ar2012.Q
 
Error - 11/15/2013 1:27:52 PM | Computer Name = JuanitaDavis | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
[ System Events ]
Error - 11/15/2013 10:18:51 AM | Computer Name = JuanitaDavis | Source = DCOM | ID = 10016
Description =
 
Error - 11/15/2013 10:18:52 AM | Computer Name = JuanitaDavis | Source = DCOM | ID = 10016
Description =
 
Error - 11/15/2013 1:24:07 PM | Computer Name = JuanitaDavis | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:21:30 PM on ?11/?15/?2013 was unexpected.
 
Error - 11/15/2013 1:24:14 PM | Computer Name = JuanitaDavis | Source = BugCheck | ID = 1001
Description =
 
Error - 11/15/2013 1:24:41 PM | Computer Name = JuanitaDavis | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
 %%835     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%842
 
Error - 11/15/2013 1:25:30 PM | Computer Name = JuanitaDavis | Source = DCOM | ID = 10016
Description =
 
Error - 11/15/2013 1:25:32 PM | Computer Name = JuanitaDavis | Source = DCOM | ID = 10016
Description =
 
Error - 11/16/2013 8:43:07 AM | Computer Name = JuanitaDavis | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
 %%835     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%842
 
Error - 11/16/2013 8:43:43 AM | Computer Name = JuanitaDavis | Source = DCOM | ID = 10016
Description =
 
Error - 11/16/2013 8:43:44 AM | Computer Name = JuanitaDavis | Source = DCOM | ID = 10016
Description =
 
 
< End of report >
 



#19 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 19 November 2013 - 03:01 PM

81mYIKe.jpgAdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

----------
 

GUZVCQN.jpgMalwarebytes
 
Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 

ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


Posted Image
 
 

#20 morrisoncredit

morrisoncredit

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 20 November 2013 - 12:48 PM

On Restart I get this message:

 

Microsoft.NET Framework

 

Unj=handled exception has occurred in you application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.

Object reference not set to an instance of an object.

 

AdWare Log

 

# AdwCleaner v3.012 - Report created 20/11/2013 at 12:10:37
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Juanita - JUANITADAVIS
# Running from : C:\Users\Juanita\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Windows\system32\ARFC
Folder Deleted : C:\Windows\system32\jmdp
Folder Deleted : C:\Windows\system32\WNLT
Folder Deleted : C:\Users\Juanita\AppData\Local\Conduit
Folder Deleted : C:\Users\Juanita\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Juanita\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Folder Deleted : C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
File Deleted : C:\END
File Deleted : C:\Windows\system32\ImhxxpComm.dll
File Deleted : C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\user.js
File Deleted : C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\Dealply

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Deleted : HKCU\Software\Google\Chrome\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CFEE9C31-6056-4631-B9BF-246A28B95754}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFEE9C31-6056-4631-B9BF-246A28B95754}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67B180A7-13E0-4BD6-98E7-DD733A39E4B8}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67B180A7-13E0-4BD6-98E7-DD733A39E4B8}
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3153924
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\prefs.js ]

Line Deleted : user_pref("CT3153924.FF19Solved", "true");
Line Deleted : user_pref("CT3153924.UserID", "UN39898513432788736");
Line Deleted : user_pref("CT3153924.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3153924.fullUserID", "UN39898513432788736.IN.20131108103855");
Line Deleted : user_pref("CT3153924.installDate", "08/11/2013 10:39:03");
Line Deleted : user_pref("CT3153924.installSessionId", "{103DA1B9-C83E-44F5-8A33-A4EDE0D3A072}");
Line Deleted : user_pref("CT3153924.installSp", "TRUE");
Line Deleted : user_pref("CT3153924.installerVersion", "1.7.1.7");
Line Deleted : user_pref("CT3153924.keyword", "true");
Line Deleted : user_pref("CT3153924.originalHomepage", "about:home");
Line Deleted : user_pref("CT3153924.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3153924.originalSearchEngine", "");
Line Deleted : user_pref("CT3153924.originalSearchEngineName", "");
Line Deleted : user_pref("CT3153924.searchRevert", "false");
Line Deleted : user_pref("CT3153924.searchUserMode", "2");
Line Deleted : user_pref("CT3153924.smartbar.homepage", "true");
Line Deleted : user_pref("CT3153924.versionFromInstaller", "10.22.2.30");
Line Deleted : user_pref("CT3153924.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3153924&CUI=UN39898513432788736&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "ob_128");
Line Deleted : user_pref("extensions.helperbar.installationid", "d6f7ba42-d051-09d5-a953-b09956f39997");
Line Deleted : user_pref("extensions.helperbar.installdate", "08/11/2013");
Line Deleted : user_pref("extensions.helperbar.publisher", "quickobrw");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3153924");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3153924&CUI=UN39898513432788736&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3153924&SearchSource=2&CUI=UN39898513432788736&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3153924");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3153924");
Line Deleted : user_pref("smartbar.machineId", "DWVTJPVTVYOZ4FT8I46+/VOWCA04UBRMLD3KLVANMMHSZHAE1HGVF9FMSRWCY6HPG5JH8BU4TEPKQ8V2DNRHCW");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R1].txt - [8646 octets] - [20/11/2013 12:10:01]
AdwCleaner[S0].txt - [8665 octets] - [20/11/2013 12:10:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8725 octets] ##########

 

 

ESET Scanner log

 

C:\$Recycle.Bin\S-1-5-21-2632463149-1244691494-2563405335-1000\$R6DPM3A.exe    multiple threats
C:\AdwCleaner\Quarantine\C\Windows\system32\ARFC\wrtc.exe.vir    a variant of Win32/Toolbar.Perion.G application
C:\Users\Juanita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\726IDHXI\SweetPacks[1].exe    multiple threats
C:\Users\Juanita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7M0I4GI4\bundlesweetimsetup[1].exe    probably a variant of Win32/SweetIM.C application
C:\Users\Juanita\AppData\Local\Temp\Shortcut_IMsetup.exe    probably a variant of Win32/SweetIM.C application
C:\Users\Juanita\AppData\Local\Temp\tbSwee.dll    a variant of Win32/Toolbar.Conduit.B application
C:\Users\Juanita\AppData\Local\Temp\WSSetup.exe    a variant of Win32/Toolbar.Perion.G application
C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}\components\SmartbarFireFoxRemotePlugin_20.dll    Win32/Toolbar.Linkury.D application
C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}\components\SmartbarFireFoxRemotePlugin_21.dll    Win32/Toolbar.Linkury.D application
C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}\components\SmartbarFireFoxRemotePlugin_22.dll    a variant of Win32/Toolbar.Linkury.D application
C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}\components\SmartbarFireFoxRemotePlugin_23.dll    a variant of Win32/Toolbar.Linkury.D application
C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}\components\SmartbarFireFoxRemotePlugin_24.dll    a variant of Win32/Toolbar.Linkury.D application
C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}\components\SmartbarFireFoxRemotePlugin_25.dll    a variant of Win32/Toolbar.Linkury.D application
C:\Users\Juanita\Downloads\cbsidlm-cbsi134-Free_Window_Registry_Repair-SEO-10606555.exe    probably a variant of Win32/CNETInstaller.A application
C:\Users\Juanita\Downloads\cbsidlm-cbsi134-Revo_Uninstaller-SEO-10687648.exe    probably a variant of Win32/CNETInstaller.A application
C:\Users\Juanita\Downloads\Firefox_Setup.exe    a variant of Win32/AdWare.iBryte.I.gen application
C:\Users\Juanita\Downloads\printkeypro-setup.exe    Win32/DownloadAdmin.G application
C:\_OTL\MovedFiles\11152013_091532\C_Program Files\SearchProtect\ffprotect\application.js    Win32/Conduit.SearchProtect.A application

 

 

Malware bytes Log

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16736
Juanita :: JUANITADAVIS [administrator]

11/20/2013 12:14:02 PM
Malwarebytes Log 20NOV2013.txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196442
Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Juanita\AppData\Local\Temp\ct3310511 (PUP.Optional.Conduit.A) -> No action taken.

Files Detected: 21
C:\$Recycle.Bin\S-1-5-21-2632463149-1244691494-2563405335-1000\$R6DPM3A.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-2632463149-1244691494-2563405335-1000\$RA4VSM3.exe (PUP.Optional.Conduit) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-2632463149-1244691494-2563405335-1000\$RC196FC.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-2632463149-1244691494-2563405335-1000\$RMPOWKO.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-2632463149-1244691494-2563405335-1000\$ROD9MC5.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-2632463149-1244691494-2563405335-1000\$RWJZFJ2.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Juanita\AppData\Local\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Juanita\AppData\Local\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Juanita\AppData\Local\Temp\Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Juanita\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Juanita\AppData\Local\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> No action taken.
C:\Users\Juanita\AppData\Local\Temp\WSSetup.exe (PUP.Optional.InstallBrain.A) -> No action taken.
C:\Users\Juanita\Downloads\Firefox_Setup.exe (PUP.Optional.iBryte) -> No action taken.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\2E8KIK3I\SkywalkerSetup[1].exe (PUP.Optional.Sweetpacks) -> No action taken.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\726IDHXI\mgsqlite3[1].7z (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\726IDHXI\SweetPacks[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\7M0I4GI4\bundlesweetimsetup[1].exe (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\7M0I4GI4\checktbexist[1].exe (PUP.Optional.Conduit) -> No action taken.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\8BCIZZLQ\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\8BCIZZLQ\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\8BCIZZLQ\SweetPacks[1].exe (PUP.Optional.Conduit.A) -> No action taken.

(end)

 



#21 morrisoncredit

morrisoncredit

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 20 November 2013 - 12:56 PM

Details on Microsot,Net Error

 

 

See the end of this message for details on invoking

just-in-time (JIT) debugging instead of this dialog box.

 

************** Exception Text **************

System.NullReferenceException: Object reference not set to an instance of an object.

   at QBWebConnector.RegistryManager.anyAppScheduled()

   at QBWebConnector.ScheduleManager.Scheduler_Tick(Object sender, EventArgs e)

   at QBWebConnector.EventManager.OnClockTicked(Object sender)

   at QBWebConnector.QBWebConnector.Clock_Ticked(Object sender, EventArgs args)

   at System.Windows.Forms.Timer.OnTick(EventArgs e)

   at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)

   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

 

 

************** Loaded Assemblies **************

mscorlib

    Assembly Version: 4.0.0.0

    Win32 Version: 4.0.30319.18052 built by: FX45RTMGDR

    CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll

----------------------------------------

QBWebConnector

    Assembly Version: 2.1.0.27

    Win32 Version: 2.1.0.27

    CodeBase: file:///C:/Program%20Files/Common%20Files/Intuit/QuickBooks/QBWebConnector/QBWebConnector.exe

----------------------------------------

System.Windows.Forms

    Assembly Version: 4.0.0.0

    Win32 Version: 4.0.30319.18047 built by: FX45RTMGDR

    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll

----------------------------------------

System.Drawing

    Assembly Version: 4.0.0.0

    Win32 Version: 4.0.30319.18021 built by: FX45RTMGDR

    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll

----------------------------------------

System

    Assembly Version: 4.0.0.0

    Win32 Version: 4.0.30319.18044 built by: FX45RTMGDR

    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll

----------------------------------------

QBWCUtil

    Assembly Version: 2.1.0.27

    Win32 Version: 2.1.0.27

    CodeBase: file:///C:/Program%20Files/Common%20Files/Intuit/QuickBooks/QBWebConnector/QBWCUtil.DLL

----------------------------------------

QBWCCommon

    Assembly Version: 2.1.0.27

    Win32 Version: 2.1.0.27

    CodeBase: file:///C:/Windows/assembly/GAC_32/QBWCCommon/2.1.0.27__82cc56431f1a971d/QBWCCommon.dll

----------------------------------------

System.Runtime.Remoting

    Assembly Version: 4.0.0.0

    Win32 Version: 4.0.30319.17929 built by: FX45RTMREL

    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Runtime.Remoting/v4.0_4.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll

----------------------------------------

System.Configuration

    Assembly Version: 4.0.0.0

    Win32 Version: 4.0.30319.18060 built by: FX45RTMGDR

    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll

----------------------------------------

System.Xml

    Assembly Version: 4.0.0.0

    Win32 Version: 4.0.30319.18060 built by: FX45RTMGDR

    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll

----------------------------------------

QBWCInterfaces

    Assembly Version: 2.1.0.27

    Win32 Version: 2.1.0.27

    CodeBase: file:///C:/Windows/assembly/GAC/QBWCInterfaces/2.1.0.27__82cc56431f1a971d/QBWCInterfaces.dll

----------------------------------------

Interop.QBXMLRP2

    Assembly Version: 8.0.1.104

    Win32 Version: 8.0.1.104

    CodeBase: file:///C:/Windows/assembly/GAC/Interop.QBXMLRP2/8.0.1.104__31d8aec643e18259/Interop.QBXMLRP2.dll

----------------------------------------

Syncfusion.Grid.Windows

    Assembly Version: 6.402.0.15

    Win32 Version: 6.402.0.15

    CodeBase: file:///C:/Program%20Files/Common%20Files/Intuit/QuickBooks/QBWebConnector/Syncfusion.Grid.Windows.DLL

----------------------------------------

Syncfusion.Shared.Base

    Assembly Version: 6.402.0.15

    Win32 Version: 6.402.0.15

    CodeBase: file:///C:/Program%20Files/Common%20Files/Intuit/QuickBooks/QBWebConnector/Syncfusion.Shared.Base.DLL

----------------------------------------

Syncfusion.Core

    Assembly Version: 6.402.0.15

    Win32 Version: 6.402.0.15

    CodeBase: file:///C:/Program%20Files/Common%20Files/Intuit/QuickBooks/QBWebConnector/Syncfusion.Core.DLL

----------------------------------------

Syncfusion.Grid.Base

    Assembly Version: 6.402.0.15

    Win32 Version: 6.402.0.15

    CodeBase: file:///C:/Program%20Files/Common%20Files/Intuit/QuickBooks/QBWebConnector/Syncfusion.Grid.Base.DLL

----------------------------------------

Syncfusion.Shared.Windows

    Assembly Version: 6.402.0.15

    Win32 Version: 6.402.0.15

    CodeBase: file:///C:/Program%20Files/Common%20Files/Intuit/QuickBooks/QBWebConnector/Syncfusion.Shared.Windows.DLL

----------------------------------------

 

************** JIT Debugging **************

To enable just-in-time (JIT) debugging, the .config file for this

application or computer (machine.config) must have the

jitDebugging value set in the system.windows.forms section.

The application must also be compiled with debugging

enabled.

 

For example:

 

<configuration>

    <system.windows.forms jitDebugging="true" />

</configuration>

 

When JIT debugging is enabled, any unhandled exception

will be sent to the JIT debugger registered on the computer

rather than be handled by this dialog box.



#22 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 20 November 2013 - 01:56 PM

Run a new scan with Malwarebytes and this time remove everything found.  Post the new log.

 

Also let me know if you continue getting that error message.  :)


Posted Image
 
 

#23 morrisoncredit

morrisoncredit

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 20 November 2013 - 02:19 PM

Still get the error message on startup

 

Details:

 

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.NullReferenceException: Object reference not set to an instance of an object.
   at QBWebConnector.RegistryManager.anyAppScheduled()
   at QBWebConnector.ScheduleManager.Scheduler_Tick(Object sender, EventArgs e)
   at QBWebConnector.EventManager.OnClockTicked(Object sender)
   at QBWebConnector.QBWebConnector.Clock_Ticked(Object sender, EventArgs args)
   at System.Windows.Forms.Timer.OnTick(EventArgs e)
   at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.18052 built by: FX45RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll
----------------------------------------
QBWebConnector
    Assembly Version: 2.1.0.27
    Win32 Version: 2.1.0.27
    CodeBase: file:///C:/Program%20Files/Common%20Files/Intuit/QuickBooks/QBWebConnector/QBWebConnector.exe
----------------------------------------
System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.18047 built by: FX45RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.18021 built by: FX45RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.18044 built by: FX45RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
QBWCUtil
    Assembly Version: 2.1.0.27
    Win32 Version: 2.1.0.27
    CodeBase: file:///C:/Program%20Files/Common%20Files/Intuit/QuickBooks/QBWebConnector/QBWCUtil.DLL
----------------------------------------
QBWCCommon
    Assembly Version: 2.1.0.27
    Win32 Version: 2.1.0.27
    CodeBase: file:///C:/Windows/assembly/GAC_32/QBWCCommon/2.1.0.27__82cc56431f1a971d/QBWCCommon.dll
----------------------------------------
System.Runtime.Remoting
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.17929 built by: FX45RTMREL
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Runtime.Remoting/v4.0_4.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
System.Configuration
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.18060 built by: FX45RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
    Assembly Version: 4.0.0.0
    Win32 Version: 4.0.30319.18060 built by: FX45RTMGDR
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
QBWCInterfaces
    Assembly Version: 2.1.0.27
    Win32 Version: 2.1.0.27
    CodeBase: file:///C:/Windows/assembly/GAC/QBWCInterfaces/2.1.0.27__82cc56431f1a971d/QBWCInterfaces.dll
----------------------------------------
Interop.QBXMLRP2
    Assembly Version: 8.0.1.104
    Win32 Version: 8.0.1.104
    CodeBase: file:///C:/Windows/assembly/GAC/Interop.QBXMLRP2/8.0.1.104__31d8aec643e18259/Interop.QBXMLRP2.dll
----------------------------------------
Syncfusion.Grid.Windows
    Assembly Version: 6.402.0.15
    Win32 Version: 6.402.0.15
    CodeBase: file:///C:/Program%20Files/Common%20Files/Intuit/QuickBooks/QBWebConnector/Syncfusion.Grid.Windows.DLL
----------------------------------------
Syncfusion.Shared.Base
    Assembly Version: 6.402.0.15
    Win32 Version: 6.402.0.15
    CodeBase: file:///C:/Program%20Files/Common%20Files/Intuit/QuickBooks/QBWebConnector/Syncfusion.Shared.Base.DLL
----------------------------------------
Syncfusion.Core
    Assembly Version: 6.402.0.15
    Win32 Version: 6.402.0.15
    CodeBase: file:///C:/Program%20Files/Common%20Files/Intuit/QuickBooks/QBWebConnector/Syncfusion.Core.DLL
----------------------------------------
Syncfusion.Grid.Base
    Assembly Version: 6.402.0.15
    Win32 Version: 6.402.0.15
    CodeBase: file:///C:/Program%20Files/Common%20Files/Intuit/QuickBooks/QBWebConnector/Syncfusion.Grid.Base.DLL
----------------------------------------
Syncfusion.Shared.Windows
    Assembly Version: 6.402.0.15
    Win32 Version: 6.402.0.15
    CodeBase: file:///C:/Program%20Files/Common%20Files/Intuit/QuickBooks/QBWebConnector/Syncfusion.Shared.Windows.DLL
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.


Malwarebytes log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Juanita :: JUANITADAVIS [administrator]

11/20/2013 3:06:12 PM
mbam-log-2013-11-20 (15-06-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198035
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Juanita\AppData\Local\Temp\ct3310511 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 21
C:\$Recycle.Bin\S-1-5-21-2632463149-1244691494-2563405335-1000\$R6DPM3A.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2632463149-1244691494-2563405335-1000\$RA4VSM3.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2632463149-1244691494-2563405335-1000\$RC196FC.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2632463149-1244691494-2563405335-1000\$RMPOWKO.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2632463149-1244691494-2563405335-1000\$ROD9MC5.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2632463149-1244691494-2563405335-1000\$RWJZFJ2.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Juanita\AppData\Local\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Juanita\AppData\Local\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Juanita\AppData\Local\Temp\Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Juanita\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Juanita\AppData\Local\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Juanita\AppData\Local\Temp\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Users\Juanita\Downloads\Firefox_Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\2E8KIK3I\SkywalkerSetup[1].exe (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\726IDHXI\mgsqlite3[1].7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\726IDHXI\SweetPacks[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\7M0I4GI4\bundlesweetimsetup[1].exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\7M0I4GI4\checktbexist[1].exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\8BCIZZLQ\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\8BCIZZLQ\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Juanita\Local Settings\Temporary Internet Files\Content.IE5\8BCIZZLQ\SweetPacks[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)
 



#24 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 21 November 2013 - 06:48 AM

ttLR1ki.jpg
 
Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
     
    :Services
     
    :Files
    C:\$Recycle.Bin\S-1-5-21-2632463149-1244691494-2563405335-1000\$R6DPM3A.exe    
    C:\Users\Juanita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\726IDHXI\SweetPacks[1].exe    
    C:\Users\Juanita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7M0I4GI4\bundlesweetimsetup[1].exe    
    C:\Users\Juanita\AppData\Local\Temp\Shortcut_IMsetup.exe    
    C:\Users\Juanita\AppData\Local\Temp\tbSwee.dll    
    C:\Users\Juanita\AppData\Local\Temp\WSSetup.exe    
    C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}\components\SmartbarFireFoxRemotePlugin_20.dll   
    C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}\components\SmartbarFireFoxRemotePlugin_21.dll    
    C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}\components\SmartbarFireFoxRemotePlugin_22.dll    
    C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}\components\SmartbarFireFoxRemotePlugin_23.dll    
    C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}\components\SmartbarFireFoxRemotePlugin_24.dll    
    C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}\components\SmartbarFireFoxRemotePlugin_25.dll    
    C:\Users\Juanita\Downloads\cbsidlm-cbsi134-Free_Window_Registry_Repair-SEO-10606555.exe    
    C:\Users\Juanita\Downloads\cbsidlm-cbsi134-Revo_Uninstaller-SEO-10687648.exe    
    C:\Users\Juanita\Downloads\Firefox_Setup.exe    
    C:\Users\Juanita\Downloads\printkeypro-setup.exe    
     
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Post the new OTL log and also, if you can, take a screenshot of the error message you are receiving.   :)


Posted Image
 
 

#25 morrisoncredit

morrisoncredit

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 21 November 2013 - 09:29 AM

OTL Log

 

OTL logfile created on: 11/21/2013 9:31:34 AM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Juanita\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.21 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 62.58% Memory free
6.43 Gb Paging File | 5.18 Gb Available in Paging File | 80.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.32 Gb Total Space | 897.20 Gb Free Space | 96.34% Space Free | Partition Type: NTFS
 
Computer Name: JUANITADAVIS | User Name: Juanita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Users\Juanita\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\QBW32.EXE (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
PRC - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe (Pitney Bowes, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ab2cffcdd67b751142b312499326e000\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\77fecc71de35ed9e6b3bb2e5f0f48b5b\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\804e0dbc098fa0734634d46e5f8312dc\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\07b63f53bc1ffffbd9c81274cc9ff1b3\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8dc29cf1aaf77414ae2e4600ae3f341c\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\73169468bf0213a80f207cdb559d63be\Microsoft.Office.Tools.Outlook.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\e8d32902b990ed0ba0223046e31e60ce\Microsoft.Office.Tools.Common.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\352bfaa89ea0d99eb89cbcba0034810e\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f2e9a40e566995e1fd1aa8e50553d319\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ade52a97ed742e1f90593339b30d18a3\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c48d02c3c08fa60f99d7180aa6e73ac3\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\70c5471a8cac001fc664a578b1f0afa4\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a99da7bda9f4621371bfcf875a174e3d\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\ebef66857ffef9d24ddfcdbff3cd7f75\Microsoft.Office.Tools.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\352f2fe4f7ab5499e2dcd40e29687b03\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e89e99481fe173180e85c49f97e01f93\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4774201dc923674852e089053f76e76e\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\35a6b66e089f9164215c96127a0c6276\System.AddIn.Contract.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\8b5820f1ec9218f4d824680844cef0aa\System.AddIn.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3d075c3b7d099aca217beecac1f66b4b\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Users\Juanita\AppData\Local\assembly\dl3\VVQ8OP0G.V6E\V5TKCY3Z.6O7\bada7a79\0040cfca_6e19ce01\DYMO.Common.DLL ()
MOD - C:\Users\Juanita\AppData\Local\assembly\dl3\VVQ8OP0G.V6E\V5TKCY3Z.6O7\b348ebc0\00c499fb_8f57cc01\Outlook07DymoAddIn.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\office.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll ()
MOD - C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\K700.Common\1.0.3.0__089a49f3bff26a22\K700.Common.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\QBMAPILibrary.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\QBCompressor.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\mbpopup.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\boost_regex-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\boost_serialization-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\BackupLib.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\zlib1.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Level Quality Watcher) -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBVSS) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (DymoPnpService) -- C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSP) -- C:\Windows\System32\drivers\aswsp.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (DM150Drv) -- C:\Windows\System32\drivers\DM150Drv.sys (Pitney Bowes)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.newzjunky.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.startup.homepage: "www.newzjunky.com"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7Bd6f7ba42-d051-09d5-a953-b09956f39997%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/08 10:35:55 | 000,000,000 | ---D | M]
 
[2013/11/08 10:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juanita\AppData\Roaming\Mozilla\Extensions
[2013/11/15 09:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions
[2013/11/08 10:42:41 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}
[2013/11/20 10:38:38 | 000,000,000 | ---D | M] (ScorpionSaver) -- C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\ScorpionSaver@jetpack
[2013/11/16 09:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/16 09:57:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/08 10:35:55 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: avast! Online Security = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Google Wallet = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
 
O1 HOSTS File: ([2013/11/15 09:16:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PC Meter Connect] C:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe (Pitney Bowes, Inc.)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_F81692250FCFE3793935712636237452] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFB6D8AE-FD45-42A8-B2C8-C9871D11B4AC}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/20 14:02:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013/11/20 14:02:14 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013/11/20 14:02:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013/11/20 14:02:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2013/11/20 14:02:10 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013/11/20 14:02:10 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbGD.sys
[2013/11/20 14:02:04 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013/11/20 14:02:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013/11/20 14:02:04 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013/11/20 14:02:04 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2013/11/20 14:02:04 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013/11/20 14:02:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013/11/20 14:02:04 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013/11/20 14:02:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013/11/20 14:02:04 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013/11/20 14:02:03 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013/11/20 14:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/11/20 14:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/11/20 14:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/11/20 14:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/11/20 14:00:28 | 000,000,000 | ---D | C] -- C:\Intel
[2013/11/20 13:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/11/20 13:49:58 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/20 13:49:58 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/11/20 13:49:58 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/20 13:49:58 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/20 13:49:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/20 13:49:58 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/20 13:49:57 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/20 13:49:57 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/20 13:49:57 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/11/20 13:49:57 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/11/20 13:49:57 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/20 13:49:57 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/20 13:49:57 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/11/20 13:49:57 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/20 13:49:57 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/11/20 13:49:57 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/11/20 13:49:57 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/20 13:49:57 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/20 13:49:57 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/11/20 13:49:57 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/20 13:49:57 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/20 13:49:57 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/20 13:49:57 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/20 13:49:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/20 13:49:57 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/20 13:49:57 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/20 13:49:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/20 13:49:56 | 004,240,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/20 13:49:56 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/11/20 13:49:56 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/20 13:49:56 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/20 13:49:56 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/20 13:49:56 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/11/20 13:49:56 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/20 13:49:56 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/20 13:49:56 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013/11/20 13:49:56 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/20 13:49:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/11/20 13:49:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/20 13:49:56 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/20 13:49:56 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/20 13:49:56 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/20 13:49:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/11/20 13:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/11/20 13:44:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013/11/20 13:44:28 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/11/20 13:44:27 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/11/20 12:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/20 12:08:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/11/20 12:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/20 10:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/11/20 10:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/11/20 10:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/11/20 10:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/11/20 10:32:12 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Adobe
[2013/11/16 14:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2013/11/16 14:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2013/11/16 09:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/15 12:24:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/11/15 09:22:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/11/15 09:15:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/15 09:13:49 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/11/15 09:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/11/14 10:50:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/14 07:49:23 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/11/14 07:49:22 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/14 07:49:17 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/11/14 07:49:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013/11/14 07:49:15 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013/11/14 07:49:15 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/11 13:09:12 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Documents\PrintScreen Files
[2013/11/11 13:09:12 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
[2013/11/11 13:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
[2013/11/11 13:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Gadwin Systems
[2013/11/11 08:00:32 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2013/11/11 08:00:32 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2013/11/11 07:48:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2013/11/09 16:31:20 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013/11/09 16:31:18 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013/11/09 16:31:18 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013/11/09 16:09:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/11/09 16:07:20 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/11/09 16:07:20 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/11/09 16:07:20 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/11/09 16:07:20 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/11/09 16:07:20 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/11/09 16:07:20 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/11/09 16:07:20 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/11/09 16:07:20 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/11/09 16:07:20 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/11/09 16:07:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/11/09 16:07:20 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/11/09 16:07:20 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/11/09 16:07:20 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/11/09 16:07:20 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/11/09 16:07:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/11/09 16:07:20 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/11/09 16:07:20 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/11/09 16:07:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/11/09 16:07:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/11/09 16:07:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/11/09 16:07:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/11/09 16:07:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/11/09 16:07:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/11/09 16:07:20 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/11/09 16:05:57 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/11/09 12:22:19 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\assembly
[2013/11/09 11:55:44 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Deployment
[2013/11/09 11:55:44 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Apps
[2013/11/09 11:51:03 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\WTT NOV 2013
[2013/11/09 09:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/11/09 09:33:48 | 000,047,736 | ---- | C] (Pitney Bowes) -- C:\Windows\System32\drivers\generic.sys
[2013/11/09 09:32:44 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\{C5DFEA20-CA95-4908-9CD4-A301AF5E7BAB}
[2013/11/09 08:13:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013/11/09 08:13:06 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/11/09 08:13:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2013/11/09 08:12:33 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/11/09 08:12:17 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013/11/09 08:12:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2013/11/09 08:11:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2013/11/09 08:11:39 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2013/11/09 08:11:35 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2013/11/09 08:11:35 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2013/11/09 08:11:32 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013/11/09 08:11:29 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/11/09 08:11:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2013/11/09 08:11:25 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/11/09 08:11:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/11/09 08:11:14 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/11/09 08:11:14 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/11/09 08:11:13 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2013/11/09 08:11:13 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/11/09 08:11:12 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/11/09 08:10:59 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/11/09 08:10:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013/11/09 08:10:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/11/09 08:10:58 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013/11/09 08:10:57 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013/11/09 08:10:54 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/11/09 08:10:53 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/11/09 08:10:40 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2013/11/09 08:10:39 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2013/11/09 08:10:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2013/11/09 08:10:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2013/11/09 08:10:13 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2013/11/09 08:10:13 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2013/11/09 08:10:13 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2013/11/09 08:10:12 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2013/11/09 08:10:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2013/11/09 08:10:12 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2013/11/09 08:10:10 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2013/11/09 08:10:05 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2013/11/09 08:10:03 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013/11/09 08:10:03 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/11/09 08:10:02 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2013/11/09 08:10:01 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2013/11/09 08:10:00 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2013/11/09 08:09:58 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/11/09 08:09:55 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/11/09 08:09:54 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2013/11/09 08:09:54 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2013/11/09 08:09:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2013/11/09 08:09:47 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013/11/09 08:09:37 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/11/09 08:09:34 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/11/09 08:09:11 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/11/09 08:09:11 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/11/09 08:09:11 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/11/09 08:09:10 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/11/09 08:09:10 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/11/09 08:09:10 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/11/09 08:09:10 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/11/09 08:09:10 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/11/09 08:09:10 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/11/09 08:09:10 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/11/09 08:09:10 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/11/09 08:09:10 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/11/09 08:09:09 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/11/09 08:09:09 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/11/09 08:09:09 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/11/09 08:09:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/11/09 08:08:09 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2013/11/09 08:08:07 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2013/11/09 08:08:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2013/11/09 08:08:06 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2013/11/09 08:08:06 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2013/11/09 08:08:06 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2013/11/09 08:08:03 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2013/11/09 08:08:03 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2013/11/09 08:08:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2013/11/09 08:07:59 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2013/11/09 08:07:49 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/11/09 08:07:35 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2013/11/09 08:07:35 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2013/11/09 08:07:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/11/09 08:07:23 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2013/11/09 08:07:23 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2013/11/09 08:07:16 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013/11/09 08:07:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013/11/09 08:07:15 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/11/09 08:07:15 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/11/09 08:07:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/11/09 08:07:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/11/09 08:07:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/11/09 08:07:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/11/09 08:07:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/11/09 08:07:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/11/09 08:07:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/11/09 08:07:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/11/09 08:07:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/11/09 08:07:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/11/09 08:07:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/11/09 08:07:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/11/09 08:07:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/11/09 08:07:11 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2013/11/09 08:07:10 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2013/11/09 07:59:22 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/11/08 14:55:57 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Diagnostics
[2013/11/08 14:47:31 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Documents\Outlook Files
[2013/11/08 14:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/11/08 14:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/11/08 14:13:45 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/11/08 14:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/11/08 14:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/11/08 14:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/11/08 14:09:11 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/11/08 13:15:13 | 000,230,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/11/08 13:13:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/11/08 12:44:48 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\QuickBooks Letter Templates
[2013/11/08 12:26:06 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\LogMeIn Rescue Applet
[2013/11/08 12:07:56 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013/11/08 12:07:56 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013/11/08 12:07:56 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2013/11/08 12:05:51 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/11/08 12:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/11/08 12:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/11/08 12:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/11/08 11:43:56 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\ElevatedDiagnostics
[2013/11/08 11:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO
[2013/11/08 11:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/11/08 11:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/11/08 11:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\DYMO
[2013/11/08 11:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\DYMO
[2013/11/08 11:17:31 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Intuit
[2013/11/08 11:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
[2013/11/08 11:15:23 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Macromedia
[2013/11/08 11:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2013/11/08 11:13:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Intuit
[2013/11/08 11:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2013/11/08 11:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2013/11/08 11:09:27 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Microsoft Help
[2013/11/08 11:08:57 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Xerox
[2013/11/08 11:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SkyDrive
[2013/11/08 11:05:46 | 000,000,000 | R--D | C] -- C:\Users\Juanita\SkyDrive
[2013/11/08 11:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/11/08 11:05:21 | 000,000,000 | ---D | C] -- C:\5853f73ae1f668bddf
[2013/11/08 11:01:09 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\HP
[2013/11/08 10:56:56 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/11/08 10:56:56 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/11/08 10:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pitney Bowes
[2013/11/08 10:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Pitney Bowes
[2013/11/08 10:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Pitney Bowes
[2013/11/08 10:48:37 | 000,338,944 | ---- | C] (Adpeak, Inc.) -- C:\Windows\System32\AdpeakProxy.dll
[2013/11/08 10:48:36 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Download Manager
[2013/11/08 10:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Akamai
[2013/11/08 10:42:27 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\NativeMessaging
[2013/11/08 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\CRE
[2013/11/08 10:40:18 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/08 10:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/11/08 10:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/08 10:38:09 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\AVAST Software
[2013/11/08 10:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/08 10:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/08 10:36:07 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Google
[2013/11/08 10:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/11/08 10:35:58 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/08 10:35:57 | 000,774,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/08 10:35:57 | 000,403,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2013/11/08 10:35:57 | 000,070,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/08 10:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/11/08 10:35:56 | 000,079,720 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/08 10:35:56 | 000,035,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/08 10:35:55 | 000,269,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/08 10:35:53 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/08 10:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/11/08 10:35:13 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2013/11/08 10:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/11/08 10:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2013/11/08 10:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 11
[2013/11/08 10:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\COMMON FILES
[2013/11/08 10:31:48 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Malwarebytes
[2013/11/08 10:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/08 10:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/11/08 10:31:29 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Programs
[2013/11/08 10:31:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Macromedia
[2013/11/08 10:31:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Adobe
[2013/11/08 10:30:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2013/11/08 10:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/11/08 10:29:43 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Mozilla
[2013/11/08 10:29:43 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Mozilla
[2013/11/08 10:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/11/08 10:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/11/08 10:25:10 | 000,000,000 | ---D | C] -- C:\Windows\Intuit
[2013/11/08 10:25:03 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Sanford,_L.P
[2013/11/08 10:24:46 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Documents\DYMO Label
[2013/11/08 10:24:46 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\DYMO
[2013/11/08 10:18:15 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013/11/08 10:18:15 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013/11/08 10:18:09 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013/11/08 10:18:09 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013/11/08 10:18:09 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013/11/08 10:17:28 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\VirtualStore
[2013/11/08 10:17:25 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013/11/08 10:17:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\AppData\Local\Temporary Internet Files
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Templates
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Start Menu
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\SendTo
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Recent
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\PrintHood
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\NetHood
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Documents\My Videos
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Documents\My Pictures
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Documents\My Music
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\My Documents
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Local Settings
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\AppData\Local\History
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Cookies
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Application Data
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\AppData\Local\Application Data
[2013/11/08 10:17:21 | 000,000,000 | -H-D | C] -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/11/08 10:17:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Temp
[2013/11/08 10:17:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Microsoft
[2013/11/08 10:17:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\InstallShield
[2013/11/08 10:17:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Identities
[2013/11/08 10:17:20 | 000,000,000 | --SD | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Videos
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Searches
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Saved Games
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Pictures
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Music
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Links
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Favorites
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Downloads
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Documents
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Desktop
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Contacts
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/08 10:17:20 | 000,000,000 | -H-D | C] -- C:\Users\Juanita\AppData
[2013/11/08 10:17:05 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/11/06 18:34:58 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\Stationery
[2013/11/06 18:34:54 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\Quickbooks Customer Letters
[2013/11/06 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\Juanita's Letters
[2013/11/06 18:34:10 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\Juanita's Documents
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/21 09:29:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/21 09:29:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/21 09:29:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/21 09:28:59 | 2588,626,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/21 09:18:35 | 003,981,366 | ---- | M] () -- C:\Users\Juanita\Desktop\ScreenShot001.bmp
[2013/11/21 08:41:44 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/21 07:53:53 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 07:53:53 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 07:50:59 | 000,663,756 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/21 07:50:59 | 000,122,524 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/20 14:05:35 | 000,392,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/20 13:49:58 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/20 13:49:58 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/11/20 13:49:58 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/20 13:49:58 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/20 13:49:58 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/20 13:49:58 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/20 13:49:57 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/20 13:49:57 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/20 13:49:57 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/11/20 13:49:57 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/11/20 13:49:57 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/20 13:49:57 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/20 13:49:57 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/11/20 13:49:57 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/20 13:49:57 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/11/20 13:49:57 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/11/20 13:49:57 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/20 13:49:57 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/20 13:49:57 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/11/20 13:49:57 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/20 13:49:57 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/20 13:49:57 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/20 13:49:57 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/20 13:49:57 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/20 13:49:57 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/20 13:49:57 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/20 13:49:57 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/20 13:49:57 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/11/20 13:49:56 | 004,240,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/20 13:49:56 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/11/20 13:49:56 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/20 13:49:56 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/20 13:49:56 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/20 13:49:56 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/11/20 13:49:56 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/20 13:49:56 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/20 13:49:56 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013/11/20 13:49:56 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/20 13:49:56 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/11/20 13:49:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/20 13:49:56 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/20 13:49:56 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/20 13:49:56 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/20 13:49:56 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/11/20 10:33:37 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/19 05:21:30 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/11/15 09:16:10 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/11/15 09:14:35 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-JUANITADAVIS-Microsoft-Windows-7-Professional-(32-bit).dat
[2013/11/14 18:44:38 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/09 16:09:11 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/11/09 16:07:20 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/11/09 16:07:20 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/11/09 16:07:20 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/11/09 16:07:20 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/11/09 16:07:20 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/11/09 16:07:20 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/11/09 16:07:20 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/11/09 16:07:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/11/09 16:07:20 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/11/09 16:07:20 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/11/09 16:07:20 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/11/09 16:07:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/11/09 16:07:20 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/11/09 16:07:20 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/11/09 16:07:20 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/11/09 16:07:20 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/11/09 16:07:20 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/11/09 16:07:20 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/11/09 16:07:20 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/11/09 16:07:20 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/11/09 16:07:20 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/11/09 16:07:20 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/11/09 16:07:20 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/11/09 16:07:20 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/11/09 16:05:57 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/11/08 14:43:30 | 000,001,112 | ---- | M] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/11/08 14:28:54 | 000,003,029 | ---- | M] () -- C:\Users\Juanita\Desktop\Email.lnk
[2013/11/08 14:27:24 | 000,000,112 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/11/08 13:16:39 | 000,041,450 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013/11/08 12:05:51 | 000,001,233 | ---- | M] () -- C:\Users\Juanita\Desktop\Revo Uninstaller.lnk
[2013/11/08 11:27:27 | 000,002,399 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2013/11/08 11:27:27 | 000,002,292 | ---- | M] () -- C:\Users\Public\Desktop\Intuit QuickBooks Enterprise Solutions - Retail Edition 12.0.lnk
[2013/11/08 11:27:27 | 000,002,198 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2013/11/08 11:27:27 | 000,002,114 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2013/11/08 11:27:27 | 000,001,307 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk
[2013/11/08 11:15:14 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/11/08 11:15:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/11/08 11:02:06 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013/11/08 10:58:59 | 000,222,632 | ---- | M] () -- C:\Windows\MSUIGHUR.tt2
[2013/11/08 10:58:31 | 000,094,064 | ---- | M] () -- C:\Windows\LEELAWAD.tt2
[2013/11/08 10:58:31 | 000,093,836 | ---- | M] () -- C:\Windows\LEELAWDB.tt2
[2013/11/08 10:55:03 | 000,002,236 | ---- | M] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/08 10:43:11 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2013/11/08 10:39:19 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/08 10:35:54 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/08 10:35:54 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/08 10:35:54 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/08 10:35:54 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/08 10:35:54 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/08 10:35:54 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/08 10:35:54 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/08 10:35:53 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/08 10:35:53 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/08 10:29:39 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/08 10:26:30 | 000,001,418 | ---- | M] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/06 19:15:30 | 000,000,288 | ---- | M] () -- C:\Users\Juanita\Desktop\Credit reports.url
[2013/11/06 15:59:36 | 000,000,154 | ---- | M] () -- C:\Users\Juanita\Desktop\Flexsteel.URL
[2013/11/05 11:28:52 | 000,000,304 | ---- | M] () -- C:\Users\Juanita\Desktop\GE Site.URL
 
========== Files Created - No Company Name ==========
 
[2013/11/21 09:18:35 | 003,981,366 | ---- | C] () -- C:\Users\Juanita\Desktop\ScreenShot001.bmp
[2013/11/20 13:49:57 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/11/20 10:33:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/11/20 10:33:37 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/15 09:14:35 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-JUANITADAVIS-Microsoft-Windows-7-Professional-(32-bit).dat
[2013/11/09 16:31:18 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/11/09 08:07:16 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/11/08 14:28:54 | 000,003,029 | ---- | C] () -- C:\Users\Juanita\Desktop\Email.lnk
[2013/11/08 12:05:51 | 000,001,233 | ---- | C] () -- C:\Users\Juanita\Desktop\Revo Uninstaller.lnk
[2013/11/08 11:18:09 | 000,002,292 | ---- | C] () -- C:\Users\Public\Desktop\Intuit QuickBooks Enterprise Solutions - Retail Edition 12.0.lnk
[2013/11/08 11:16:07 | 000,002,399 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2013/11/08 11:16:07 | 000,002,198 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2013/11/08 11:16:07 | 000,002,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2013/11/08 11:16:07 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk
[2013/11/08 11:05:46 | 000,002,135 | ---- | C] () -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013/11/08 11:02:06 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/11/08 10:59:17 | 000,222,632 | ---- | C] () -- C:\Windows\MSUIGHUR.tt2
[2013/11/08 10:59:16 | 000,094,064 | ---- | C] () -- C:\Windows\LEELAWAD.tt2
[2013/11/08 10:59:16 | 000,093,836 | ---- | C] () -- C:\Windows\LEELAWDB.tt2
[2013/11/08 10:56:57 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/08 10:39:19 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/08 10:36:53 | 000,002,236 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/08 10:36:53 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/08 10:36:12 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/08 10:36:11 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/08 10:35:58 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/08 10:35:57 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/08 10:33:41 | 000,000,112 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/11/08 10:29:39 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/08 10:29:39 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/08 10:26:30 | 000,001,418 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/08 10:25:19 | 000,001,112 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/11/08 10:18:10 | 000,001,424 | ---- | C] () -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/08 10:17:22 | 000,000,290 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/11/08 10:17:22 | 000,000,272 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/11/06 18:38:04 | 000,000,288 | ---- | C] () -- C:\Users\Juanita\Desktop\Credit reports.url
[2013/11/06 18:38:00 | 000,000,338 | ---- | C] () -- C:\Users\Juanita\Desktop\Wells Fargo.url
[2013/11/06 18:37:54 | 000,000,222 | ---- | C] () -- C:\Users\Juanita\Desktop\Pioneer.url
[2013/11/06 18:37:50 | 000,000,304 | ---- | C] () -- C:\Users\Juanita\Desktop\GE Site.URL
[2013/11/06 18:36:15 | 000,000,154 | ---- | C] () -- C:\Users\Juanita\Desktop\Flexsteel.URL
[2013/11/06 18:36:02 | 000,318,021 | ---- | C] () -- C:\Users\Juanita\Desktop\thats-news10now-right-.jpg
[2013/11/06 18:35:50 | 000,000,540 | ---- | C] () -- C:\Users\Juanita\Desktop\Welcome To AshleyDirect.com.url
[2013/11/06 18:35:44 | 000,000,329 | ---- | C] () -- C:\Users\Juanita\Desktop\WLTW-FM Player.url
[2013/11/06 18:35:39 | 000,000,193 | ---- | C] () -- C:\Users\Juanita\Desktop\La-Z-Boy Partner Portal.url
[2013/05/31 05:31:00 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2013/05/31 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2013/05/31 05:30:58 | 000,000,186 | ---- | C] () -- C:\Windows\System32\Gsw32.exe.config
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 

Can't seem to paste screen shot of error message   it's a .bmp file Please send instructions on how to attach or post in reply


    Advertisements

Register to Remove


#26 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 21 November 2013 - 09:33 AM

Take another screenshot but this time save it as a .jpeg   

 

Then open a reply and select More Reply Options and this will open up a new screen.  On that new screen you will see a button labeled Choose File (browse to and select the .jpeg) and then press Attach This File.  Then just press Add Reply.


Posted Image
 
 

#27 morrisoncredit

morrisoncredit

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 21 November 2013 - 09:58 AM

Screen Shot attached

Attached Thumbnails

  • ScreenShot.jpg


#28 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 23 November 2013 - 09:07 AM

I don't believe that this is a malware related problem at this point but a software one.  I think that you would be better served to start a new topic in the Windows forum here at What the Tech and see what the techs there have to say.  They are much better prepared for an issue like this than I am to be quite honest.  When you start a new topic there, be sure to explain exactly what it is you are dealing with now and also to post a link to this topic as well so that they can see what we have been doing.


Posted Image
 
 

#29 morrisoncredit

morrisoncredit

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 26 November 2013 - 06:40 PM

Hi Jeff

 

I fixed the error by reinstalling Quickbooks....woo hoo.

 

Are there any other malware etc steps I should do?

 

 

 

Thanks



#30 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 November 2013 - 06:57 PM

Hi,

 

Jeff is away , hope you dont mind me stepping in for him.

 

Everything ok, no more error messages , browser redirects ?


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users