Need Help, mother in law has S&P on her computer

ImScrewed · August 09, 2014, 10:55:52 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 1.6.0_26
Run by vicki at 15:53:57 on 2014-08-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2000 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Users\vicki\AppData\Roaming\mjusbsp\magicJack.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [cdloader] "C:\Users\vicki\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HowToSimplified_8e Browser Plugin Loader 64] C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8ebrmon64.exe
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\vicki\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{58A47C31-49D8-4636-AD7F-24A270AD3946} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-10 55280]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-10 92160]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-5-11 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-4-2 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-6-27 72216]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2013-11-14 232192]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 133928]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-10 1692480]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2014-8-6 35840]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-20 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-8 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-15 122584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-15 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-15 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-20 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-08-09 19:51:44   10924376   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C80A5E2B-DE9A-4484-B950-8D33DD9EA5EF}\mpengine.dll
2014-08-08 19:51:52   10924376   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-06 23:08:14   35840   ----a-r-   C:\Windows\System32\drivers\BVRPMPR5a64.SYS
2014-08-06 23:05:31   --------   d-----w-   C:\Netgear
2014-08-05 21:53:28   --------   d-----w-   C:\Users\vicki\AppData\Local\{7376FBC1-4265-4536-B8A8-C5F25837F852}
2014-08-03 00:12:15   1031560   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D72AED15-7B0A-4636-ABE5-70A9D9029A8A}\gapaengine.dll
2014-08-01 21:51:02   --------   d-----w-   C:\Users\vicki\AppData\Local\{A53EB15B-0E0D-4665-B411-3E4E05FA4D75}
.
==================== Find3M ====================
.
2014-07-18 19:44:47   107368   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll
2014-07-18 19:44:46   92488   ----a-w-   C:\Windows\System32\LMIinit.dll
2014-07-18 19:44:46   35656   ----a-w-   C:\Windows\System32\LMIport.dll
2014-07-09 04:13:23   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 04:13:23   699056   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-30 02:09:33   519168   ----a-w-   C:\Windows\System32\aepdu.dll
2014-06-30 02:04:49   424448   ----a-w-   C:\Windows\System32\aeinv.dll
2014-06-19 01:06:55   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57   548352   ----a-w-   C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16   83968   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53   752640   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04   38400   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38   5721088   ----a-w-   C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40   455168   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55   62464   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45   1249280   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07   2040832   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40   592896   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10   32256   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27   2266112   ----a-w-   C:\Windows\System32\wininet.dll
2014-06-18 22:52:18   4254720   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23   1068032   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59   1964544   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59   1791488   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-06-18 09:57:33   122584   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-18 02:18:30   692736   ----a-w-   C:\Windows\System32\osk.exe
2014-06-18 01:51:32   646144   ----a-w-   C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36   3157504   ----a-w-   C:\Windows\System32\win32k.sys
2014-06-07 05:47:57   107368   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2014-06-06 10:10:34   624128   ----a-w-   C:\Windows\System32\qedit.dll
2014-06-06 09:44:17   509440   ----a-w-   C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15   1460736   ----a-w-   C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2014-05-30 08:08:52   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47   340992   ----a-w-   C:\Windows\System32\schannel.dll
2014-05-30 08:08:41   314880   ----a-w-   C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41   307200   ----a-w-   C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31   22016   ----a-w-   C:\Windows\System32\credssp.dll
2014-05-30 07:52:51   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45   247808   ----a-w-   C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41   220160   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52   497152   ----a-w-   C:\Windows\System32\drivers\afd.sys
2014-05-12 14:26:10   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-05-12 14:26:00   91352   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 14:25:56   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 15:54:34.27 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/13/2009 5:07:53 PM
System Uptime: 8/5/2014 12:40:32 PM (99 hours ago)
.
Motherboard: Dell Inc. | | 0U880P
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2603/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 532.256 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP1170: 6/20/2014 3:28:15 AM - Windows Update
RP1171: 6/24/2014 3:27:57 AM - Windows Update
RP1172: 6/28/2014 3:27:51 AM - Windows Update
RP1173: 7/2/2014 3:27:41 AM - Windows Update
RP1174: 7/6/2014 2:17:54 AM - Windows Update
RP1175: 7/9/2014 3:00:14 AM - Windows Update
RP1176: 7/12/2014 3:31:42 AM - Windows Update
RP1177: 7/16/2014 3:31:39 AM - Windows Update
RP1178: 7/20/2014 2:17:26 AM - Windows Update
RP1179: 7/23/2014 3:31:46 AM - Windows Update
RP1180: 7/24/2014 3:00:10 AM - Windows Update
RP1181: 7/28/2014 3:31:18 AM - Windows Update
RP1182: 8/1/2014 5:58:38 PM - Windows Update
RP1183: 8/7/2014 3:00:12 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Reader X (10.1.10)
Adobe Shockwave Player 11.5
Around the World in 80 Days (remove only)
BufferChm
BVHE-Beauty and the Beast Magical Ballroom
C309g-m
Compatibility Pack for the 2007 Office system
Cook'n
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Destinations
DeviceDiscovery
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Premium C309g-m All-in-One Driver Software 13.0 Rel. 6
HP Print Projects 1.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Intel(R) Graphics Media Accelerator Driver
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 14 (64-bit)
Java(TM) 6 Update 26
Junk Mail filter update
LogMeIn
magicJack
Malwarebytes Anti-Malware version 2.0.2.1012
Manuals Finder
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR Genie
Network64
PowerDVD DX
PS_AIO_06_C309g-m_SW_Min
QuickTime
Realtek High Definition Audio Driver
Robots Print Studio
Roxio Burn
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Spirit (remove only)
Status
Toolbox
TrayApp
Unity Web Player
Updater
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Yahoo! Install Manager
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
8/6/2014 4:08:14 PM, Error: Service Control Manager [7000] - The BVRPMPR5a64 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
8/6/2014 12:54:03 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.179.2127.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.10802.0    Error code: 0x8024402c    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/5/2014 12:42:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
.
==== End Of File ===========================

ImScrewed · August 09, 2014, 10:58:06 PM

Results of screen317's Security Check version 0.99.86
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java(TM) 6 Update 26
Java version out of Date!
Adobe Reader 10.1.10 Adobe Reader out of Date!
Google Chrome 32.0.1700.72
Google Chrome 32.0.1700.76
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

Corrine · August 09, 2014, 11:37:22 PM

We'll deal with Adobe Reader later but first, let's take care of the vulnerable versions of Java installed on the computer.

1. Fortunately, Microsoft will start blocking outdated ActiveX controls on Windows 7 & IE 8-11 with the security update on August 12. In the meantime, uninstall the following:

Java(TM) 6 Update 14 (64-bit)
Java(TM) 6 Update 26

Although mot people do not need Java on their computer, in the event a game or website requires it, you can install the latest version for your mother-in-law from Download Java for Windows. If you do install it, UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

2. Please follow these instructions carefully. Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.

ImScrewed · August 10, 2014, 12:09:45 AM

I also want to mention her computer is really slow at booting, and that the internet and everything else runs really slow as well. Thanks Corrine.

ComboFix 14-08-06.02 - vicki 08/09/2014 16:56:04.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2201 [GMT -7:00]
Running from: c:\users\vicki\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
c:\users\vicki\AppData\Roaming\DataSafeDotNet.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-07-10 to 2014-08-10 )))))))))))))))))))))))))))))))
.
.
2014-08-09 23:50 . 2014-08-09 23:50   --------   d-----w-   c:\programdata\Oracle
2014-08-09 23:50 . 2014-08-09 23:50   --------   d-----w-   c:\program files (x86)\Common Files\Java
2014-08-09 23:50 . 2014-08-09 23:50   98216   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-09 23:50 . 2014-08-09 23:50   --------   d-----w-   c:\program files (x86)\Java
2014-08-09 19:51 . 2014-07-02 03:09   10924376   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C80A5E2B-DE9A-4484-B950-8D33DD9EA5EF}\mpengine.dll
2014-08-08 19:51 . 2014-07-02 03:09   10924376   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-06 23:08 . 2011-06-23 04:03   35840   ----a-r-   c:\windows\system32\drivers\BVRPMPR5a64.SYS
2014-08-06 23:05 . 2014-08-07 00:39   --------   d-----w-   C:\Netgear
2014-08-03 00:12 . 2014-05-03 10:28   1031560   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D72AED15-7B0A-4636-ABE5-70A9D9029A8A}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-18 19:44 . 2012-06-28 03:43   107368   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll
2014-07-18 19:44 . 2012-06-28 03:43   35656   ----a-w-   c:\windows\system32\LMIport.dll
2014-07-18 19:44 . 2012-06-28 03:43   92488   ----a-w-   c:\windows\system32\LMIinit.dll
2014-07-09 10:01 . 2010-01-06 05:33   96441528   ----a-w-   c:\windows\system32\MRT.exe
2014-07-09 04:13 . 2012-05-18 02:25   699056   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 04:13 . 2011-06-11 23:17   71344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-30 02:09 . 2014-07-09 01:00   519168   ----a-w-   c:\windows\system32\aepdu.dll
2014-06-30 02:04 . 2014-07-09 01:00   424448   ----a-w-   c:\windows\system32\aeinv.dll
2014-06-20 20:14 . 2014-07-09 01:00   266424   ----a-w-   c:\windows\system32\iedkcs32.dll
2014-06-19 01:39 . 2014-07-09 01:00   23464448   ----a-w-   c:\windows\system32\mshtml.dll
2014-06-19 01:06 . 2014-07-09 01:00   2724864   ----a-w-   c:\windows\system32\mshtml.tlb
2014-06-19 01:06 . 2014-07-09 01:00   4096   ----a-w-   c:\windows\system32\ieetwcollectorres.dll
2014-06-19 00:48 . 2014-07-09 01:00   2768384   ----a-w-   c:\windows\system32\iertutil.dll
2014-06-19 00:42 . 2014-07-09 01:00   548352   ----a-w-   c:\windows\system32\vbscript.dll
2014-06-19 00:42 . 2014-07-09 01:00   66048   ----a-w-   c:\windows\system32\iesetup.dll
2014-06-19 00:41 . 2014-07-09 01:00   48640   ----a-w-   c:\windows\system32\ieetwproxystub.dll
2014-06-19 00:41 . 2014-07-09 01:00   83968   ----a-w-   c:\windows\system32\MshtmlDac.dll
2014-06-19 00:32 . 2014-07-09 01:00   51200   ----a-w-   c:\windows\system32\jsproxy.dll
2014-06-19 00:31 . 2014-07-09 01:00   33792   ----a-w-   c:\windows\system32\iernonce.dll
2014-06-19 00:26 . 2014-07-09 01:00   598016   ----a-w-   c:\windows\system32\ieui.dll
2014-06-19 00:24 . 2014-07-09 01:00   139264   ----a-w-   c:\windows\system32\ieUnatt.exe
2014-06-19 00:24 . 2014-07-09 01:00   111616   ----a-w-   c:\windows\system32\ieetwcollector.exe
2014-06-19 00:23 . 2014-07-09 01:00   752640   ----a-w-   c:\windows\system32\jscript9diag.dll
2014-06-19 00:14 . 2014-07-09 01:00   940032   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 00:09 . 2014-07-09 01:00   452608   ----a-w-   c:\windows\system32\dxtmsft.dll
2014-06-18 23:59 . 2014-07-09 01:00   38400   ----a-w-   c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 23:56 . 2014-07-09 01:00   2724864   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2014-06-18 23:53 . 2014-07-09 01:00   195584   ----a-w-   c:\windows\system32\msrating.dll
2014-06-18 23:51 . 2014-07-09 01:00   5721088   ----a-w-   c:\windows\system32\jscript9.dll
2014-06-18 23:50 . 2014-07-09 01:00   85504   ----a-w-   c:\windows\system32\mshtmled.dll
2014-06-18 23:48 . 2014-07-09 01:00   292864   ----a-w-   c:\windows\system32\dxtrans.dll
2014-06-18 23:39 . 2014-07-09 01:00   608768   ----a-w-   c:\windows\system32\ie4uinit.exe
2014-06-18 23:38 . 2014-07-09 01:00   455168   ----a-w-   c:\windows\SysWow64\vbscript.dll
2014-06-18 23:37 . 2014-07-09 01:00   61952   ----a-w-   c:\windows\SysWow64\iesetup.dll
2014-06-18 23:36 . 2014-07-09 01:00   51200   ----a-w-   c:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35 . 2014-07-09 01:00   62464   ----a-w-   c:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:33 . 2014-07-09 01:00   631808   ----a-w-   c:\windows\system32\msfeeds.dll
2014-06-18 23:27 . 2014-07-09 01:00   1249280   ----a-w-   c:\windows\system32\mshtmlmedia.dll
2014-06-18 23:27 . 2014-07-09 01:00   2040832   ----a-w-   c:\windows\system32\inetcpl.cpl
2014-06-18 23:23 . 2014-07-09 01:00   112128   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22 . 2014-07-09 01:00   592896   ----a-w-   c:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06 . 2014-07-09 01:00   32256   ----a-w-   c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58 . 2014-07-09 01:00   2266112   ----a-w-   c:\windows\system32\wininet.dll
2014-06-18 22:52 . 2014-07-09 01:00   4254720   ----a-w-   c:\windows\SysWow64\jscript9.dll
2014-06-18 22:51 . 2014-07-09 01:00   13527040   ----a-w-   c:\windows\system32\ieframe.dll
2014-06-18 22:46 . 2014-07-09 01:00   1068032   ----a-w-   c:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45 . 2014-07-09 01:00   1964544   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:34 . 2014-07-09 01:00   1393664   ----a-w-   c:\windows\system32\urlmon.dll
2014-06-18 22:15 . 2014-07-09 01:00   846336   ----a-w-   c:\windows\system32\ieapfltr.dll
2014-06-18 22:13 . 2014-07-09 01:00   1791488   ----a-w-   c:\windows\SysWow64\wininet.dll
2014-06-18 09:57 . 2014-06-15 22:30   122584   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-18 02:18 . 2014-07-09 01:00   692736   ----a-w-   c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 01:00   646144   ----a-w-   c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-09 01:00   3157504   ----a-w-   c:\windows\system32\win32k.sys
2014-06-07 05:47 . 2012-06-28 03:43   107368   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-06-06 10:10 . 2014-07-09 01:00   624128   ----a-w-   c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 01:00   509440   ----a-w-   c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 00:59   1460736   ----a-w-   c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 00:59   22016   ----a-w-   c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 00:59   96768   ----a-w-   c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 01:00   210944   ----a-w-   c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 01:00   86528   ----a-w-   c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 01:00   340992   ----a-w-   c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 01:00   314880   ----a-w-   c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 01:00   307200   ----a-w-   c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 01:00   728064   ----a-w-   c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 01:00   22016   ----a-w-   c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 01:00   172032   ----a-w-   c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 01:00   65536   ----a-w-   c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 01:00   247808   ----a-w-   c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 01:00   220160   ----a-w-   c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 01:00   259584   ----a-w-   c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 01:00   550912   ----a-w-   c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 01:00   17408   ----a-w-   c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 01:00   497152   ----a-w-   c:\windows\system32\drivers\afd.sys
2014-05-12 14:26 . 2014-06-15 22:30   63704   ----a-w-   c:\windows\system32\drivers\mwac.sys
2014-05-12 14:26 . 2014-06-15 22:30   91352   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 14:25 . 2014-06-15 22:30   25816   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\vicki\AppData\Roaming\mjusbsp\cdloader2.exe" [2014-07-04 51592]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2013-11-14 602880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-24 560128]
.
c:\users\vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NPF
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 07:02 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 04:13]
.
2014-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 22:57]
.
2014-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 22:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-02 7834656]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-HowToSimplified_8e Browser Plugin Loader 64 - c:\program files (x86)\HowToSimplified_8e\bar\1.bin\8ebrmon64.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{B7380195-94FE-44CD-91A5-06F6D56E202A} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2450059134-425265546-2111175798-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2450059134-425265546-2111175798-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2014-08-09 17:07:30 - machine was rebooted
ComboFix-quarantined-files.txt 2014-08-10 00:07
.
Pre-Run: 570,703,400,960 bytes free
Post-Run: 572,573,499,392 bytes free
.
- - End Of File - - B275EE2E17FCCFFE621EBEEFDF882C6A
CDB4DE4BBD714F152979DA2DCBEF57EB

Corrine · August 10, 2014, 12:42:02 AM

There are some unnecessary start up programs but that wouldn't make web surfing slow.

Please download Adware Cleaner by Xplode. Please save it to your desktop!

Close all open programs and internet browsers.
Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
Click the Scan button.
AdwCleaner will begin. Be patient as the scan may take some time to complete.
After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

ImScrewed · August 10, 2014, 12:53:54 AM

It also will not go through with important windows updates.

# AdwCleaner v3.304 - Report created 09/08/2014 at 17:49:33
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : vicki - VICKI-PC
# Running from : C:\Users\vicki\Desktop\adwcleaner_3.304.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\RHelpers
Folder Deleted : C:\ProgramData\Updater
Folder Deleted : C:\Users\vicki\AppData\Local\iac
Folder Deleted : C:\Users\vicki\AppData\Local\SearchProtect
Folder Deleted : C:\Users\vicki\AppData\LocalLow\iac
Folder Deleted : C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2302555
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\vicki\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319614&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP614B9166-7014-4819-B331-A70DD558E1BB&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [3074 octets] - [09/08/2014 17:48:22]
AdwCleaner[S0].txt - [2836 octets] - [09/08/2014 17:49:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2896 octets] ##########

Corrine · August 10, 2014, 02:30:02 AM

The log shows that System Restore points were created by Windows Update recently. Are you saying that some updates install but others report an error?

1. Please download Junkware Removal Tool to your desktop.

Disable your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

2. Please follow the instructions below to run an on-line scan from ESET. Note that it may take some time so get a cup of tea or coffee and plan on doing something else for a while. :)

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
- Hold down Control and click on this link to open ESET OnlineScan in a new window so you can refer to these instructions.
- Click the green ESET Online Scanner box.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  - Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  - Double click on the Eset Smart Installer icon on your desktop.
- Check "YES, I accept the Terms of Use."
- Click the Start button.
- Accept any security warnings from your browser.
- Under scan settings, check "Scan Archives" and "Remove found threats"
- Click Advanced settings and select the following:
  - Scan potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth technology
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click List Threats
- Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- Click the Back button.
- Click the Finish button.

SellieS · August 11, 2014, 02:27:07 AM

Would you tell me what S&P stands for?

Thanks,
Ellie

winchester73 · August 11, 2014, 11:14:56 AM

Quote from: SellieS on August 11, 2014, 02:27:07 AM
Would you tell me what S&P stands for?

Thanks,
Ellie

I was going to ask the same question, then saw Conduit SearchProtect showing up in the logs :D

ImScrewed · August 31, 2014, 08:06:09 PM

I got the JRT log but ESET will not start... After I click start, it says that it wants to install an add-on, so I hit install - then it doesn't do anything. It reloads the page.

Corrine · August 31, 2014, 08:30:36 PM

Please post the JRT log.

What browser are you using to do the ESET scan?