Jump to content

jello4j

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    St. Louis, Missouri - USA
  1. Ok, it is getting really bad. I fixed the screen resolution issue by changing the user settings for the video card. But here are the issues that seem to be worse since the "fix process". The CPU is constantly running at 100%. My GUESS is that there is a Rootkit issue, or a SVChost.exe problem happening. Attached are some screen shots of my task manager processes. I'm concerned about the ones called RasMan, TapiSRV, and W32Time..... among several others. Pics to follow in other posts.
  2. Post 4 of 4: Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-07-2014 Ran by Jeff M at 2014-07-28 20:02:21 Running from C:\Users\Jeff M\Desktop\Virus Scan Tools and Logs\FRST\FRST-OlderVersion Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 8.1.4 - Hewlett-Packard) Hidden 470_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden 470_Readme (Version: 1.00.0000 - Hewlett-Packard) Hidden Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated) Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden Acronis True Image Home (HKLM\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7046 - Acronis) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated) Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Amazon Cloud Drive (HKCU\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon) Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) Amazon MP3 Downloader 1.0.15 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC) Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASPCA Reminder by We-Care.com v4.1.21.1 (HKLM\...\{A6558E2A-FAF9-4570-AA49-6328D0354517}) (Version: 4.1.21.1 - We-Care.com) AVS Image Converter 1.1.3.71 (HKLM\...\AVS Image Converter_is1) (Version: - Online Media Technologies Ltd.) AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) BBSAK (HKLM\...\{E8289E29-F9E1-4F3F-B50E-461529A6DCA7}) (Version: 1.7 - JMT Labs Inc.) Belarc Advisor 8.3 (HKLM\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.) BlackBerry App World Browser Plugin (HKLM\...\{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}) (Version: 3.0.1.2 - Research In Motion Limited) BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.) BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden BPDSoftware (Version: 130.0.000.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden Brother MFL-Pro Suite MFC-7460DN (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.0.0 - Brother Industries, Ltd.) Camera Window DS (Version: 5.3.1 - Canon) Hidden Canon Camera Window DSLR 5 for ZoomBrowser EX (HKLM\...\InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}) (Version: 5.3.1 - Canon) Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.) Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.) Canon PhotoRecord (HKLM\...\{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}) (Version: 02.02.03002 - Cisra) Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}) (Version: 2.2 - Canon) Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.) Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.12.0.0 - Canon Inc.) Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.) Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}) (Version: 3.1.16 - Canon) Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform) CDDRV_Installer (Version: 4.60 - Logitech) Hidden CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft) Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.) D-Link DWA-131 Wireless N Nano USB Adapter (HKLM\...\{D9198056-A296-4583-A790-C0E73694CFE8}) (Version: - D-Link) Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.) EOSInfo (HKLM\...\{CC23FF9A-989C-4DEB-8970-50E6E4862315}) (Version: 0.2.0 - astrojargon.net) Epub2Pdf version 1.40.5 (HKLM\...\{A49328DE-FAB8-41B9-9377-AA65FDE8283C}_is1) (Version: 1.40.5 - Epubor) erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Free Video to MP3 Converter version 4.2.20.421 (HKLM\...\Free Video to MP3 Converter_is1) (Version: - DVDVideoSoft Limited.) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Gmail Notifier (HKLM\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version: - Google Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden H470 (Version: 130.0.000.000 - Hewlett-Packard) Hidden HandBrake 0.9.9 (HKLM\...\HandBrake) (Version: 0.9.9 - ) Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden High-Definition Video Playback 10 (Version: 7.0.11400.29.0 - Nero AG) Hidden HP OfficeJet H470 (HKLM\...\{2B71BB94-F52C-4EF2-85E8-45E63296EDF2}) (Version: 13.0 - HP) HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard) HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan) Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle) KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden Linksys Dual Band Wireless-N Notebook Adapter (HKLM\...\{8465C2C2-E744-4895-8A83-1E93B070738B}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.) Linksys EasyLink Advisor (HKLM\...\Linksys EasyLink Advisor) (Version: - Linksys By Cisco Systems) Linksys EasyLink Advisor (Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden Linksys Wireless-N Notebook Adapter Driver - WPC300N (HKLM\...\{02AC211F-0026-4D6D-A5D8-429F94C86181}) (Version: 1.10.0416 - Linksys, A Division of Cisco Systems, Inc.) Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MessageViewer Pro 3.1.11 (HKCU\...\MessageViewer Pro) (Version: 3.1.11 - Encryptomatic, LLC) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Location Finder (HKLM\...\{9D18F7F8-B984-4249-8512-CC621BC59F12}) (Version: 1.2.0 - Microsoft Corporation) Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Streets & Trips 2011 (HKLM\...\{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}) (Version: 18.0.1 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels) Nero 10 Menu TemplatePack Basic (Version: 10.0.10600.6.0 - Nero AG) Hidden Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0 - Nero AG) Hidden Nero BackItUp 10 (HKLM\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG) Nero BackItUp 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG) Nero BurningROM 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG) Nero BurnRights 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero Control Center 10 (Version: 10.0.12000.1.4 - Nero AG) Hidden Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden Nero Core Components 10 (Version: 2.0.13700.0.1 - Nero AG) Hidden Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG) Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.0.10700.9.100 - Nero AG) Nero DiscCopyGadget 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG) Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero Dolby Files 10 (Version: 2.0.11000.0.10 - Nero AG) Hidden Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG) Nero Express 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG) Nero InfoTool 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero MediaHub 10 (HKLM\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG) Nero MediaHub 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG) Nero Recode 10 (HKLM\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG) Nero Recode 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG) Nero RescueAgent 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden Nero SoundTrax 10 (HKLM\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG) Nero SoundTrax 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG) Nero StartSmart 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden Nero Vision 10 (HKLM\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG) Nero Vision 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero WaveEditor 10 (HKLM\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG) Nero WaveEditor 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Network (Version: 130.0.579.000 - Hewlett-Packard) Hidden Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) NVIDIA Control Panel 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation) NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation) NVIDIA nView Desktop Manager (Version: 6.14.10.12561 - NVIDIA Corporation) Hidden Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - ) PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.) PhotoStitch (Version: 3.1.16 - Canon) Hidden Plus Pack for Acronis True Image Home 2010 (HKLM\...\{4C556B5C-8EF7-47B4-AE05-FE71EEB2C25B}) (Version: 13.0.7046 - Acronis) ProductContext (Version: 130.0.000.000 - Hewlett-Packard) Hidden Pure Networks Platform (Version: 11.1.9051.0 - Pure Networks) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) RAW Image Task 2.2 (Version: 2.2 - Canon) Hidden Revo Uninstaller 1.87 (HKLM\...\Revo Uninstaller) (Version: 1.87 - VS Revo Group) Scansoft PDF Professional (Version: - ) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.1 - IObit) SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden SnagIt 6 (HKLM\...\SnagIt6) (Version: 6.1 - TechSmith Corporation) System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - ) Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.) WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH) Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{326787D9-37B9-47A6-B539-EE13E7B04B8B}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{53DBCD97-3FDF-4B60-975B-2596B57482EF}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\BBWebSLLauncher.dll (Research In Motion Limited) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\JEFFM~1\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe N (the data entry has 6 more characters). CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{82D1C283-A637-4A07-B1EC-8C7AE661EAF1}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{CAFCE71A-72F0-41AD-A8A4-4F70CDD72381}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll (Research In Motion Limited) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 09-07-2014 08:01:41 Windows Update 12-07-2014 15:09:06 Windows Update 15-07-2014 22:14:43 Windows Update 17-07-2014 23:02:11 Removed Microsoft Access database engine 2010 (English) 19-07-2014 01:10:13 Windows Update 23-07-2014 00:56:09 Windows Update 24-07-2014 12:23:43 Windows Update 27-07-2014 16:29:39 Removed Secure Download Manager 27-07-2014 17:48:13 zoek.exe restore point 28-07-2014 04:50:09 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:04 - 2014-07-07 21:10 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {036AFE72-38E7-423C-958C-0BA6F92EFF43} - System32\Tasks\{624015A0-6064-4478-BE78-16D97630780E} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe Task: {11091284-5321-4C1C-B882-5E645A04A8A9} - System32\Tasks\{A979F251-9955-4A69-9C95-FB746D514E2D} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe Task: {13148F73-4D89-47C1-AC33-47B9E20021DA} - System32\Tasks\{EB2FDF4E-C7A5-4E82-9B15-527B131052AF} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe Task: {18ED7E63-C4CB-470F-9A02-914E1EE86EFB} - \Optimizer Pro Schedule No Task File <==== ATTENTION Task: {198D2B6A-A19C-4893-8712-1EB184F7E0E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe Task: {1BC7E7C2-6B54-46E8-BB47-D995CB951551} - \Updater21804.exe No Task File <==== ATTENTION Task: {24554F0B-BA6C-46BE-9592-09AE4C1644C5} - System32\Tasks\{1F91C1DD-F862-4E3A-9612-60789B4AD8A9} => C:\Program Files\TouchpadPal\TouchpadPal.exe Task: {2D434D09-CB97-4245-B5E2-DDBB586F6D54} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {3C0A29D0-4423-44C5-85ED-DEAEDA5BA6EA} - System32\Tasks\{C81729C5-366A-4531-8E68-696BC5F1D731} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe Task: {4EEB5801-B8EC-402B-881D-AA6C9546D9A4} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-03-10] (IObit) Task: {573E1049-DBDC-4DB6-95C1-089A6D511728} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {71F9E3DB-7604-45E6-915E-AA23014049ED} - System32\Tasks\{A4AA02CD-1633-4C40-BBE0-5C0AD9F705B7} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {813E0829-8EC7-4A23-93F2-6B84CB3B27D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-22] (Adobe Systems Incorporated) Task: {9BBB17A7-D7BF-4AD6-9781-2491B0F75B1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe Task: {B01D6922-3804-42B2-88D2-7C91E127A3B0} - System32\Tasks\EnergoTech Update => C:\ProgramData\EnergoTech\update.exe [2014-07-04] (EnergoTech LLC) Task: {B673599C-36EB-43D1-BA7D-3E1C4F2AF8C0} - System32\Tasks\{C72C8CCD-CE97-4A64-B922-518492161262} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe Task: {BED95BEC-7FC1-4EDC-A458-D92217C3C419} - System32\Tasks\{99F185FB-9172-4EF8-913C-6997613EC37A} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe Task: {C751F892-2400-4278-83E2-35B5B7CC011C} - System32\Tasks\GPUP => C:\Program Files\GetPrivate\gpup.exe Task: {CAAD75CF-DDD1-4B8C-9164-322224819500} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] () Task: {CB1E31CE-D6E4-45F2-A945-8CC31536B7E8} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe [2014-03-10] (IObit) Task: {EF0542D7-ECA9-4EDA-BE14-EC3715FA75C0} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-07-21 21:24 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll 2014-01-26 12:06 - 2013-08-29 18:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2011-04-24 22:24 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll 2014-01-20 22:45 - 2012-09-05 18:55 - 00892288 _____ () C:\Program Files\IObit\Smart Defrag 3\webres.dll 2008-12-12 18:11 - 2008-12-12 18:11 - 00148480 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll 2008-12-12 18:11 - 2008-12-12 18:11 - 00097280 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll 2012-06-04 21:28 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll 2011-06-18 13:40 - 2008-06-26 19:09 - 00167936 _____ () C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe 2010-01-25 23:28 - 2009-07-20 13:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll 2014-07-28 16:42 - 2014-07-28 16:42 - 00043008 _____ () c:\users\jeffm~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprpihkj.dll 2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\libcef.dll 2014-01-04 23:32 - 2014-07-28 16:42 - 00046080 _____ () C:\Users\Jeff M\AppData\Local\Apps\2.0\RW9C72G5.VK3\0C0ATDG0.MHV\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll 2014-07-27 13:56 - 2014-07-27 13:56 - 00541696 _____ () C:\Users\Jeff M\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk => C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup ==================== Faulty Device Manager Devices ============= Name: BDVEDISK Description: BDVEDISK Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: BDVEDISK Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Intel® PRO/Wireless 3945ABG Network Connection Description: Intel® PRO/Wireless 3945ABG Network Connection Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: netw5v32 Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (07/28/2014 05:16:59 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/28/2014 05:16:49 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/28/2014 05:16:22 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/27/2014 11:47:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (07/27/2014 11:47:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (07/27/2014 09:56:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (07/27/2014 09:56:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (07/27/2014 05:37:52 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/27/2014 05:37:29 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/27/2014 05:36:54 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (07/28/2014 04:44:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (07/28/2014 04:42:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Linksys Updater service terminated unexpectedly. It has done this 1 time(s). Error: (07/28/2014 04:42:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: bdfsfltr PxHelp20 Error: (07/28/2014 04:41:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BDVEDISK service failed to start due to the following error: %%3 Error: (07/28/2014 04:41:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Security Shield 2010 Virus Shield service failed to start due to the following error: %%2 Error: (07/27/2014 11:41:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (07/27/2014 11:39:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Linksys Updater service terminated unexpectedly. It has done this 1 time(s). Error: (07/27/2014 11:39:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: bdfsfltr PxHelp20 Error: (07/27/2014 11:39:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BDVEDISK service failed to start due to the following error: %%3 Error: (07/27/2014 11:38:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Security Shield 2010 Virus Shield service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (07/28/2014 05:16:59 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe Error: (07/28/2014 05:16:49 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe Error: (07/28/2014 05:16:22 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe Error: (07/27/2014 11:47:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/27/2014 11:47:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (07/27/2014 09:56:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/27/2014 09:56:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (07/27/2014 05:37:52 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe Error: (07/27/2014 05:37:29 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe Error: (07/27/2014 05:36:54 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe CodeIntegrity Errors: =================================== Date: 2013-11-07 20:35:55.814 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 20:35:55.624 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 20:35:55.432 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 20:35:55.243 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 20:35:55.041 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 20:35:54.850 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 19:56:42.745 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 19:56:42.552 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 19:56:42.234 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 19:56:41.912 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 42% Total physical RAM: 3581.97 MB Available physical RAM: 2045.04 MB Total Pagefile: 7162.23 MB Available Pagefile: 5404.03 MB Total Virtual: 2047.88 MB Available Virtual: 1920.14 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:297.99 GB) (Free:184.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Seagate Expansion 1TB) (Fixed) (Total:931.51 GB) (Free:764.39 GB) NTFS Drive f: () (Removable) (Total:1.88 GB) (Free:0.85 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 9000D87E) Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 932 GB) (Disk ID: 472BDCBC) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 2 GB) (Disk ID: 04DD5721) Partition 1: (Active) - (Size=2 GB) - (Type=06) ==================== End Of Log ============================
  3. Post 3 of 4: Here are the logs in separate posts.... Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014 Ran by Jeff M (administrator) on JEFFM-PC on 28-07-2014 20:01:24 Running from C:\Users\Jeff M\Desktop\Virus Scan Tools and Logs\FRST\FRST-OlderVersion Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Google Inc.) C:\Program Files\Google\Gmail Notifier\gnotify.exe (Nero AG) C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (IObit) C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe () C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Microsoft Corporation) C:\Program Files\Microsoft Location Finder\LocationFinder.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (Dropbox, Inc.) C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\Dropbox.exe (Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe (Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Amazon Digital Services, LLC.) C:\Users\Jeff M\AppData\Local\Apps\2.0\RW9C72G5.VK3\0C0ATDG0.MHV\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Sun Microsystems, Inc.) C:\Users\Jeff M\AppData\Local\Apps\2.0\RW9C72G5.VK3\0C0ATDG0.MHV\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-13] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-971228617-1270584449-2651310907-1000\...\Run: [Microsoft Location Finder] => C:\Program Files\Microsoft Location Finder\LocationFinder.exe [101080 2005-08-24] (Microsoft Corporation) HKU\S-1-5-21-971228617-1270584449-2651310907-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms () Startup: C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE2CF55B3E47CCB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592 FF NewTab: hxxp://www.google.com/ FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll No File FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll () FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: Copy Plain Text 2 - C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\Extensions\copyplaintext@teo.pl.xpi [2013-09-14] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-09] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [751464 2010-03-27] (Acronis) R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-06-15] (Acronis) R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed] R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [86606 2005-06-02] (Canon Inc.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-23] (Hewlett-Packard Co.) [File not signed] S2 LinksysUpdater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed] S2 LIVESRV; C:\Program Files\Common Files\Security Shield\Security Shield Update Service\livesrv.exe [325120 2011-05-03] (BitDefender S.R.L.) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed] S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [642856 2008-12-12] (Cisco Systems, Inc.) R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed] R2 WlanWpsSvc; C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed] S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 VSSERV; "C:\Program Files\Security Shield\Security Shield 2010\vsserv.exe" /service [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [50688 2009-07-13] (Microsoft Corporation) S3 CBPSp50; C:\Windows\System32\Drivers\CBPSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro) S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2008-12-12] (Cisco Systems, Inc.) R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2008-12-12] (Cisco Systems, Inc.) S3 ser2plms; C:\Windows\System32\DRIVERS\ser2plms.sys [42240 2010-07-07] (Prolific Technology Inc.) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit) R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2010-06-15] (Acronis) R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-22] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-22] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-22] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-09-22] (Microsoft Corporation) S3 WPC600N; C:\Windows\System32\DRIVERS\WPC600N.sys [691192 2007-06-21] (Broadcom Corporation) S3 BDFM; system32\DRIVERS\bdfm.sys [X] S0 bdfsfltr; system32\DRIVERS\bdfsfltr.sys [X] S3 BDSelfPr; \??\C:\Program Files\Security Shield\Security Shield 2010\bdselfpr.sys [X] S2 BDVEDISK; \??\C:\Program Files\Security Shield\Security Shield 2010\bdvedisk.sys [X] S1 hajusami; \??\C:\Windows\system32\drivers\hajusami.sys [X] S1 hikuyayh; \??\C:\Windows\system32\drivers\hikuyayh.sys [X] S1 lopsghoc; \??\C:\Windows\system32\drivers\lopsghoc.sys [X] S1 nnxxiess; \??\C:\Windows\system32\drivers\nnxxiess.sys [X] S0 PxHelp20; System32\Drivers\PxHelp20.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-27 16:58 - 2014-07-27 16:58 - 00000000 ____D () C:\Program Files\ESET 2014-07-27 16:54 - 2014-07-27 16:54 - 02347384 _____ (ESET) C:\Users\Jeff M\Downloads\esetsmartinstaller_enu.exe 2014-07-27 15:51 - 2014-07-27 23:27 - 00000000 ____D () C:\Users\Jeff M\Desktop\P U P Removal 2014 2014-07-27 15:30 - 2014-07-27 19:17 - 00000000 ____D () C:\Users\Jeff M\Desktop\Bikini Bridge 2014-07-27 13:46 - 2014-07-27 12:44 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-07-27 13:28 - 2014-07-27 13:54 - 00000000 ____D () C:\zoek 2014-07-27 12:48 - 2014-07-27 13:54 - 00017979 _____ () C:\zoek-results.log 2014-07-27 12:44 - 2014-07-27 13:40 - 00000000 ____D () C:\zoek_backup 2014-07-27 12:42 - 2014-07-27 12:42 - 01287168 _____ () C:\Users\Jeff M\Desktop\zoek.exe 2014-07-27 12:09 - 2014-07-27 12:10 - 00011616 _____ () C:\Users\Jeff M\Desktop\AdwCleaner[s0].txt 2014-07-27 12:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-07-27 12:00 - 2014-07-27 12:04 - 00000000 ____D () C:\AdwCleaner 2014-07-27 11:57 - 2014-07-27 11:57 - 01354223 _____ () C:\Users\Jeff M\Desktop\adwcleaner_3.216.exe 2014-07-26 21:04 - 2014-07-26 21:04 - 00000274 _____ () C:\Users\Jeff M\Desktop\Content You Follow - Malwarebytes Forum.URL 2014-07-26 19:10 - 2014-07-26 19:10 - 00069628 _____ () C:\Users\Jeff M\Desktop\Fantasy Football 2014.xlsx 2014-07-23 21:30 - 2014-07-23 21:31 - 00020710 _____ () C:\Users\Jeff M\Downloads\My_Contacts_for_VCard.vcf 2014-07-23 21:29 - 2014-07-23 21:29 - 00023560 _____ () C:\Users\Jeff M\Downloads\My_Contacts_for_Outlook.csv 2014-07-22 21:06 - 2014-07-22 21:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-21 19:07 - 2014-07-28 20:01 - 00000000 ____D () C:\FRST 2014-07-17 17:04 - 2014-07-28 16:42 - 00000000 ___RD () C:\Users\Jeff M\Dropbox 2014-07-17 17:04 - 2014-07-25 09:47 - 00001020 _____ () C:\Users\Jeff M\Desktop\Dropbox.lnk 2014-07-17 16:30 - 2014-07-25 09:47 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-17 16:18 - 2014-07-28 16:42 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Dropbox 2014-07-17 16:16 - 2014-07-17 16:16 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller(1).exe 2014-07-17 16:15 - 2014-07-17 16:16 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller.exe 2014-07-14 20:39 - 2014-07-21 15:41 - 00000000 ____D () C:\Users\Jeff M\Desktop\Family Photos 2014-07-14 19:58 - 2014-07-14 20:01 - 00000000 ____D () C:\Users\Jeff M\Desktop\New Facebook Wall Posts 2014-07-08 22:51 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-08 22:51 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-08 22:51 - 2014-06-18 18:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-08 22:51 - 2014-06-18 18:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-08 22:51 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-08 22:51 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-08 22:50 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-08 22:50 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-08 22:50 - 2014-06-18 18:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-08 22:50 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-08 22:50 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-08 22:50 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-08 22:50 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-08 22:50 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-08 22:50 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-08 22:50 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-08 22:50 - 2014-06-18 17:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-08 22:50 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-08 22:50 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-08 22:50 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-08 22:50 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-08 22:50 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-08 22:49 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-08 22:49 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-08 22:49 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-08 22:49 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-08 22:49 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-08 22:49 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-08 22:49 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-08 22:49 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-08 22:48 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-08 22:48 - 2014-06-17 19:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-08 22:48 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-08 22:48 - 2014-05-30 01:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-08 22:47 - 2014-06-29 20:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-08 22:47 - 2014-06-29 20:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-08 22:47 - 2014-06-05 09:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-08 22:47 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-08 22:47 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-08 22:47 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-08 22:47 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-08 22:47 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-08 22:47 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-08 22:47 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-07 22:08 - 2014-07-07 22:08 - 00000000 ____D () C:\Users\Jeff M\Desktop\Old Firefox Data 2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\ProgramData\TEMP 2014-07-07 18:25 - 2014-07-07 18:25 - 00036864 _____ () C:\Users\Jeff M\Desktop\Paraquad - REIMBURSEMENT SHEET blank - SWEP Coaches.xls 2014-07-07 08:07 - 2014-07-07 19:46 - 00000003 _____ () C:\Users\Jeff M\AppData\Local\proxy.log 2014-07-06 15:07 - 2014-07-07 17:41 - 00070144 _____ () C:\Windows\system32\tasks.dll 2014-07-05 03:39 - 2014-07-28 19:26 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-05 03:38 - 2014-07-05 03:38 - 00001131 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-05 03:38 - 2014-07-05 03:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-05 03:37 - 2014-07-05 03:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-05 03:37 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-05 03:37 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-04 20:56 - 2014-07-08 05:11 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Adobe 2014-07-04 17:43 - 2014-07-07 21:10 - 00000670 __RSH () C:\ProgramData\ntuser.pol 2014-07-04 17:43 - 2014-07-04 17:47 - 00000000 ____D () C:\ProgramData\1a87371232efe5f 2014-07-04 17:42 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-07-04 17:42 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-07-04 17:42 - 2014-07-04 17:43 - 00000000 ____D () C:\ProgramData\EnergoTech 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Comodo 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-06-28 16:01 - 2007-04-02 08:27 - 00011056 _____ () C:\Windows\bcm43xx64.cat 2014-06-28 16:01 - 2007-04-02 08:27 - 00011056 _____ () C:\Windows\bcm43xx.cat 2014-06-28 16:01 - 2007-02-12 09:23 - 00034304 _____ () C:\Windows\DrvTool64.exe 2014-06-28 16:01 - 2007-02-12 09:09 - 00032768 _____ () C:\Windows\DrvTool.exe 2014-06-28 16:01 - 2007-02-09 11:31 - 00000520 _____ () C:\Windows\Hardware.ID 2014-06-28 16:01 - 2006-11-28 21:46 - 00027072 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\CBPSp50.sys 2014-06-28 16:01 - 2006-11-14 01:08 - 00640000 _____ (Broadcom Corporation) C:\Windows\bcmwl664.sys 2014-06-28 16:01 - 2006-11-14 01:08 - 00534016 _____ (Broadcom Corporation) C:\Windows\bcmwl6.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 20:01 - 2014-07-21 19:07 - 00000000 ____D () C:\FRST 2014-07-28 19:57 - 2010-01-25 18:16 - 00000000 ____D () C:\Users\Jeff M 2014-07-28 19:42 - 2010-05-21 19:14 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Deployment 2014-07-28 19:26 - 2014-07-05 03:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-28 19:24 - 2013-11-02 14:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-28 19:08 - 2010-01-31 20:22 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-28 17:08 - 2010-01-31 20:22 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-28 16:50 - 2009-07-13 23:34 - 00027424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-28 16:50 - 2009-07-13 23:34 - 00027424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-28 16:48 - 2010-01-25 20:15 - 01593855 _____ () C:\Windows\WindowsUpdate.log 2014-07-28 16:42 - 2014-07-17 17:04 - 00000000 ___RD () C:\Users\Jeff M\Dropbox 2014-07-28 16:42 - 2014-07-17 16:18 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Dropbox 2014-07-28 16:41 - 2013-12-26 00:50 - 00010976 _____ () C:\Windows\setupact.log 2014-07-28 16:41 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-27 23:47 - 2010-01-25 18:17 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-27 23:27 - 2014-07-27 15:51 - 00000000 ____D () C:\Users\Jeff M\Desktop\P U P Removal 2014 2014-07-27 19:17 - 2014-07-27 15:30 - 00000000 ____D () C:\Users\Jeff M\Desktop\Bikini Bridge 2014-07-27 16:58 - 2014-07-27 16:58 - 00000000 ____D () C:\Program Files\ESET 2014-07-27 16:54 - 2014-07-27 16:54 - 02347384 _____ (ESET) C:\Users\Jeff M\Downloads\esetsmartinstaller_enu.exe 2014-07-27 13:54 - 2014-07-27 13:28 - 00000000 ____D () C:\zoek 2014-07-27 13:54 - 2014-07-27 12:48 - 00017979 _____ () C:\zoek-results.log 2014-07-27 13:48 - 2013-12-26 00:49 - 00112036 _____ () C:\Windows\PFRO.log 2014-07-27 13:40 - 2014-07-27 12:44 - 00000000 ____D () C:\zoek_backup 2014-07-27 12:44 - 2014-07-27 13:46 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-07-27 12:42 - 2014-07-27 12:42 - 01287168 _____ () C:\Users\Jeff M\Desktop\zoek.exe 2014-07-27 12:10 - 2014-07-27 12:09 - 00011616 _____ () C:\Users\Jeff M\Desktop\AdwCleaner[s0].txt 2014-07-27 12:04 - 2014-07-27 12:00 - 00000000 ____D () C:\AdwCleaner 2014-07-27 11:57 - 2014-07-27 11:57 - 01354223 _____ () C:\Users\Jeff M\Desktop\adwcleaner_3.216.exe 2014-07-26 21:04 - 2014-07-26 21:04 - 00000274 _____ () C:\Users\Jeff M\Desktop\Content You Follow - Malwarebytes Forum.URL 2014-07-26 19:13 - 2014-05-18 12:30 - 02664131 _____ () C:\Users\Jeff M\Desktop\A - Jeff's Balance Sheet 5-2-12.xlsx 2014-07-26 19:10 - 2014-07-26 19:10 - 00069628 _____ () C:\Users\Jeff M\Desktop\Fantasy Football 2014.xlsx 2014-07-25 09:47 - 2014-07-17 17:04 - 00001020 _____ () C:\Users\Jeff M\Desktop\Dropbox.lnk 2014-07-25 09:47 - 2014-07-17 16:30 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-24 18:32 - 2010-02-06 13:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-24 07:25 - 2010-06-04 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-24 07:04 - 2012-04-29 12:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-23 21:31 - 2014-07-23 21:30 - 00020710 _____ () C:\Users\Jeff M\Downloads\My_Contacts_for_VCard.vcf 2014-07-23 21:29 - 2014-07-23 21:29 - 00023560 _____ () C:\Users\Jeff M\Downloads\My_Contacts_for_Outlook.csv 2014-07-22 21:13 - 2014-07-22 21:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-22 20:01 - 2013-11-02 14:25 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-22 20:01 - 2013-11-02 14:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-21 16:54 - 2013-12-25 23:25 - 00000000 ____D () C:\Users\Jeff M\Desktop\IT Resources 2014-07-21 15:41 - 2014-07-14 20:39 - 00000000 ____D () C:\Users\Jeff M\Desktop\Family Photos 2014-07-17 16:16 - 2014-07-17 16:16 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller(1).exe 2014-07-17 16:16 - 2014-07-17 16:15 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller.exe 2014-07-14 20:01 - 2014-07-14 19:58 - 00000000 ____D () C:\Users\Jeff M\Desktop\New Facebook Wall Posts 2014-07-12 14:19 - 2014-06-05 08:40 - 00000000 ____D () C:\Users\Jeff M\Desktop\Yamaha Virago XV535 2014-07-09 16:20 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache 2014-07-09 15:15 - 2009-07-13 23:53 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-09 04:01 - 2009-07-13 23:33 - 00347272 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-09 03:53 - 2014-05-11 09:12 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-09 03:53 - 2009-07-14 02:50 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 03:37 - 2010-03-31 15:41 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-09 03:20 - 2013-08-13 23:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 03:05 - 2010-01-25 18:54 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-08 05:11 - 2014-07-04 20:56 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Adobe 2014-07-07 22:08 - 2014-07-07 22:08 - 00000000 ____D () C:\Users\Jeff M\Desktop\Old Firefox Data 2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\ProgramData\TEMP 2014-07-07 21:10 - 2014-07-04 17:43 - 00000670 __RSH () C:\ProgramData\ntuser.pol 2014-07-07 19:46 - 2014-07-07 08:07 - 00000003 _____ () C:\Users\Jeff M\AppData\Local\proxy.log 2014-07-07 18:25 - 2014-07-07 18:25 - 00036864 _____ () C:\Users\Jeff M\Desktop\Paraquad - REIMBURSEMENT SHEET blank - SWEP Coaches.xls 2014-07-07 17:41 - 2014-07-06 15:07 - 00070144 _____ () C:\Windows\system32\tasks.dll 2014-07-05 13:09 - 2013-06-29 15:52 - 00000000 ____D () C:\Users\Jeff M\Downloads\Brian Keane 2014-07-05 03:38 - 2014-07-05 03:38 - 00001131 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-05 03:38 - 2014-07-05 03:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-05 03:38 - 2014-07-05 03:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-05 03:38 - 2010-05-19 21:57 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Malwarebytes 2014-07-05 03:37 - 2010-05-19 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-04 20:24 - 2013-03-17 15:17 - 00000000 ____D () C:\Users\Jeff M\Downloads\Playlists 2014-07-04 17:47 - 2014-07-04 17:43 - 00000000 ____D () C:\ProgramData\1a87371232efe5f 2014-07-04 17:43 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-07-04 17:43 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-07-04 17:43 - 2014-07-04 17:42 - 00000000 ____D () C:\ProgramData\EnergoTech 2014-07-04 17:43 - 2010-01-31 20:18 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Google 2014-07-04 17:43 - 2010-01-28 13:38 - 00000000 ____D () C:\Program Files\Google 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Comodo 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-07-04 17:42 - 2009-07-13 21:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-07-01 19:38 - 2013-08-18 15:40 - 00000000 ____D () C:\Users\Jeff M\Desktop\New folder 2014-07-01 19:38 - 2011-11-03 12:49 - 00000000 ___RD () C:\Users\Jeff M\Desktop\Facebook Images 2014-07-01 19:29 - 2014-04-20 01:58 - 00000000 ____D () C:\Users\Jeff M\Desktop\Desktop Background 2014-07-01 19:18 - 2014-01-01 16:36 - 00000000 ____D () C:\Users\Jeff M\Desktop\Main Profile Pics of Jeff 2 2014-06-29 20:40 - 2014-07-08 22:47 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-29 20:36 - 2014-07-08 22:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-28 16:01 - 2010-01-25 23:28 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information Some content of TEMP: ==================== C:\Users\Jeff M\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprpihkj.dll C:\Users\Jeff M\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-28 17:12 ==================== End Of Log ============================
  4. Post 2 of 4: Here are the logs in separate posts.... ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=2ec9ce67c0c97a468bd7de1e90a27002 # engine=19373 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-07-28 03:55:15 # local_time=2014-07-27 10:55:15 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 8841793 100589319 0 0 # scanned=176814 # found=4 # cleaned=0 # scan_time=19455 sh=981DD6FB832A26ED9A9F9583BA6F2A78F2148B62 ft=1 fh=3e676125774b21b3 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Jeff M\Desktop\America's Test Kitchen\Epub Converter Software\cbsidlm-tr1_10a-Epub2Pdf-ORG-75785873.exe" sh=981DD6FB832A26ED9A9F9583BA6F2A78F2148B62 ft=1 fh=3e676125774b21b3 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Jeff M\Desktop\America's Test Kitchen\Epub Converter Software\cbsidlm-tr1_10a-ePub_to_PDF_Converter-ORG-75532612.exe" sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Jeff M\Desktop\IT Resources\ccsetup409.exe" sh=DDA7A4231C56CDFC44B5273AF921188842818DF8 ft=1 fh=870e9cfa7219e619 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Jeff M\Desktop\IT Resources\defragsetup.exe"
  5. Post 1 of 4: Here are the logs in separate posts.... Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/27/2014 Scan Time: 2:39:14 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.27.08 Rootkit Database: v2014.07.17.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Jeff M Scan Type: Threat Scan Result: Completed Objects Scanned: 311801 Time Elapsed: 1 hr, 8 min, 42 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  6. Ok... before I post the logs from the final check up, several issues occurred after the processes above and are happening now. (Remember, Optimizer Pro was still on my computer, but I couldn't find it to remove it... not in Uninstall Programs and not in C: Program Files. 1) The system processes continue to run s-l-o-w.... including displaying the letters I am typing here, opening new programs, scrolling down the page, searching for items/files. The response time and transition times are slower than before. Especially when using the internet. (I use Mozilla Firefox exclusively). 2) When shutting down the computer, it brings up the screen to show it can't shut down the computer because there are some programs still running.... The box that shows the programs still running is blank and empty. It forces me to click "Force Shutdown" to shut down the computer. 3) Screen Resolution has changed and it will change back. Suddenly the logos on my desktop, and any programs I'm running are much larger (zoomed-in) than previously. I've gone to adjust screen resolution and it's at it is set to the largest (maximum) setting, same as before the scans/changes, but the screen is much closer and things are too big in size. It won't become smaller again. Has there been a change to the driver for Nvidia the video card? 4) The ESET Online scanner found 4 infected files. The REMOVE FOUND THREATS was NOT checked, so they have not been removed. I'll wait to hear from you before posting the logs from the Malwarebytes, ESET, and FRST scans I did just now. Thoughts?
  7. Post 2 of 2.... Result Log from ZOEK process. (Note the log from ADWCleaner was in previous post). ZOEK Log: Zoek.exe v5.0.0.0 Updated 26-07-2014 Tool run by Jeff M on Sun 07/27/2014 at 12:45:13.18. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jeff M\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 7/27/2014 12:48:37 PM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-971228617-1270584449-2651310907-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AE85DC6D-FC01-4080-8123-95D0F04BA205} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{381FFDE8-2394-4f90-B10D-FC6124A40F8C} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\JEFFM~1\AppData\Roaming\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592\prefs.js: Added to C:\Users\JEFFM~1\AppData\Roaming\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\JEFFM~1\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\prefs.js: user_pref("browser.startup.homepage", "about:home"); Added to C:\Users\JEFFM~1\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== Deleting Files \ Folders ====================== C:\Program Files\Yahoo! deleted C:\found.000 deleted C:\Users\Jeff M\AppData\Roaming\ZoomBrowser EX deleted C:\Users\Jeff M\AppData\Roaming\bdfvconp.ini deleted C:\Users\Jeff M\AppData\Roaming\Yahoo! deleted C:\Users\Jeff M\AppData\Local\BIT3F81.tmp deleted C:\Users\Jeff M\AppData\Local\nsl9197.tmp deleted C:\Users\Jeff M\Searches deleted C:\Users\Jeff M\AppData\LocalLow\Protect deleted C:\Users\Jeff M\AppData\LocalLow\uTorrentBar deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\Windows\system32\tasks\Updater21804.exe deleted C:\Windows\system32\tasks\Optimizer Pro Schedule deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\System32\REN193A.tmp deleted C:\Windows\System32\REN193B.tmp deleted C:\Windows\System32\REN31C.tmp deleted C:\Windows\System32\REN31D.tmp deleted C:\Windows\System32\shoA10F.tmp deleted C:\Windows\System32\InstallUtil.InstallLog deleted C:\Users\JEFFM~1\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\extensions\staged deleted "C:\Windows\Installer\a371b.msi" deleted "C:\Users\Jeff M\AppData\Local\{931C6205-13FD-44D3-8D44-C25BF7FAF33F}" deleted "C:\Users\Jeff M\AppData\Local\{EBCA8DB1-6E80-4664-960A-6FE53477942A}" deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601) Memory (RAM): 3582 MB CPU Info: Intel® Core2 Duo CPU T7300 @ 2.00GHz CPU Speed: 1111.7 MHz Sound Card: Speakers (High Definition Audio | Display Adapters: NVIDIA Quadro NVS 135M | NVIDIA Quadro NVS 135M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor | Screen Resolution: 1024 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter #8 | Linksys Wireless-N Notebook Adapter WPC300N | Broadcom NetXtreme 57xx Gigabit Controller CD / DVD Drives: 1x (D: | ) D: PBDS DVD+-RW DS-8W1P Ports: COM5 | COM6 | COM1 | COM3 | COM10 LPT1 Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 298.0GB Hard Disks - Free: C: 185.0GB Manufacturer *: Dell Inc. BIOS Info: AT/AT COMPATIBLE | 01/04/10 | DELL - 27da0104 Time Zone: Central Standard Time Motherboard *: Dell Inc. Country: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Default Browser: Firefox 31.0 Internet Explorer Version: 11.0.9600.17207 Mozilla Firefox version: 31.0 (x86 en-US) Google Chrome version: 35.0.1916.153 Adobe Reader version: 11.0.07.79 Flash Player version: 14.0.0.145 ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02/09/2010 10:21 AM] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02/09/2010 10:21 AM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\JEFFM~1\AppData\Roaming\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592 - Undetermined - C:\Program Files\IObit Apps Toolbar\FF ProfilePath: C:\Users\JEFFM~1\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P - Undetermined - C:\Program Files\IObit Apps Toolbar\FF - Copy Plain Text 2 - %ProfilePath%\extensions\copyplaintext@teo.pl.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592 4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash 893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In 14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin EEEB86077BB4682B3FCFEDA5AED3E396 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 BADFB0DCCD9B7E9F2F6EB7954D24EED1 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 1153F58FACBC9731AF6CDF313F76DF29 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 9E4F520270BF7301CC24E8FA67791C22 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 E50A1DB5DE70D656287511297B42F9F2 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 ADC539F67D3198679F480974EE203678 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.210.11 25FA8C3B9789A26CA7D61C8E9B4EA799 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll - RIM Handheld Application Loader 49E8B365CF3AE1156FD81EF37B3A19B8 - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll - BlackBerry AppWorld 8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System Profilepath: C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P 14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin EEEB86077BB4682B3FCFEDA5AED3E396 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 BADFB0DCCD9B7E9F2F6EB7954D24EED1 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 1153F58FACBC9731AF6CDF313F76DF29 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 9E4F520270BF7301CC24E8FA67791C22 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 E50A1DB5DE70D656287511297B42F9F2 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 ADC539F67D3198679F480974EE203678 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.210.11 25FA8C3B9789A26CA7D61C8E9B4EA799 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll - RIM Handheld Application Loader 49E8B365CF3AE1156FD81EF37B3A19B8 - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll - BlackBerry AppWorld 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== CostMin - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon CostMin - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon CostMin - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon CostMin - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon CostMin - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon CostMin - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon CostMin - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon CostMin - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon CostMin - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon CostMin - Jeff M\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon CostMin - Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon CostMin - Jeff M\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon ==== Chrome Fix ====================== C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully C:\Users\Jeff M\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully C:\Users\Jeff M\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search/?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" ==== Reset Google Chrome ====================== C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2F3FB19-D848-479C-818E-130ABC9366DB} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\91BF3F2B848DC97418E831A0CB3966BD deleted successfully ==== Empty IE Cache ====================== C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jeff M\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jeff M\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Jeff M\AppData\Local\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=97 folders=39 1570784 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Jeff M\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\JEFFM~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Sun 07/27/2014 at 13:54:09.32 ======================
  8. Post 1 of 2.... Result Log from ADWCLEANER. (Note the log from zoek will be in post 2). ADWCleaner Log: # AdwCleaner v3.216 - Report created 27/07/2014 at 12:04:13 # Updated 17/07/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (32 bits) # Username : Jeff M - JEFFM-PC # Running from : C:\Users\Jeff M\Desktop\adwcleaner_3.216.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : ca82e1a5 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Iminent Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2 Folder Deleted : C:\Program Files\Ask.com Folder Deleted : C:\Program Files\Common Files\Plasmoo Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\Administrator\AppData\Local\torch Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\Guest\AppData\Local\torch Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch Folder Deleted : C:\Users\Jeff M\AppData\Local\Chromatic Browser Folder Deleted : C:\Users\Jeff M\AppData\Local\torch Folder Deleted : C:\Users\Jeff M\AppData\Roaming\GetPrivate Folder Deleted : C:\Users\Jeff M\AppData\Roaming\GrabPro Folder Deleted : C:\Users\Jeff M\AppData\Roaming\Optimizer Pro Folder Deleted : C:\Users\Jeff M\AppData\Roaming\Systweak Folder Deleted : C:\Users\Jeff M\AppData\Roaming\Uniblue File Deleted : C:\Users\Jeff M\AppData\Roaming\aps.uninstall.scan.results File Deleted : C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\user.js File Deleted : C:\Windows\Tasks\APSnotifierPP1.job File Deleted : C:\Windows\System32\Tasks\APSnotifierPP1 File Deleted : C:\Windows\Tasks\APSnotifierPP2.job File Deleted : C:\Windows\System32\Tasks\APSnotifierPP2 File Deleted : C:\Windows\Tasks\APSnotifierPP3.job File Deleted : C:\Windows\System32\Tasks\APSnotifierPP3 ***** [ Shortcuts ] ***** ***** [ Registry ] ***** [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD69CECC-3B14-4AD9-B496-4DF2D1200FD1} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD69CECC-3B14-4AD9-B496-4DF2D1200FD1} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDA432A6-40AA-415F-A330-FFEFEC4D065A} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDA432A6-40AA-415F-A330-FFEFEC4D065A} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D4942B6-A1DE-4F27-8C79-A03969EE990F} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D4942B6-A1DE-4F27-8C79-A03969EE990F} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7} Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro] Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnyProtect Scanner] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}] Key Deleted : HKCU\Software\AnyProtect Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\installedbrowserextensions Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\powerpack Key Deleted : HKCU\Software\TutoTag Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\InfoAtoms Key Deleted : HKLM\Software\Tutorials Key Deleted : HKLM\Software\Uniblue Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v31.0 (x86 en-US) [ File : C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592\prefs.js ] [ File : C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\prefs.js ] -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [11335 octets] - [27/07/2014 12:00:37] AdwCleaner[s0].txt - [11474 octets] - [27/07/2014 12:04:13] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11535 octets] ##########
  9. Hi Jurgen, I have removed Media Player Codec Pack 4.2.4 Security Shield Antivirus was not listed Under Control Panel---> Uninstall Programs. I was only able to find it in C: Program Files... but I wasn't able to delete in Windows Regular Mode as it was being used by another program. I DID delete the folder from C: Program Files by doing it in Safe Mode. It has been removed. I could not find Optimizer Pro.... not in Control Panel---> Uninstall Programs, and it was not in C: Program Files. How can I find it elsewhere to remove/delete it?
  10. Please help.... I've run several MB scans in the last several days and different versions of the PUP.Optional. threat are found each time. It's bogged down my system to crawl speed and preventing me from some of my frequent internet sites. I could really use some help!
  11. ... and the log of the Addition.txt.... Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-07-2014 Ran by Jeff M at 2014-07-21 19:10:56 Running from C:\Users\Jeff M\Desktop\Virus Scan Tools and Logs\FRST Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AV: Security Shield Antivirus (Disabled - Up to date) {5988F8C3-A12C-B8DD-7291-D5248C8353F8} AS: Security Shield Antispyware (Disabled - Up to date) {E2E91927-8716-B753-4821-EE56F7041945} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} FW: Security Shield Firewall (Disabled) {61B379E6-EB43-B985-59CE-7C1172501483} ==================== Installed Programs ====================== µTorrent (HKLM\...\uTorrent) (Version: 3.1.3 - ) 32 Bit HP CIO Components Installer (Version: 8.1.4 - Hewlett-Packard) Hidden 470_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden 470_Readme (Version: 1.00.0000 - Hewlett-Packard) Hidden Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated) Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden Acronis True Image Home (HKLM\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7046 - Acronis) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated) Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Amazon Cloud Drive (HKCU\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon) Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) Amazon MP3 Downloader 1.0.15 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC) Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASPCA Reminder by We-Care.com v4.1.21.1 (HKLM\...\{A6558E2A-FAF9-4570-AA49-6328D0354517}) (Version: 4.1.21.1 - We-Care.com) AVS Image Converter 1.1.3.71 (HKLM\...\AVS Image Converter_is1) (Version: - Online Media Technologies Ltd.) AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) BBSAK (HKLM\...\{E8289E29-F9E1-4F3F-B50E-461529A6DCA7}) (Version: 1.7 - JMT Labs Inc.) Belarc Advisor 8.3 (HKLM\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.) BlackBerry App World Browser Plugin (HKLM\...\{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}) (Version: 3.0.1.2 - Research In Motion Limited) BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.) BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden BlackBerry Device Software Updater (HKLM\...\{B2F3FB19-D848-479C-818E-130ABC9366DB}) (Version: 5.0.1.65 - Research In Motion Ltd) BPDSoftware (Version: 130.0.000.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden Brother MFL-Pro Suite MFC-7460DN (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.0.0 - Brother Industries, Ltd.) Camera Window DS (Version: 5.3.1 - Canon) Hidden Canon Camera Window DSLR 5 for ZoomBrowser EX (HKLM\...\InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}) (Version: 5.3.1 - Canon) Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.) Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.) Canon PhotoRecord (HKLM\...\{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}) (Version: 02.02.03002 - Cisra) Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}) (Version: 2.2 - Canon) Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.) Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.12.0.0 - Canon Inc.) Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.) Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}) (Version: 3.1.16 - Canon) Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform) CDDRV_Installer (Version: 4.60 - Logitech) Hidden CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft) Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.) D-Link DWA-131 Wireless N Nano USB Adapter (HKLM\...\{D9198056-A296-4583-A790-C0E73694CFE8}) (Version: - D-Link) Dropbox (HKCU\...\Dropbox) (Version: 2.10.2 - Dropbox, Inc.) EOSInfo (HKLM\...\{CC23FF9A-989C-4DEB-8970-50E6E4862315}) (Version: 0.2.0 - astrojargon.net) Epub2Pdf version 1.40.5 (HKLM\...\{A49328DE-FAB8-41B9-9377-AA65FDE8283C}_is1) (Version: 1.40.5 - Epubor) erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden Free Video to MP3 Converter version 4.2.20.421 (HKLM\...\Free Video to MP3 Converter_is1) (Version: - DVDVideoSoft Limited.) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Gmail Notifier (HKLM\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version: - Google Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden H470 (Version: 130.0.000.000 - Hewlett-Packard) Hidden HandBrake 0.9.9 (HKLM\...\HandBrake) (Version: 0.9.9 - ) Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden High-Definition Video Playback 10 (Version: 7.0.11400.29.0 - Nero AG) Hidden HP OfficeJet H470 (HKLM\...\{2B71BB94-F52C-4EF2-85E8-45E63296EDF2}) (Version: 13.0 - HP) HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard) HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan) Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden Linksys Dual Band Wireless-N Notebook Adapter (HKLM\...\{8465C2C2-E744-4895-8A83-1E93B070738B}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.) Linksys EasyLink Advisor (HKLM\...\Linksys EasyLink Advisor) (Version: - Linksys By Cisco Systems) Linksys EasyLink Advisor (Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden Linksys Wireless-N Notebook Adapter Driver - WPC300N (HKLM\...\{02AC211F-0026-4D6D-A5D8-429F94C86181}) (Version: 1.10.0416 - Linksys, A Division of Cisco Systems, Inc.) Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Media Player Codec Pack 4.2.4 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.4 - Media Player Codec Pack) <==== ATTENTION MessageViewer Pro 3.1.11 (HKCU\...\MessageViewer Pro) (Version: 3.1.11 - Encryptomatic, LLC) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Location Finder (HKLM\...\{9D18F7F8-B984-4249-8512-CC621BC59F12}) (Version: 1.2.0 - Microsoft Corporation) Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Streets & Trips 2011 (HKLM\...\{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}) (Version: 18.0.1 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels) Nero 10 Menu TemplatePack Basic (Version: 10.0.10600.6.0 - Nero AG) Hidden Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0 - Nero AG) Hidden Nero BackItUp 10 (HKLM\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG) Nero BackItUp 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG) Nero BurningROM 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG) Nero BurnRights 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero Control Center 10 (Version: 10.0.12000.1.4 - Nero AG) Hidden Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden Nero Core Components 10 (Version: 2.0.13700.0.1 - Nero AG) Hidden Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG) Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.0.10700.9.100 - Nero AG) Nero DiscCopyGadget 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG) Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero Dolby Files 10 (Version: 2.0.11000.0.10 - Nero AG) Hidden Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG) Nero Express 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG) Nero InfoTool 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero MediaHub 10 (HKLM\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG) Nero MediaHub 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG) Nero Recode 10 (HKLM\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG) Nero Recode 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG) Nero RescueAgent 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden Nero SoundTrax 10 (HKLM\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG) Nero SoundTrax 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG) Nero StartSmart 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden Nero Vision 10 (HKLM\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG) Nero Vision 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Nero WaveEditor 10 (HKLM\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG) Nero WaveEditor 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden Network (Version: 130.0.579.000 - Hewlett-Packard) Hidden Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) NVIDIA Control Panel 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation) NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation) NVIDIA nView Desktop Manager (Version: 6.14.10.12561 - NVIDIA Corporation) Hidden Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - ) Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.) PhotoStitch (Version: 3.1.16 - Canon) Hidden Plus Pack for Acronis True Image Home 2010 (HKLM\...\{4C556B5C-8EF7-47B4-AE05-FE71EEB2C25B}) (Version: 13.0.7046 - Acronis) ProductContext (Version: 130.0.000.000 - Hewlett-Packard) Hidden Pure Networks Platform (Version: 11.1.9051.0 - Pure Networks) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) RAW Image Task 2.2 (Version: 2.2 - Canon) Hidden Revo Uninstaller 1.87 (HKLM\...\Revo Uninstaller) (Version: 1.87 - VS Revo Group) Scansoft PDF Professional (Version: - ) Hidden SecondLifeViewer2 (remove only) (HKLM\...\SecondLifeViewer2) (Version: - ) Secure Download Manager (HKLM\...\{718B4606-2FEF-411B-B96E-4FC53B91EBC0}) (Version: 3.1.01 - Kivuto Solutions Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.1 - IObit) SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden SnagIt 6 (HKLM\...\SnagIt6) (Version: 6.1 - TechSmith Corporation) System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - ) Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.) WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH) Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Restore Points ========================= 27-06-2014 14:52:21 Scheduled Checkpoint 28-06-2014 21:00:54 Installed Linksys Wireless-N Notebook Adapter Driver - WPC300N 28-06-2014 21:24:51 Windows Update 01-07-2014 21:45:47 Windows Update 04-07-2014 23:01:23 Removed Adobe Flash Player 11 ActiveX. 04-07-2014 23:02:13 Windows Update 09-07-2014 08:01:41 Windows Update 12-07-2014 15:09:06 Windows Update 15-07-2014 22:14:43 Windows Update 17-07-2014 23:02:11 Removed Microsoft Access database engine 2010 (English) 19-07-2014 01:10:13 Windows Update ==================== Hosts content: ========================== 2009-07-13 21:04 - 2014-07-07 21:10 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {036AFE72-38E7-423C-958C-0BA6F92EFF43} - System32\Tasks\{624015A0-6064-4478-BE78-16D97630780E} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe Task: {11091284-5321-4C1C-B882-5E645A04A8A9} - System32\Tasks\{A979F251-9955-4A69-9C95-FB746D514E2D} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe Task: {13148F73-4D89-47C1-AC33-47B9E20021DA} - System32\Tasks\{EB2FDF4E-C7A5-4E82-9B15-527B131052AF} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe Task: {18ED7E63-C4CB-470F-9A02-914E1EE86EFB} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files\Optimizer Pro\OptProLauncher.exe <==== ATTENTION Task: {198D2B6A-A19C-4893-8712-1EB184F7E0E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe Task: {1BC7E7C2-6B54-46E8-BB47-D995CB951551} - System32\Tasks\Updater21804.exe => C:\Users\Jeff Task: {24554F0B-BA6C-46BE-9592-09AE4C1644C5} - System32\Tasks\{1F91C1DD-F862-4E3A-9612-60789B4AD8A9} => C:\Program Files\TouchpadPal\TouchpadPal.exe Task: {2D434D09-CB97-4245-B5E2-DDBB586F6D54} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {3C0A29D0-4423-44C5-85ED-DEAEDA5BA6EA} - System32\Tasks\{C81729C5-366A-4531-8E68-696BC5F1D731} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe Task: {4EEB5801-B8EC-402B-881D-AA6C9546D9A4} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-03-10] (IObit) Task: {573E1049-DBDC-4DB6-95C1-089A6D511728} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {71F9E3DB-7604-45E6-915E-AA23014049ED} - System32\Tasks\{A4AA02CD-1633-4C40-BBE0-5C0AD9F705B7} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {813E0829-8EC7-4A23-93F2-6B84CB3B27D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-04] (Adobe Systems Incorporated) Task: {9BBB17A7-D7BF-4AD6-9781-2491B0F75B1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe Task: {9D4942B6-A1DE-4F27-8C79-A03969EE990F} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe Task: {B01D6922-3804-42B2-88D2-7C91E127A3B0} - System32\Tasks\EnergoTech Update => C:\ProgramData\EnergoTech\update.exe [2014-07-04] (EnergoTech LLC) Task: {B673599C-36EB-43D1-BA7D-3E1C4F2AF8C0} - System32\Tasks\{C72C8CCD-CE97-4A64-B922-518492161262} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe Task: {BED95BEC-7FC1-4EDC-A458-D92217C3C419} - System32\Tasks\{99F185FB-9172-4EF8-913C-6997613EC37A} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe Task: {C751F892-2400-4278-83E2-35B5B7CC011C} - System32\Tasks\GPUP => C:\Program Files\GetPrivate\gpup.exe Task: {CAAD75CF-DDD1-4B8C-9164-322224819500} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] () Task: {CB1E31CE-D6E4-45F2-A945-8CC31536B7E8} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe [2014-03-10] (IObit) Task: {CD69CECC-3B14-4AD9-B496-4DF2D1200FD1} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe Task: {EDA432A6-40AA-415F-A330-FFEFEC4D065A} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe Task: {EF0542D7-ECA9-4EDA-BE14-EC3715FA75C0} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-01-15 13:45 - 2009-01-15 13:45 - 00181248 _____ () C:\Program Files\Common Files\Security Shield\Security Shield Update Service\txmlutil.dll 2009-09-13 21:08 - 2009-09-13 21:08 - 00094720 _____ () C:\Program Files\Security Shield\Security Shield 2010\framework.dll 2014-01-26 12:06 - 2013-08-29 18:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2010-07-21 21:24 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll 2010-04-22 17:35 - 2013-09-05 03:38 - 00455968 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll 2011-04-24 22:24 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll 2014-01-20 22:45 - 2012-09-05 18:55 - 00892288 _____ () C:\Program Files\IObit\Smart Defrag 3\webres.dll 2008-12-12 18:11 - 2008-12-12 18:11 - 00148480 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll 2008-12-12 18:11 - 2008-12-12 18:11 - 00097280 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll 2012-06-04 21:28 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll 2010-01-25 23:28 - 2009-07-20 13:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll 2011-06-18 13:40 - 2008-06-26 19:09 - 00167936 _____ () C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe 2014-07-21 15:32 - 2014-07-21 15:32 - 00043008 _____ () c:\users\jeffm~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbtnxu2.dll 2014-07-17 16:30 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\libcef.dll 2014-01-04 23:32 - 2014-07-21 15:33 - 00046080 _____ () C:\Users\Jeff M\AppData\Local\Apps\2.0\RW9C72G5.VK3\0C0ATDG0.MHV\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll 2014-01-04 23:32 - 2014-01-04 23:32 - 00541696 _____ () C:\Users\Jeff M\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll 2014-06-18 01:23 - 2014-06-18 01:23 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-06-29 04:20 - 2014-06-29 04:20 - 17024688 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk => C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup ==================== Faulty Device Manager Devices ============= Name: Intel® PRO/Wireless 3945ABG Network Connection Description: Intel® PRO/Wireless 3945ABG Network Connection Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: netw5v32 Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (07/20/2014 01:57:49 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/20/2014 01:56:51 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/20/2014 01:54:03 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/19/2014 03:04:45 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/19/2014 03:03:34 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/19/2014 03:01:19 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/17/2014 04:59:58 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/17/2014 04:58:33 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/17/2014 04:53:11 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/15/2014 04:00:56 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (07/21/2014 03:34:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (07/21/2014 03:32:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Linksys Updater service terminated unexpectedly. It has done this 1 time(s). Error: (07/21/2014 03:32:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: bdfsfltr PxHelp20 Error: (07/21/2014 03:32:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect. Error: (07/21/2014 03:31:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Security Shield 2010 Virus Shield service failed to start due to the following error: %%1053 Error: (07/21/2014 03:31:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Security Shield 2010 Virus Shield service to connect. Error: (07/20/2014 00:51:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (07/20/2014 00:49:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Linksys Updater service terminated unexpectedly. It has done this 1 time(s). Error: (07/20/2014 00:49:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: bdfsfltr PxHelp20 Error: (07/20/2014 00:49:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect. Microsoft Office Sessions: ========================= Error: (07/20/2014 01:57:49 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe Error: (07/20/2014 01:56:51 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe Error: (07/20/2014 01:54:03 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe Error: (07/19/2014 03:04:45 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe Error: (07/19/2014 03:03:34 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe Error: (07/19/2014 03:01:19 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe Error: (07/17/2014 04:59:58 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe Error: (07/17/2014 04:58:33 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe Error: (07/17/2014 04:53:11 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe Error: (07/15/2014 04:00:56 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe CodeIntegrity Errors: =================================== Date: 2013-11-07 20:35:55.814 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 20:35:55.624 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 20:35:55.432 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 20:35:55.243 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 20:35:55.041 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 20:35:54.850 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 19:56:42.745 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 19:56:42.552 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 19:56:42.234 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-07 19:56:41.912 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 48% Total physical RAM: 3581.97 MB Available physical RAM: 1847.19 MB Total Pagefile: 7162.23 MB Available Pagefile: 5138.21 MB Total Virtual: 2047.88 MB Available Virtual: 1920.23 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:297.99 GB) (Free:184.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive h: (SEA_DISC) (Fixed) (Total:93.13 GB) (Free:26.46 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 9000D87E) Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 93 GB) (Disk ID: CB3F6A13) Partition 1: (Not Active) - (Size=93 GB) - (Type=OF Extended) ==================== End Of Log ============================
  12. Here are my 2 Log Files in separate posts.....First Post: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014 Ran by Jeff M (administrator) on JEFFM-PC on 21-07-2014 19:07:38 Running from C:\Users\Jeff M\Desktop\Virus Scan Tools and Logs\FRST Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (BitDefender S.R.L.) C:\Program Files\Common Files\Security Shield\Security Shield Update Service\livesrv.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (IObit) C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe (Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe (Google Inc.) C:\Program Files\Google\Gmail Notifier\gnotify.exe (Nero AG) C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Microsoft Corporation) C:\Program Files\Microsoft Location Finder\LocationFinder.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe (Amazon Digital Services, LLC.) C:\Users\Jeff M\AppData\Local\Apps\2.0\RW9C72G5.VK3\0C0ATDG0.MHV\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe () C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe (Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe (Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Dropbox, Inc.) C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\Dropbox.exe (Sun Microsystems, Inc.) C:\Users\Jeff M\AppData\Local\Apps\2.0\RW9C72G5.VK3\0C0ATDG0.MHV\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe ==================== Registry (Whitelisted) ================== HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-13] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-971228617-1270584449-2651310907-1000\...\Run: [Microsoft Location Finder] => C:\Program Files\Microsoft Location Finder\LocationFinder.exe [101080 2005-08-24] (Microsoft Corporation) HKU\S-1-5-21-971228617-1270584449-2651310907-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-971228617-1270584449-2651310907-1000\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro\OptProLauncher.exe HKU\S-1-5-21-971228617-1270584449-2651310907-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_125_Plugin.exe [851120 2014-06-29] (Adobe Systems Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms () Startup: C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE2CF55B3E47CCB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie SearchScopes: HKCU - DefaultScope {AE85DC6D-FC01-4080-8123-95D0F04BA205} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811_yserp2tst&p={searchTerms} SearchScopes: HKCU - {AE85DC6D-FC01-4080-8123-95D0F04BA205} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811_yserp2tst&p={searchTerms} BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - No Name - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll () FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: No Name - C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\Extensions\staged [2014-07-04] FF Extension: Copy Plain Text 2 - C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\Extensions\copyplaintext@teo.pl.xpi [2013-09-14] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-09] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR RestoreOnStartup: "hxxp://www.google.com" CHR Extension: (Google Docs) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-26] CHR Extension: (Google Drive) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-26] CHR Extension: (YouTube) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-26] CHR Extension: (Google Search) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-26] CHR Extension: (Google Wallet) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26] CHR Extension: (CostMin) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon [2014-07-04] CHR Extension: (Gmail) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-26] CHR Extension: (CostMin) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon\2.0 [2014-07-04] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [751464 2010-03-27] (Acronis) R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-06-15] (Acronis) R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed] R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [86606 2005-06-02] (Canon Inc.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-23] (Hewlett-Packard Co.) [File not signed] S2 LinksysUpdater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed] R2 LIVESRV; C:\Program Files\Common Files\Security Shield\Security Shield Update Service\livesrv.exe [325120 2011-05-03] (BitDefender S.R.L.) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [642856 2008-12-12] (Cisco Systems, Inc.) R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed] S2 VSSERV; C:\Program Files\Security Shield\Security Shield 2010\vsserv.exe [1595016 2009-09-23] (PCSecurityShield) R2 WlanWpsSvc; C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed] S2 ca82e1a5; "C:\Windows\system32\rundll32.exe" "c:\Program Files\Optimizer Pro\OptProCrash.dll",ServiceMain S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== S3 BDSelfPr; C:\Program Files\Security Shield\Security Shield 2010\bdselfpr.sys [8832 2009-01-12] (BitDefender S.R.L.) [File not signed] R2 BDVEDISK; C:\Program Files\Security Shield\Security Shield 2010\bdvedisk.sys [82696 2009-04-01] (BitDefender S.R.L.) S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [50688 2009-07-13] (Microsoft Corporation) S3 CBPSp50; C:\Windows\System32\Drivers\CBPSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro) S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [110296 2014-07-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2008-12-12] (Cisco Systems, Inc.) R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2008-12-12] (Cisco Systems, Inc.) S3 ser2plms; C:\Windows\System32\DRIVERS\ser2plms.sys [42240 2010-07-07] (Prolific Technology Inc.) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit) R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2010-06-15] (Acronis) R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-22] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-22] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-22] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-09-22] (Microsoft Corporation) S3 WPC600N; C:\Windows\System32\DRIVERS\WPC600N.sys [691192 2007-06-21] (Broadcom Corporation) S3 BDFM; system32\DRIVERS\bdfm.sys [X] S0 bdfsfltr; system32\DRIVERS\bdfsfltr.sys [X] S1 hajusami; \??\C:\Windows\system32\drivers\hajusami.sys [X] S1 hikuyayh; \??\C:\Windows\system32\drivers\hikuyayh.sys [X] S1 lopsghoc; \??\C:\Windows\system32\drivers\lopsghoc.sys [X] S1 nnxxiess; \??\C:\Windows\system32\drivers\nnxxiess.sys [X] S0 PxHelp20; System32\Drivers\PxHelp20.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-21 19:07 - 2014-07-21 19:07 - 00000000 ____D () C:\FRST 2014-07-17 17:04 - 2014-07-21 15:38 - 00000000 ___RD () C:\Users\Jeff M\Dropbox 2014-07-17 17:04 - 2014-07-17 17:04 - 00001040 _____ () C:\Users\Jeff M\Desktop\Dropbox.lnk 2014-07-17 16:30 - 2014-07-17 16:30 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-17 16:18 - 2014-07-21 15:32 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Dropbox 2014-07-17 16:16 - 2014-07-17 16:16 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller(1).exe 2014-07-17 16:15 - 2014-07-17 16:16 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller.exe 2014-07-14 20:39 - 2014-07-21 15:41 - 00000000 ____D () C:\Users\Jeff M\Desktop\Family Photos 2014-07-14 19:58 - 2014-07-14 20:01 - 00000000 ____D () C:\Users\Jeff M\Desktop\New Facebook Wall Posts 2014-07-08 22:51 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-08 22:51 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-08 22:51 - 2014-06-18 18:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-08 22:51 - 2014-06-18 18:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-08 22:51 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-08 22:51 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-08 22:50 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-08 22:50 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-08 22:50 - 2014-06-18 18:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-08 22:50 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-08 22:50 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-08 22:50 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-08 22:50 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-08 22:50 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-08 22:50 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-08 22:50 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-08 22:50 - 2014-06-18 17:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-08 22:50 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-08 22:50 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-08 22:50 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-08 22:50 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-08 22:50 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-08 22:49 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-08 22:49 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-08 22:49 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-08 22:49 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-08 22:49 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-08 22:49 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-08 22:49 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-08 22:49 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-08 22:48 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-08 22:48 - 2014-06-17 19:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-08 22:48 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-08 22:48 - 2014-05-30 01:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-08 22:47 - 2014-06-29 20:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-08 22:47 - 2014-06-29 20:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-08 22:47 - 2014-06-05 09:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-08 22:47 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-08 22:47 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-08 22:47 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-08 22:47 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-08 22:47 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-08 22:47 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-08 22:47 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-07 22:08 - 2014-07-07 22:08 - 00000000 ____D () C:\Users\Jeff M\Desktop\Old Firefox Data 2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\Users\Jeff M\Documents\Optimizer Pro 2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Optimizer Pro 2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\ProgramData\TEMP 2014-07-07 21:12 - 2014-07-07 21:12 - 00001091 _____ () C:\Users\Jeff M\Desktop\Optimizer Pro.lnk 2014-07-07 21:12 - 2014-07-07 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 2014-07-07 18:25 - 2014-07-07 18:25 - 00036864 _____ () C:\Users\Jeff M\Desktop\Paraquad - REIMBURSEMENT SHEET blank - SWEP Coaches.xls 2014-07-07 08:07 - 2014-07-07 19:46 - 00000003 _____ () C:\Users\Jeff M\AppData\Local\proxy.log 2014-07-06 15:07 - 2014-07-07 17:41 - 00070144 _____ () C:\Windows\system32\tasks.dll 2014-07-05 03:39 - 2014-07-21 17:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-05 03:38 - 2014-07-05 03:38 - 00001131 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-05 03:38 - 2014-07-05 03:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-05 03:37 - 2014-07-05 03:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-05 03:37 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-05 03:37 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-04 20:56 - 2014-07-08 05:11 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Adobe 2014-07-04 17:58 - 2014-07-07 17:58 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-07-04 17:58 - 2014-07-05 04:43 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-07-04 17:58 - 2014-07-04 18:18 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-07-04 17:58 - 2014-07-04 18:00 - 00000320 _____ () C:\Users\Jeff M\AppData\Roaming\aps.uninstall.scan.results 2014-07-04 17:57 - 2014-07-04 17:57 - 00591320 _____ (ClickMeIn Limited) C:\Users\Jeff M\AppData\Local\nsl9197.tmp 2014-07-04 17:43 - 2014-07-07 21:10 - 00000670 __RSH () C:\ProgramData\ntuser.pol 2014-07-04 17:43 - 2014-07-04 17:47 - 00000000 ____D () C:\ProgramData\1a87371232efe5f 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Torch 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Chromatic Browser 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-07-04 17:42 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-07-04 17:42 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-07-04 17:42 - 2014-07-04 17:43 - 00000000 ____D () C:\ProgramData\EnergoTech 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Comodo 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-07-04 17:41 - 2014-07-04 17:41 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\GetPrivate 2014-06-28 16:01 - 2007-04-02 08:27 - 00011056 _____ () C:\Windows\bcm43xx64.cat 2014-06-28 16:01 - 2007-04-02 08:27 - 00011056 _____ () C:\Windows\bcm43xx.cat 2014-06-28 16:01 - 2007-02-12 09:23 - 00034304 _____ () C:\Windows\DrvTool64.exe 2014-06-28 16:01 - 2007-02-12 09:09 - 00032768 _____ () C:\Windows\DrvTool.exe 2014-06-28 16:01 - 2007-02-09 11:31 - 00000520 _____ () C:\Windows\Hardware.ID 2014-06-28 16:01 - 2006-11-28 21:46 - 00027072 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\CBPSp50.sys 2014-06-28 16:01 - 2006-11-14 01:08 - 00640000 _____ (Broadcom Corporation) C:\Windows\bcmwl664.sys 2014-06-28 16:01 - 2006-11-14 01:08 - 00534016 _____ (Broadcom Corporation) C:\Windows\bcmwl6.sys ==================== One Month Modified Files and Folders ======= 2014-07-21 19:08 - 2010-01-31 20:22 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-21 19:07 - 2014-07-21 19:07 - 00000000 ____D () C:\FRST 2014-07-21 19:02 - 2014-05-18 12:30 - 02659095 _____ () C:\Users\Jeff M\Desktop\A - Jeff's Balance Sheet 5-2-12.xlsx 2014-07-21 18:32 - 2010-05-21 19:14 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Deployment 2014-07-21 18:24 - 2013-11-02 14:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-21 17:08 - 2010-01-31 20:22 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-21 17:03 - 2014-07-05 03:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-21 16:54 - 2013-12-25 23:25 - 00000000 ____D () C:\Users\Jeff M\Desktop\IT Resources 2014-07-21 15:43 - 2010-01-25 20:15 - 02096380 _____ () C:\Windows\WindowsUpdate.log 2014-07-21 15:41 - 2014-07-14 20:39 - 00000000 ____D () C:\Users\Jeff M\Desktop\Family Photos 2014-07-21 15:40 - 2009-07-13 23:34 - 00027424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-21 15:40 - 2009-07-13 23:34 - 00027424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-21 15:38 - 2014-07-17 17:04 - 00000000 ___RD () C:\Users\Jeff M\Dropbox 2014-07-21 15:32 - 2014-07-17 16:18 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Dropbox 2014-07-21 15:31 - 2013-12-26 00:50 - 00009576 _____ () C:\Windows\setupact.log 2014-07-21 15:31 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-17 19:57 - 2013-12-26 00:49 - 00110722 _____ () C:\Windows\PFRO.log 2014-07-17 17:04 - 2014-07-17 17:04 - 00001040 _____ () C:\Users\Jeff M\Desktop\Dropbox.lnk 2014-07-17 17:04 - 2010-01-25 18:16 - 00000000 ____D () C:\Users\Jeff M 2014-07-17 16:30 - 2014-07-17 16:30 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-17 16:16 - 2014-07-17 16:16 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller(1).exe 2014-07-17 16:16 - 2014-07-17 16:15 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller.exe 2014-07-15 18:12 - 2010-01-25 18:17 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-14 20:01 - 2014-07-14 19:58 - 00000000 ____D () C:\Users\Jeff M\Desktop\New Facebook Wall Posts 2014-07-12 14:19 - 2014-06-05 08:40 - 00000000 ____D () C:\Users\Jeff M\Desktop\Yamaha Virago XV535 2014-07-09 16:20 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache 2014-07-09 15:15 - 2009-07-13 23:53 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-09 04:01 - 2009-07-13 23:33 - 00347272 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-09 03:53 - 2014-05-11 09:12 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-09 03:53 - 2009-07-14 02:50 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 03:37 - 2010-03-31 15:41 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-09 03:20 - 2013-08-13 23:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 03:05 - 2010-01-25 18:54 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-08 06:09 - 2012-01-04 23:08 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\uTorrent 2014-07-08 05:11 - 2014-07-04 20:56 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Adobe 2014-07-07 22:08 - 2014-07-07 22:08 - 00000000 ____D () C:\Users\Jeff M\Desktop\Old Firefox Data 2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\Users\Jeff M\Documents\Optimizer Pro 2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Optimizer Pro 2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\ProgramData\TEMP 2014-07-07 21:12 - 2014-07-07 21:12 - 00001091 _____ () C:\Users\Jeff M\Desktop\Optimizer Pro.lnk 2014-07-07 21:12 - 2014-07-07 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 2014-07-07 21:10 - 2014-07-04 17:43 - 00000670 __RSH () C:\ProgramData\ntuser.pol 2014-07-07 19:46 - 2014-07-07 08:07 - 00000003 _____ () C:\Users\Jeff M\AppData\Local\proxy.log 2014-07-07 18:25 - 2014-07-07 18:25 - 00036864 _____ () C:\Users\Jeff M\Desktop\Paraquad - REIMBURSEMENT SHEET blank - SWEP Coaches.xls 2014-07-07 17:58 - 2014-07-04 17:58 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-07-07 17:41 - 2014-07-06 15:07 - 00070144 _____ () C:\Windows\system32\tasks.dll 2014-07-05 13:09 - 2013-06-29 15:52 - 00000000 ____D () C:\Users\Jeff M\Downloads\Brian Keane 2014-07-05 04:43 - 2014-07-04 17:58 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-07-05 03:38 - 2014-07-05 03:38 - 00001131 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-05 03:38 - 2014-07-05 03:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-05 03:38 - 2014-07-05 03:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-05 03:38 - 2010-05-19 21:57 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Malwarebytes 2014-07-05 03:37 - 2010-05-19 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-04 20:24 - 2013-03-17 15:17 - 00000000 ____D () C:\Users\Jeff M\Downloads\Playlists 2014-07-04 18:18 - 2014-07-04 17:58 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-07-04 18:00 - 2014-07-04 17:58 - 00000320 _____ () C:\Users\Jeff M\AppData\Roaming\aps.uninstall.scan.results 2014-07-04 17:58 - 2013-11-02 14:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-04 17:58 - 2013-11-02 14:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-04 17:57 - 2014-07-04 17:57 - 00591320 _____ (ClickMeIn Limited) C:\Users\Jeff M\AppData\Local\nsl9197.tmp 2014-07-04 17:47 - 2014-07-04 17:43 - 00000000 ____D () C:\ProgramData\1a87371232efe5f 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Torch 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Chromatic Browser 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-07-04 17:43 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-07-04 17:43 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-07-04 17:43 - 2014-07-04 17:42 - 00000000 ____D () C:\ProgramData\EnergoTech 2014-07-04 17:43 - 2010-01-31 20:18 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Google 2014-07-04 17:43 - 2010-01-28 13:38 - 00000000 ____D () C:\Program Files\Google 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Comodo 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-07-04 17:42 - 2009-07-13 21:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-07-04 17:41 - 2014-07-04 17:41 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\GetPrivate 2014-07-01 19:38 - 2013-08-18 15:40 - 00000000 ____D () C:\Users\Jeff M\Desktop\New folder 2014-07-01 19:38 - 2011-11-03 12:49 - 00000000 ___RD () C:\Users\Jeff M\Desktop\Facebook Images 2014-07-01 19:29 - 2014-04-20 01:58 - 00000000 ____D () C:\Users\Jeff M\Desktop\Desktop Background 2014-07-01 19:18 - 2014-01-01 16:36 - 00000000 ____D () C:\Users\Jeff M\Desktop\Main Profile Pics of Jeff 2 2014-06-29 20:40 - 2014-07-08 22:47 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-29 20:36 - 2014-07-08 22:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-28 16:01 - 2010-01-25 23:28 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-06-27 08:16 - 2014-06-15 07:28 - 00000000 ____D () C:\Users\Jeff M\Desktop\Paraquad SWEP Payroll 2014-06-22 10:08 - 2012-04-29 12:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\Jeff M\AppData\Local\Temp\511ntjpd.3us.exe C:\Users\Jeff M\AppData\Local\Temp\BlockAndSurf_2222-5180.exe C:\Users\Jeff M\AppData\Local\Temp\dcklglrk.wp2.exe C:\Users\Jeff M\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbtnxu2.dll C:\Users\Jeff M\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprinwuk.dll C:\Users\Jeff M\AppData\Local\Temp\optprosetup.exe C:\Users\Jeff M\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll C:\Users\Jeff M\AppData\Local\Temp\weeu2zxo.ph5.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-19 16:09 ==================== End Of Log ============================
  13. Hello, Could use some help getting the source of the PUP.Optional variations (Registry Key) fully removed. I've scanned my computer every day for the last 4 days, and I keep deleting variations of a Registry Key virus. Day 1 the scan found this: PUP.Optional.A [Registry Key] (I quarantined it). Day 2: Registry Key with similar name Day 3: Registry Key with similar name Day 4: (7/21/2014 - Today it found 2): PUP.Optional.WeCare [Registry Key] (quarantined it). & PUP.Optional.WeCare [Registry Key] with diff Location (I quarantined it too) I appreciate help wiht any assistance or steps I can take to remove whatever virus/program it is that's regenerating these in my system. From other posts I've read I understand this may be a multiple step process.... and I'm good at following directions JM
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.