Jump to content

Variations of PUP.Optional.... (Reg Key) keep re-appearing.


Recommended Posts

Hello, Could use some help getting the source of the PUP.Optional variations (Registry Key) fully removed.

 

I've scanned my computer every day for the last 4 days, and I keep deleting variations of a Registry Key virus.

 

Day 1 the scan found this: PUP.Optional.A  [Registry Key] (I quarantined it).
Day 2: Registry Key with similar name
Day 3: Registry Key with similar name

Day 4: (7/21/2014 - Today it found 2):
                PUP.Optional.WeCare [Registry Key] (quarantined it).
            & PUP.Optional.WeCare [Registry Key] with diff Location (I quarantined it too)

 

I appreciate help wiht any assistance or steps I can take to remove whatever virus/program it is that's regenerating these in my system.  From other posts I've read I understand this may be a multiple step process.... and I'm good at following directions :)

 

JM

Link to post
Share on other sites

Here are my 2 Log Files in separate posts.....First Post: FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014
Ran by Jeff M (administrator) on JEFFM-PC on 21-07-2014 19:07:38
Running from C:\Users\Jeff M\Desktop\Virus Scan Tools and Logs\FRST
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(BitDefender S.R.L.) C:\Program Files\Common Files\Security Shield\Security Shield Update Service\livesrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(IObit) C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
(Google Inc.) C:\Program Files\Google\Gmail Notifier\gnotify.exe
(Nero AG) C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\Program Files\Microsoft Location Finder\LocationFinder.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Amazon Digital Services, LLC.) C:\Users\Jeff M\AppData\Local\Apps\2.0\RW9C72G5.VK3\0C0ATDG0.MHV\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Dropbox, Inc.) C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sun Microsystems, Inc.) C:\Users\Jeff M\AppData\Local\Apps\2.0\RW9C72G5.VK3\0C0ATDG0.MHV\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe


==================== Registry (Whitelisted) ==================

HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-971228617-1270584449-2651310907-1000\...\Run: [Microsoft Location Finder] => C:\Program Files\Microsoft Location Finder\LocationFinder.exe [101080 2005-08-24] (Microsoft Corporation)
HKU\S-1-5-21-971228617-1270584449-2651310907-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-971228617-1270584449-2651310907-1000\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro\OptProLauncher.exe
HKU\S-1-5-21-971228617-1270584449-2651310907-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_125_Plugin.exe [851120 2014-06-29] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()
Startup: C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE2CF55B3E47CCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKCU - DefaultScope {AE85DC6D-FC01-4080-8123-95D0F04BA205} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811_yserp2tst&p={searchTerms}
SearchScopes: HKCU - {AE85DC6D-FC01-4080-8123-95D0F04BA205} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811_yserp2tst&p={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} -  No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: No Name - C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\Extensions\staged [2014-07-04]
FF Extension: Copy Plain Text 2 - C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\Extensions\copyplaintext@teo.pl.xpi [2013-09-14]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-09]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-26]
CHR Extension: (Google Drive) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-26]
CHR Extension: (YouTube) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-26]
CHR Extension: (Google Search) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-26]
CHR Extension: (Google Wallet) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26]
CHR Extension: (CostMin) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon [2014-07-04]
CHR Extension: (Gmail) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-26]
CHR Extension: (CostMin) - C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon\2.0 [2014-07-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [751464 2010-03-27] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-06-15] (Acronis)
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [86606 2005-06-02] (Canon Inc.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-23] (Hewlett-Packard Co.) [File not signed]
S2 LinksysUpdater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
R2 LIVESRV; C:\Program Files\Common Files\Security Shield\Security Shield Update Service\livesrv.exe [325120 2011-05-03] (BitDefender S.R.L.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [642856 2008-12-12] (Cisco Systems, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
S2 VSSERV; C:\Program Files\Security Shield\Security Shield 2010\vsserv.exe [1595016 2009-09-23] (PCSecurityShield)
R2 WlanWpsSvc; C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
S2 ca82e1a5; "C:\Windows\system32\rundll32.exe" "c:\Program Files\Optimizer Pro\OptProCrash.dll",ServiceMain
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

S3 BDSelfPr; C:\Program Files\Security Shield\Security Shield 2010\bdselfpr.sys [8832 2009-01-12] (BitDefender S.R.L.) [File not signed]
R2 BDVEDISK; C:\Program Files\Security Shield\Security Shield 2010\bdvedisk.sys [82696 2009-04-01] (BitDefender S.R.L.)
S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [50688 2009-07-13] (Microsoft Corporation)
S3 CBPSp50; C:\Windows\System32\Drivers\CBPSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [110296 2014-07-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2008-12-12] (Cisco Systems, Inc.)
R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2008-12-12] (Cisco Systems, Inc.)
S3 ser2plms; C:\Windows\System32\DRIVERS\ser2plms.sys [42240 2010-07-07] (Prolific Technology Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2010-06-15] (Acronis)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-22] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-22] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-22] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-09-22] (Microsoft Corporation)
S3 WPC600N; C:\Windows\System32\DRIVERS\WPC600N.sys [691192 2007-06-21] (Broadcom Corporation)
S3 BDFM; system32\DRIVERS\bdfm.sys [X]
S0 bdfsfltr; system32\DRIVERS\bdfsfltr.sys [X]
S1 hajusami; \??\C:\Windows\system32\drivers\hajusami.sys [X]
S1 hikuyayh; \??\C:\Windows\system32\drivers\hikuyayh.sys [X]
S1 lopsghoc; \??\C:\Windows\system32\drivers\lopsghoc.sys [X]
S1 nnxxiess; \??\C:\Windows\system32\drivers\nnxxiess.sys [X]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 19:07 - 2014-07-21 19:07 - 00000000 ____D () C:\FRST
2014-07-17 17:04 - 2014-07-21 15:38 - 00000000 ___RD () C:\Users\Jeff M\Dropbox
2014-07-17 17:04 - 2014-07-17 17:04 - 00001040 _____ () C:\Users\Jeff M\Desktop\Dropbox.lnk
2014-07-17 16:30 - 2014-07-17 16:30 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-17 16:18 - 2014-07-21 15:32 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Dropbox
2014-07-17 16:16 - 2014-07-17 16:16 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller(1).exe
2014-07-17 16:15 - 2014-07-17 16:16 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller.exe
2014-07-14 20:39 - 2014-07-21 15:41 - 00000000 ____D () C:\Users\Jeff M\Desktop\Family Photos
2014-07-14 19:58 - 2014-07-14 20:01 - 00000000 ____D () C:\Users\Jeff M\Desktop\New Facebook Wall Posts
2014-07-08 22:51 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 22:51 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 22:51 - 2014-06-18 18:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 22:51 - 2014-06-18 18:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 22:51 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 22:51 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 22:50 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 22:50 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 22:50 - 2014-06-18 18:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 22:50 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 22:50 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 22:50 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 22:50 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 22:50 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 22:50 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 22:50 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 22:50 - 2014-06-18 17:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 22:50 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 22:50 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 22:50 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 22:50 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 22:50 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 22:49 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 22:49 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 22:49 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 22:49 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 22:49 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 22:49 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 22:49 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 22:49 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 22:48 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 22:48 - 2014-06-17 19:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 22:48 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 22:48 - 2014-05-30 01:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 22:47 - 2014-06-29 20:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-08 22:47 - 2014-06-29 20:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-08 22:47 - 2014-06-05 09:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 22:47 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 22:47 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 22:47 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 22:47 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 22:47 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 22:47 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 22:47 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-07 22:08 - 2014-07-07 22:08 - 00000000 ____D () C:\Users\Jeff M\Desktop\Old Firefox Data
2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\Users\Jeff M\Documents\Optimizer Pro
2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Optimizer Pro
2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-07 21:12 - 2014-07-07 21:12 - 00001091 _____ () C:\Users\Jeff M\Desktop\Optimizer Pro.lnk
2014-07-07 21:12 - 2014-07-07 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-07-07 18:25 - 2014-07-07 18:25 - 00036864 _____ () C:\Users\Jeff M\Desktop\Paraquad - REIMBURSEMENT SHEET  blank - SWEP Coaches.xls
2014-07-07 08:07 - 2014-07-07 19:46 - 00000003 _____ () C:\Users\Jeff M\AppData\Local\proxy.log
2014-07-06 15:07 - 2014-07-07 17:41 - 00070144 _____ () C:\Windows\system32\tasks.dll
2014-07-05 03:39 - 2014-07-21 17:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 03:38 - 2014-07-05 03:38 - 00001131 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-05 03:38 - 2014-07-05 03:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-05 03:37 - 2014-07-05 03:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-05 03:37 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-05 03:37 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-04 20:56 - 2014-07-08 05:11 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Adobe
2014-07-04 17:58 - 2014-07-07 17:58 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-07-04 17:58 - 2014-07-05 04:43 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-07-04 17:58 - 2014-07-04 18:18 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-07-04 17:58 - 2014-07-04 18:00 - 00000320 _____ () C:\Users\Jeff M\AppData\Roaming\aps.uninstall.scan.results
2014-07-04 17:57 - 2014-07-04 17:57 - 00591320 _____ (ClickMeIn Limited) C:\Users\Jeff M\AppData\Local\nsl9197.tmp
2014-07-04 17:43 - 2014-07-07 21:10 - 00000670 __RSH () C:\ProgramData\ntuser.pol
2014-07-04 17:43 - 2014-07-04 17:47 - 00000000 ____D () C:\ProgramData\1a87371232efe5f
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Torch
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Chromatic Browser
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-04 17:42 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-04 17:42 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-04 17:42 - 2014-07-04 17:43 - 00000000 ____D () C:\ProgramData\EnergoTech
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Comodo
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-04 17:41 - 2014-07-04 17:41 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\GetPrivate
2014-06-28 16:01 - 2007-04-02 08:27 - 00011056 _____ () C:\Windows\bcm43xx64.cat
2014-06-28 16:01 - 2007-04-02 08:27 - 00011056 _____ () C:\Windows\bcm43xx.cat
2014-06-28 16:01 - 2007-02-12 09:23 - 00034304 _____ () C:\Windows\DrvTool64.exe
2014-06-28 16:01 - 2007-02-12 09:09 - 00032768 _____ () C:\Windows\DrvTool.exe
2014-06-28 16:01 - 2007-02-09 11:31 - 00000520 _____ () C:\Windows\Hardware.ID
2014-06-28 16:01 - 2006-11-28 21:46 - 00027072 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\CBPSp50.sys
2014-06-28 16:01 - 2006-11-14 01:08 - 00640000 _____ (Broadcom Corporation) C:\Windows\bcmwl664.sys
2014-06-28 16:01 - 2006-11-14 01:08 - 00534016 _____ (Broadcom Corporation) C:\Windows\bcmwl6.sys

==================== One Month Modified Files and Folders =======

2014-07-21 19:08 - 2010-01-31 20:22 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 19:07 - 2014-07-21 19:07 - 00000000 ____D () C:\FRST
2014-07-21 19:02 - 2014-05-18 12:30 - 02659095 _____ () C:\Users\Jeff M\Desktop\A - Jeff's Balance Sheet 5-2-12.xlsx
2014-07-21 18:32 - 2010-05-21 19:14 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Deployment
2014-07-21 18:24 - 2013-11-02 14:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 17:08 - 2010-01-31 20:22 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 17:03 - 2014-07-05 03:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 16:54 - 2013-12-25 23:25 - 00000000 ____D () C:\Users\Jeff M\Desktop\IT Resources
2014-07-21 15:43 - 2010-01-25 20:15 - 02096380 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 15:41 - 2014-07-14 20:39 - 00000000 ____D () C:\Users\Jeff M\Desktop\Family Photos
2014-07-21 15:40 - 2009-07-13 23:34 - 00027424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 15:40 - 2009-07-13 23:34 - 00027424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 15:38 - 2014-07-17 17:04 - 00000000 ___RD () C:\Users\Jeff M\Dropbox
2014-07-21 15:32 - 2014-07-17 16:18 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Dropbox
2014-07-21 15:31 - 2013-12-26 00:50 - 00009576 _____ () C:\Windows\setupact.log
2014-07-21 15:31 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-17 19:57 - 2013-12-26 00:49 - 00110722 _____ () C:\Windows\PFRO.log
2014-07-17 17:04 - 2014-07-17 17:04 - 00001040 _____ () C:\Users\Jeff M\Desktop\Dropbox.lnk
2014-07-17 17:04 - 2010-01-25 18:16 - 00000000 ____D () C:\Users\Jeff M
2014-07-17 16:30 - 2014-07-17 16:30 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-17 16:16 - 2014-07-17 16:16 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller(1).exe
2014-07-17 16:16 - 2014-07-17 16:15 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller.exe
2014-07-15 18:12 - 2010-01-25 18:17 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-14 20:01 - 2014-07-14 19:58 - 00000000 ____D () C:\Users\Jeff M\Desktop\New Facebook Wall Posts
2014-07-12 14:19 - 2014-06-05 08:40 - 00000000 ____D () C:\Users\Jeff M\Desktop\Yamaha Virago XV535
2014-07-09 16:20 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-07-09 15:15 - 2009-07-13 23:53 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-09 04:01 - 2009-07-13 23:33 - 00347272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:53 - 2014-05-11 09:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 03:53 - 2009-07-14 02:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:37 - 2010-03-31 15:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 03:20 - 2013-08-13 23:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:05 - 2010-01-25 18:54 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 06:09 - 2012-01-04 23:08 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\uTorrent
2014-07-08 05:11 - 2014-07-04 20:56 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Adobe
2014-07-07 22:08 - 2014-07-07 22:08 - 00000000 ____D () C:\Users\Jeff M\Desktop\Old Firefox Data
2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\Users\Jeff M\Documents\Optimizer Pro
2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Optimizer Pro
2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-07 21:12 - 2014-07-07 21:12 - 00001091 _____ () C:\Users\Jeff M\Desktop\Optimizer Pro.lnk
2014-07-07 21:12 - 2014-07-07 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-07-07 21:10 - 2014-07-04 17:43 - 00000670 __RSH () C:\ProgramData\ntuser.pol
2014-07-07 19:46 - 2014-07-07 08:07 - 00000003 _____ () C:\Users\Jeff M\AppData\Local\proxy.log
2014-07-07 18:25 - 2014-07-07 18:25 - 00036864 _____ () C:\Users\Jeff M\Desktop\Paraquad - REIMBURSEMENT SHEET  blank - SWEP Coaches.xls
2014-07-07 17:58 - 2014-07-04 17:58 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-07-07 17:41 - 2014-07-06 15:07 - 00070144 _____ () C:\Windows\system32\tasks.dll
2014-07-05 13:09 - 2013-06-29 15:52 - 00000000 ____D () C:\Users\Jeff M\Downloads\Brian Keane
2014-07-05 04:43 - 2014-07-04 17:58 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-07-05 03:38 - 2014-07-05 03:38 - 00001131 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-05 03:38 - 2014-07-05 03:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-05 03:38 - 2014-07-05 03:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-05 03:38 - 2010-05-19 21:57 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Malwarebytes
2014-07-05 03:37 - 2010-05-19 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 20:24 - 2013-03-17 15:17 - 00000000 ____D () C:\Users\Jeff M\Downloads\Playlists
2014-07-04 18:18 - 2014-07-04 17:58 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-07-04 18:00 - 2014-07-04 17:58 - 00000320 _____ () C:\Users\Jeff M\AppData\Roaming\aps.uninstall.scan.results
2014-07-04 17:58 - 2013-11-02 14:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-04 17:58 - 2013-11-02 14:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-04 17:57 - 2014-07-04 17:57 - 00591320 _____ (ClickMeIn Limited) C:\Users\Jeff M\AppData\Local\nsl9197.tmp
2014-07-04 17:47 - 2014-07-04 17:43 - 00000000 ____D () C:\ProgramData\1a87371232efe5f
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Torch
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Chromatic Browser
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-04 17:43 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-04 17:43 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-04 17:43 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-04 17:43 - 2014-07-04 17:42 - 00000000 ____D () C:\ProgramData\EnergoTech
2014-07-04 17:43 - 2010-01-31 20:18 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Google
2014-07-04 17:43 - 2010-01-28 13:38 - 00000000 ____D () C:\Program Files\Google
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Comodo
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-04 17:42 - 2009-07-13 21:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-04 17:41 - 2014-07-04 17:41 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\GetPrivate
2014-07-01 19:38 - 2013-08-18 15:40 - 00000000 ____D () C:\Users\Jeff M\Desktop\New folder
2014-07-01 19:38 - 2011-11-03 12:49 - 00000000 ___RD () C:\Users\Jeff M\Desktop\Facebook Images
2014-07-01 19:29 - 2014-04-20 01:58 - 00000000 ____D () C:\Users\Jeff M\Desktop\Desktop Background
2014-07-01 19:18 - 2014-01-01 16:36 - 00000000 ____D () C:\Users\Jeff M\Desktop\Main Profile Pics of Jeff 2
2014-06-29 20:40 - 2014-07-08 22:47 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 20:36 - 2014-07-08 22:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 16:01 - 2010-01-25 23:28 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-27 08:16 - 2014-06-15 07:28 - 00000000 ____D () C:\Users\Jeff M\Desktop\Paraquad SWEP Payroll
2014-06-22 10:08 - 2012-04-29 12:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Jeff M\AppData\Local\Temp\511ntjpd.3us.exe
C:\Users\Jeff M\AppData\Local\Temp\BlockAndSurf_2222-5180.exe
C:\Users\Jeff M\AppData\Local\Temp\dcklglrk.wp2.exe
C:\Users\Jeff M\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbtnxu2.dll
C:\Users\Jeff M\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprinwuk.dll
C:\Users\Jeff M\AppData\Local\Temp\optprosetup.exe
C:\Users\Jeff M\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Jeff M\AppData\Local\Temp\weeu2zxo.ph5.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-19 16:09

==================== End Of Log ============================

Link to post
Share on other sites

... and the log of the Addition.txt....

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-07-2014
Ran by Jeff M at 2014-07-21 19:10:56
Running from C:\Users\Jeff M\Desktop\Virus Scan Tools and Logs\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Security Shield Antivirus (Disabled - Up to date) {5988F8C3-A12C-B8DD-7291-D5248C8353F8}
AS: Security Shield Antispyware (Disabled - Up to date) {E2E91927-8716-B753-4821-EE56F7041945}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Security Shield Firewall (Disabled) {61B379E6-EB43-B985-59CE-7C1172501483}

==================== Installed Programs ======================

µTorrent (HKLM\...\uTorrent) (Version: 3.1.3 - )
32 Bit HP CIO Components Installer (Version: 8.1.4 - Hewlett-Packard) Hidden
470_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
470_Readme (Version: 1.00.0000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acronis True Image Home (HKLM\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7046 - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKCU\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.15 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASPCA Reminder by We-Care.com v4.1.21.1 (HKLM\...\{A6558E2A-FAF9-4570-AA49-6328D0354517}) (Version: 4.1.21.1 - We-Care.com)
AVS Image Converter 1.1.3.71 (HKLM\...\AVS Image Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
BBSAK (HKLM\...\{E8289E29-F9E1-4F3F-B50E-461529A6DCA7}) (Version: 1.7 - JMT Labs Inc.)
Belarc Advisor 8.3 (HKLM\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.)
BlackBerry App World Browser Plugin (HKLM\...\{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}) (Version: 3.0.1.2 - Research In Motion Limited)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM\...\{B2F3FB19-D848-479C-818E-130ABC9366DB}) (Version: 5.0.1.65 - Research In Motion Ltd)
BPDSoftware (Version: 130.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Brother MFL-Pro Suite MFC-7460DN (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Camera Window DS (Version: 5.3.1 - Canon) Hidden
Canon Camera Window DSLR 5 for ZoomBrowser EX (HKLM\...\InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}) (Version: 5.3.1 - Canon)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon PhotoRecord (HKLM\...\{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}) (Version: 02.02.03002 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}) (Version: 2.2 - Canon)
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.12.0.0 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}) (Version: 3.1.16 - Canon)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
D-Link DWA-131 Wireless N Nano USB Adapter (HKLM\...\{D9198056-A296-4583-A790-C0E73694CFE8}) (Version:  - D-Link)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.2 - Dropbox, Inc.)
EOSInfo (HKLM\...\{CC23FF9A-989C-4DEB-8970-50E6E4862315}) (Version: 0.2.0 - astrojargon.net)
Epub2Pdf version 1.40.5 (HKLM\...\{A49328DE-FAB8-41B9-9377-AA65FDE8283C}_is1) (Version: 1.40.5 - Epubor)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
Free Video to MP3 Converter version 4.2.20.421 (HKLM\...\Free Video to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Gmail Notifier (HKLM\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version:  - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
H470 (Version: 130.0.000.000 - Hewlett-Packard) Hidden
HandBrake 0.9.9 (HKLM\...\HandBrake) (Version: 0.9.9 - )
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
High-Definition Video Playback 10 (Version: 7.0.11400.29.0 - Nero AG) Hidden
HP OfficeJet H470 (HKLM\...\{2B71BB94-F52C-4EF2-85E8-45E63296EDF2}) (Version: 13.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Linksys Dual Band Wireless-N Notebook Adapter (HKLM\...\{8465C2C2-E744-4895-8A83-1E93B070738B}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.)
Linksys EasyLink Advisor (HKLM\...\Linksys EasyLink Advisor) (Version:  - Linksys By Cisco Systems)
Linksys EasyLink Advisor (Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden
Linksys Wireless-N Notebook Adapter Driver -  WPC300N (HKLM\...\{02AC211F-0026-4D6D-A5D8-429F94C86181}) (Version: 1.10.0416 - Linksys, A Division of Cisco Systems, Inc.)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Player Codec Pack 4.2.4 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.4 - Media Player Codec Pack) <==== ATTENTION
MessageViewer Pro 3.1.11 (HKCU\...\MessageViewer Pro) (Version: 3.1.11 - Encryptomatic, LLC)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Location Finder (HKLM\...\{9D18F7F8-B984-4249-8512-CC621BC59F12}) (Version: 1.2.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Streets & Trips 2011 (HKLM\...\{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}) (Version: 18.0.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Nero 10 Menu TemplatePack Basic (Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero Control Center 10 (Version: 10.0.12000.1.4 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (Version: 2.0.13700.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.0.10700.9.100 - Nero AG)
Nero DiscCopyGadget 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero Dolby Files 10 (Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero Express 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero MediaHub 10 (HKLM\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero Recode 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero SoundTrax 10 (HKLM\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Vision 10 (HKLM\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero Vision 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero WaveEditor 10 (HKLM\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Network (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Control Panel 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.12561 - NVIDIA Corporation) Hidden
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PhotoStitch (Version: 3.1.16 - Canon) Hidden
Plus Pack for Acronis True Image Home 2010 (HKLM\...\{4C556B5C-8EF7-47B4-AE05-FE71EEB2C25B}) (Version: 13.0.7046 - Acronis)
ProductContext (Version: 130.0.000.000 - Hewlett-Packard) Hidden
Pure Networks Platform (Version: 11.1.9051.0 - Pure Networks) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RAW Image Task 2.2 (Version: 2.2 - Canon) Hidden
Revo Uninstaller 1.87 (HKLM\...\Revo Uninstaller) (Version: 1.87 - VS Revo Group)
Scansoft PDF Professional (Version:  - ) Hidden
SecondLifeViewer2 (remove only) (HKLM\...\SecondLifeViewer2) (Version:  - )
Secure Download Manager (HKLM\...\{718B4606-2FEF-411B-B96E-4FC53B91EBC0}) (Version: 3.1.01 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.1 - IObit)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SnagIt 6 (HKLM\...\SnagIt6) (Version: 6.1 - TechSmith Corporation)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

27-06-2014 14:52:21 Scheduled Checkpoint
28-06-2014 21:00:54 Installed Linksys Wireless-N Notebook Adapter Driver -  WPC300N
28-06-2014 21:24:51 Windows Update
01-07-2014 21:45:47 Windows Update
04-07-2014 23:01:23 Removed Adobe Flash Player 11 ActiveX.
04-07-2014 23:02:13 Windows Update
09-07-2014 08:01:41 Windows Update
12-07-2014 15:09:06 Windows Update
15-07-2014 22:14:43 Windows Update
17-07-2014 23:02:11 Removed Microsoft Access database engine 2010 (English)
19-07-2014 01:10:13 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:04 - 2014-07-07 21:10 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {036AFE72-38E7-423C-958C-0BA6F92EFF43} - System32\Tasks\{624015A0-6064-4478-BE78-16D97630780E} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {11091284-5321-4C1C-B882-5E645A04A8A9} - System32\Tasks\{A979F251-9955-4A69-9C95-FB746D514E2D} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {13148F73-4D89-47C1-AC33-47B9E20021DA} - System32\Tasks\{EB2FDF4E-C7A5-4E82-9B15-527B131052AF} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {18ED7E63-C4CB-470F-9A02-914E1EE86EFB} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {198D2B6A-A19C-4893-8712-1EB184F7E0E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {1BC7E7C2-6B54-46E8-BB47-D995CB951551} - System32\Tasks\Updater21804.exe => C:\Users\Jeff
Task: {24554F0B-BA6C-46BE-9592-09AE4C1644C5} - System32\Tasks\{1F91C1DD-F862-4E3A-9612-60789B4AD8A9} => C:\Program Files\TouchpadPal\TouchpadPal.exe
Task: {2D434D09-CB97-4245-B5E2-DDBB586F6D54} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3C0A29D0-4423-44C5-85ED-DEAEDA5BA6EA} - System32\Tasks\{C81729C5-366A-4531-8E68-696BC5F1D731} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {4EEB5801-B8EC-402B-881D-AA6C9546D9A4} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-03-10] (IObit)
Task: {573E1049-DBDC-4DB6-95C1-089A6D511728} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {71F9E3DB-7604-45E6-915E-AA23014049ED} - System32\Tasks\{A4AA02CD-1633-4C40-BBE0-5C0AD9F705B7} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {813E0829-8EC7-4A23-93F2-6B84CB3B27D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-04] (Adobe Systems Incorporated)
Task: {9BBB17A7-D7BF-4AD6-9781-2491B0F75B1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {9D4942B6-A1DE-4F27-8C79-A03969EE990F} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: {B01D6922-3804-42B2-88D2-7C91E127A3B0} - System32\Tasks\EnergoTech Update => C:\ProgramData\EnergoTech\update.exe [2014-07-04] (EnergoTech LLC)
Task: {B673599C-36EB-43D1-BA7D-3E1C4F2AF8C0} - System32\Tasks\{C72C8CCD-CE97-4A64-B922-518492161262} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {BED95BEC-7FC1-4EDC-A458-D92217C3C419} - System32\Tasks\{99F185FB-9172-4EF8-913C-6997613EC37A} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {C751F892-2400-4278-83E2-35B5B7CC011C} - System32\Tasks\GPUP => C:\Program Files\GetPrivate\gpup.exe
Task: {CAAD75CF-DDD1-4B8C-9164-322224819500} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
Task: {CB1E31CE-D6E4-45F2-A945-8CC31536B7E8} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe [2014-03-10] (IObit)
Task: {CD69CECC-3B14-4AD9-B496-4DF2D1200FD1} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: {EDA432A6-40AA-415F-A330-FFEFEC4D065A} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: {EF0542D7-ECA9-4EDA-BE14-EC3715FA75C0} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-01-15 13:45 - 2009-01-15 13:45 - 00181248 _____ () C:\Program Files\Common Files\Security Shield\Security Shield Update Service\txmlutil.dll
2009-09-13 21:08 - 2009-09-13 21:08 - 00094720 _____ () C:\Program Files\Security Shield\Security Shield 2010\framework.dll
2014-01-26 12:06 - 2013-08-29 18:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2010-07-21 21:24 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2010-04-22 17:35 - 2013-09-05 03:38 - 00455968 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2011-04-24 22:24 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-01-20 22:45 - 2012-09-05 18:55 - 00892288 _____ () C:\Program Files\IObit\Smart Defrag 3\webres.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00148480 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00097280 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2012-06-04 21:28 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2010-01-25 23:28 - 2009-07-20 13:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2011-06-18 13:40 - 2008-06-26 19:09 - 00167936 _____ () C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe
2014-07-21 15:32 - 2014-07-21 15:32 - 00043008 _____ () c:\users\jeffm~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbtnxu2.dll
2014-07-17 16:30 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-04 23:32 - 2014-07-21 15:33 - 00046080 _____ () C:\Users\Jeff M\AppData\Local\Apps\2.0\RW9C72G5.VK3\0C0ATDG0.MHV\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll
2014-01-04 23:32 - 2014-01-04 23:32 - 00541696 _____ () C:\Users\Jeff M\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2014-06-18 01:23 - 2014-06-18 01:23 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-06-29 04:20 - 2014-06-29 04:20 - 17024688 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk => C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup

==================== Faulty Device Manager Devices =============

Name: Intel® PRO/Wireless 3945ABG Network Connection
Description: Intel® PRO/Wireless 3945ABG Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: netw5v32
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2014 01:57:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/20/2014 01:56:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/20/2014 01:54:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 03:04:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 03:03:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 03:01:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/17/2014 04:59:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/17/2014 04:58:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/17/2014 04:53:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2014 04:00:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/21/2014 03:34:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (07/21/2014 03:32:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/21/2014 03:32:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bdfsfltr
PxHelp20

Error: (07/21/2014 03:32:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

Error: (07/21/2014 03:31:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Shield 2010 Virus Shield service failed to start due to the following error:
%%1053

Error: (07/21/2014 03:31:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Security Shield 2010 Virus Shield service to connect.

Error: (07/20/2014 00:51:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (07/20/2014 00:49:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/20/2014 00:49:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bdfsfltr
PxHelp20

Error: (07/20/2014 00:49:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.


Microsoft Office Sessions:
=========================
Error: (07/20/2014 01:57:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe

Error: (07/20/2014 01:56:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe

Error: (07/20/2014 01:54:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe

Error: (07/19/2014 03:04:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe

Error: (07/19/2014 03:03:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe

Error: (07/19/2014 03:01:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe

Error: (07/17/2014 04:59:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe

Error: (07/17/2014 04:58:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe

Error: (07/17/2014 04:53:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe

Error: (07/15/2014 04:00:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe


CodeIntegrity Errors:
===================================
  Date: 2013-11-07 20:35:55.814
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 20:35:55.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 20:35:55.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 20:35:55.243
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 20:35:55.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 20:35:54.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 19:56:42.745
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 19:56:42.552
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 19:56:42.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 19:56:41.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 3581.97 MB
Available physical RAM: 1847.19 MB
Total Pagefile: 7162.23 MB
Available Pagefile: 5138.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:184.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive h: (SEA_DISC) (Fixed) (Total:93.13 GB) (Free:26.46 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 9000D87E)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 93 GB) (Disk ID: CB3F6A13)
Partition 1: (Not Active) - (Size=93 GB) - (Type=OF Extended)

==================== End Of Log ============================

Link to post
Share on other sites

Please help.... I've run several MB scans in the last several days and different versions of the PUP.Optional. threat are found each time.  It's bogged down my system to crawl speed and preventing me from some of my frequent internet sites.

 

I could really use some help!

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 0

Please uninstall some programs:

  • Windows 7w7.png: Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    Optimizer Pro v3.2

    Media Player Codec Pack 4.2.4

  • Reboot your computer.
Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Step 2

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop

  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.
Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.

    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.

    Give the program a few seconds to appear.

  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.

    CHRdefaults;FFdefaults;iedefaults;emptyclsid;autoclean;systemspecs;
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.
Link to post
Share on other sites

Hi Jurgen,

 

I have removed Media Player Codec Pack 4.2.4

 

Security Shield Antivirus was not listed Under Control Panel---> Uninstall Programs.  I was only able to find it in C: Program Files... but I wasn't able to delete in Windows Regular Mode as it was being used by another program.  I DID delete the folder from C: Program Files by doing it in Safe Mode.  It has been removed.

 

I could not find Optimizer Pro.... not in Control Panel---> Uninstall Programs, and it was not in C: Program Files.  How can I find it elsewhere to remove/delete it?

Link to post
Share on other sites

Post 1 of 2.... Result Log from ADWCLEANER.  (Note the log from zoek will be in post 2).

 

ADWCleaner Log:

 

# AdwCleaner v3.216 - Report created 27/07/2014 at 12:04:13
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Jeff M - JEFFM-PC
# Running from : C:\Users\Jeff M\Desktop\adwcleaner_3.216.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : ca82e1a5

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\Plasmoo
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Jeff M\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Jeff M\AppData\Local\torch
Folder Deleted : C:\Users\Jeff M\AppData\Roaming\GetPrivate
Folder Deleted : C:\Users\Jeff M\AppData\Roaming\GrabPro
Folder Deleted : C:\Users\Jeff M\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Jeff M\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Jeff M\AppData\Roaming\Uniblue
File Deleted : C:\Users\Jeff M\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\user.js
File Deleted : C:\Windows\Tasks\APSnotifierPP1.job
File Deleted : C:\Windows\System32\Tasks\APSnotifierPP1
File Deleted : C:\Windows\Tasks\APSnotifierPP2.job
File Deleted : C:\Windows\System32\Tasks\APSnotifierPP2
File Deleted : C:\Windows\Tasks\APSnotifierPP3.job
File Deleted : C:\Windows\System32\Tasks\APSnotifierPP3

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD69CECC-3B14-4AD9-B496-4DF2D1200FD1}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD69CECC-3B14-4AD9-B496-4DF2D1200FD1}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDA432A6-40AA-415F-A330-FFEFEC4D065A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDA432A6-40AA-415F-A330-FFEFEC4D065A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D4942B6-A1DE-4F27-8C79-A03969EE990F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D4942B6-A1DE-4F27-8C79-A03969EE990F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnyProtect Scanner]
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592\prefs.js ]


[ File : C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11335 octets] - [27/07/2014 12:00:37]
AdwCleaner[s0].txt - [11474 octets] - [27/07/2014 12:04:13]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11535 octets] ##########

Link to post
Share on other sites

Post 2 of 2.... Result Log from ZOEK process.  (Note the log from ADWCleaner was in previous post).

 

ZOEK Log:

 

Zoek.exe v5.0.0.0 Updated 26-07-2014
Tool run by Jeff M on Sun 07/27/2014 at 12:45:13.18.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jeff M\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

7/27/2014 12:48:37 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-971228617-1270584449-2651310907-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AE85DC6D-FC01-4080-8123-95D0F04BA205} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{381FFDE8-2394-4f90-B10D-FC6124A40F8C} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\JEFFM~1\AppData\Roaming\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592\prefs.js:

Added to C:\Users\JEFFM~1\AppData\Roaming\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\JEFFM~1\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\prefs.js:
user_pref("browser.startup.homepage", "about:home");

Added to C:\Users\JEFFM~1\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Program Files\Yahoo! deleted
C:\found.000 deleted
C:\Users\Jeff M\AppData\Roaming\ZoomBrowser EX deleted
C:\Users\Jeff M\AppData\Roaming\bdfvconp.ini deleted
C:\Users\Jeff M\AppData\Roaming\Yahoo! deleted
C:\Users\Jeff M\AppData\Local\BIT3F81.tmp deleted
C:\Users\Jeff M\AppData\Local\nsl9197.tmp deleted
C:\Users\Jeff M\Searches deleted
C:\Users\Jeff M\AppData\LocalLow\Protect deleted
C:\Users\Jeff M\AppData\LocalLow\uTorrentBar deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\system32\tasks\Updater21804.exe deleted
C:\Windows\system32\tasks\Optimizer Pro Schedule deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\System32\REN193A.tmp deleted
C:\Windows\System32\REN193B.tmp deleted
C:\Windows\System32\REN31C.tmp deleted
C:\Windows\System32\REN31D.tmp deleted
C:\Windows\System32\shoA10F.tmp deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Users\JEFFM~1\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\extensions\staged deleted
"C:\Windows\Installer\a371b.msi" deleted
"C:\Users\Jeff M\AppData\Local\{931C6205-13FD-44D3-8D44-C25BF7FAF33F}" deleted
"C:\Users\Jeff M\AppData\Local\{EBCA8DB1-6E80-4664-960A-6FE53477942A}" deleted

==== System Specs ======================

Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601)
Memory (RAM): 3582 MB
CPU Info: Intel® Core2 Duo CPU     T7300  @ 2.00GHz
CPU Speed: 1111.7 MHz
Sound Card: Speakers (High Definition Audio |
Display Adapters: NVIDIA Quadro NVS 135M  | NVIDIA Quadro NVS 135M  | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor |
Screen Resolution: 1024 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter #8 | Linksys Wireless-N Notebook Adapter WPC300N | Broadcom NetXtreme 57xx Gigabit Controller
CD / DVD Drives: 1x (D: | ) D: PBDS    DVD+-RW DS-8W1P
Ports: COM5 | COM6 | COM1 | COM3 | COM10 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  298.0GB
Hard Disks - Free: C:  185.0GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 01/04/10 | DELL   - 27da0104
Time Zone: Central Standard Time
Motherboard *: Dell Inc.
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Firefox    31.0
Internet Explorer Version: 11.0.9600.17207
Mozilla Firefox version: 31.0 (x86 en-US)
Google Chrome version: 35.0.1916.153
Adobe Reader version: 11.0.07.79
Flash Player version: 14.0.0.145

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02/09/2010 10:21 AM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02/09/2010 10:21 AM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\JEFFM~1\AppData\Roaming\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592
- Undetermined - C:\Program Files\IObit Apps Toolbar\FF

ProfilePath: C:\Users\JEFFM~1\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P
- Undetermined - C:\Program Files\IObit Apps Toolbar\FF
- Copy Plain Text 2 - %ProfilePath%\extensions\copyplaintext@teo.pl.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592
4390CCD3790F8D9C427C0C29590C62D7    - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll -    Shockwave Flash
893BF7D2261C56C24F813405D9D018E0    - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll -    Silverlight Plug-In
14365399E83D7BC15760E8676E890C87    - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
14365399E83D7BC15760E8676E890C87    - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
5B92CB0A3EEE50F6B9AE036B4F9B0F0C    - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -    Google Earth Plugin
EEEB86077BB4682B3FCFEDA5AED3E396    - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.4
BADFB0DCCD9B7E9F2F6EB7954D24EED1    - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.4
1153F58FACBC9731AF6CDF313F76DF29    - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.4
9E4F520270BF7301CC24E8FA67791C22    - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.4
E50A1DB5DE70D656287511297B42F9F2    - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.4
ADC539F67D3198679F480974EE203678    - C:\Windows\system32\npdeployJava1.dll -    Java Deployment Toolkit 7.0.210.11
25FA8C3B9789A26CA7D61C8E9B4EA799    - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll -    RIM Handheld Application Loader
49E8B365CF3AE1156FD81EF37B3A19B8    - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll -    BlackBerry AppWorld
8DA2ED6B04EA33F2EAE8BA883F903729    - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll -    Microsoft® Silverlight
15E298B5EC5B89C5994A59863969D9FF    - C:\Windows\system32\npmproxy.dll -    Microsoft® Windows® Operating System

Profilepath: C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P
14365399E83D7BC15760E8676E890C87    - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
14365399E83D7BC15760E8676E890C87    - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
5B92CB0A3EEE50F6B9AE036B4F9B0F0C    - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -    Google Earth Plugin
EEEB86077BB4682B3FCFEDA5AED3E396    - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.4
BADFB0DCCD9B7E9F2F6EB7954D24EED1    - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.4
1153F58FACBC9731AF6CDF313F76DF29    - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.4
9E4F520270BF7301CC24E8FA67791C22    - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.4
E50A1DB5DE70D656287511297B42F9F2    - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.4
ADC539F67D3198679F480974EE203678    - C:\Windows\system32\npdeployJava1.dll -    Java Deployment Toolkit 7.0.210.11
25FA8C3B9789A26CA7D61C8E9B4EA799    - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll -    RIM Handheld Application Loader
49E8B365CF3AE1156FD81EF37B3A19B8    - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll -    BlackBerry AppWorld
15E298B5EC5B89C5994A59863969D9FF    - C:\Windows\system32\npmproxy.dll -    Microsoft® Windows® Operating System


==== Chrome Look ======================

CostMin - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon
CostMin - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon
CostMin - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon
CostMin - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon
CostMin - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon
CostMin - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon
CostMin - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon
CostMin - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon
CostMin - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon
CostMin - Jeff M\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon
CostMin - Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon
CostMin - Jeff M\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon

==== Chrome Fix ======================

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully
C:\Users\Jeff M\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully
C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully
C:\Users\Jeff M\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\piakfbjaamcnbfoeefpnebloboimjdon deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search/?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

==== Reset Google Chrome ======================

C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Jeff M\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2F3FB19-D848-479C-818E-130ABC9366DB} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\91BF3F2B848DC97418E831A0CB3966BD deleted successfully

==== Empty IE Cache ======================

C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jeff M\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jeff M\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Jeff M\AppData\Local\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=97 folders=39 1570784 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jeff M\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\JEFFM~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 07/27/2014 at 13:54:09.32 ======================
 

Link to post
Share on other sites

Hi,

daumenhoch.gifgood job!

Let's do a final check up:

Step 1

Scan with mbam.pngMalwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 2

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

lesestoff.png

Can you please tell me which problems still persist now?

Link to post
Share on other sites

Ok... before I post the logs from the final check up, several issues occurred after the processes above and are happening now.  (Remember, Optimizer Pro was still on my computer, but I couldn't find it to remove it... not in Uninstall Programs and not in C: Program Files. 

 

1)  The system processes continue to run s-l-o-w....  including displaying the letters I am typing here, opening new programs, scrolling down the page, searching for items/files.  The response time and transition times are slower than before.  Especially when using the internet.  (I use Mozilla Firefox exclusively).

 

2)  When shutting down the computer, it brings up the screen to show it can't shut down the computer because there are some programs still running.... The box that shows the programs still running is blank and empty.  It forces me to click "Force Shutdown" to shut down the computer.

 

3)  Screen Resolution has changed and it will change back.  Suddenly the logos on my desktop, and any programs I'm running are much larger (zoomed-in) than previously.  I've gone to adjust screen resolution and it's at it is set to the largest (maximum) setting, same as before the scans/changes, but the screen is much closer and things are too big in size.  It won't become smaller again.  Has there been a change to the driver for Nvidia the video card?

 

4)  The ESET Online scanner found 4 infected files.  The REMOVE FOUND THREATS was NOT checked, so they have not been removed.

 

I'll wait to hear from you before posting the logs from the Malwarebytes, ESET, and FRST scans I did just now.

 

Thoughts?

Link to post
Share on other sites

Hi,
I need the logs to make an assessment.
 

 

The ESET Online scanner found 4 infected files.  The REMOVE FOUND THREATS was NOT checked...

 

Yes. This is right and has a simple reason: preventing damage in case of "false positiv".

Link to post
Share on other sites

Post 1 of 4:  Here are the logs in separate posts.... 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/27/2014

Scan Time: 2:39:14 PM

Logfile:

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.07.27.08

Rootkit Database: v2014.07.17.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x86

File System: NTFS

User: Jeff M

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 311801

Time Elapsed: 1 hr, 8 min, 42 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Post 2 of 4:  Here are the logs in separate posts....

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2ec9ce67c0c97a468bd7de1e90a27002
# engine=19373
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-28 03:55:15
# local_time=2014-07-27 10:55:15 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 8841793 100589319 0 0
# scanned=176814
# found=4
# cleaned=0
# scan_time=19455
sh=981DD6FB832A26ED9A9F9583BA6F2A78F2148B62 ft=1 fh=3e676125774b21b3 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Jeff M\Desktop\America's Test Kitchen\Epub Converter Software\cbsidlm-tr1_10a-Epub2Pdf-ORG-75785873.exe"
sh=981DD6FB832A26ED9A9F9583BA6F2A78F2148B62 ft=1 fh=3e676125774b21b3 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Jeff M\Desktop\America's Test Kitchen\Epub Converter Software\cbsidlm-tr1_10a-ePub_to_PDF_Converter-ORG-75532612.exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Jeff M\Desktop\IT Resources\ccsetup409.exe"
sh=DDA7A4231C56CDFC44B5273AF921188842818DF8 ft=1 fh=870e9cfa7219e619 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Jeff M\Desktop\IT Resources\defragsetup.exe"
 

Link to post
Share on other sites

Post 3 of 4:  Here are the logs in separate posts....

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Jeff M (administrator) on JEFFM-PC on 28-07-2014 20:01:24
Running from C:\Users\Jeff M\Desktop\Virus Scan Tools and Logs\FRST\FRST-OlderVersion
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files\Google\Gmail Notifier\gnotify.exe
(Nero AG) C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(IObit) C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
() C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Location Finder\LocationFinder.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Dropbox, Inc.) C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Amazon Digital Services, LLC.) C:\Users\Jeff M\AppData\Local\Apps\2.0\RW9C72G5.VK3\0C0ATDG0.MHV\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Sun Microsystems, Inc.) C:\Users\Jeff M\AppData\Local\Apps\2.0\RW9C72G5.VK3\0C0ATDG0.MHV\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-971228617-1270584449-2651310907-1000\...\Run: [Microsoft Location Finder] => C:\Program Files\Microsoft Location Finder\LocationFinder.exe [101080 2005-08-24] (Microsoft Corporation)
HKU\S-1-5-21-971228617-1270584449-2651310907-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()
Startup: C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE2CF55B3E47CCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\7a44rt4i.default-1404788888592
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Copy Plain Text 2 - C:\Users\Jeff M\AppData\Roaming\Mozilla\Firefox\Profiles\a4v4ntwv.Jeff Alternate P\Extensions\copyplaintext@teo.pl.xpi [2013-09-14]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-09]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [751464 2010-03-27] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-06-15] (Acronis)
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [86606 2005-06-02] (Canon Inc.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-23] (Hewlett-Packard Co.) [File not signed]
S2 LinksysUpdater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
S2 LIVESRV; C:\Program Files\Common Files\Security Shield\Security Shield Update Service\livesrv.exe [325120 2011-05-03] (BitDefender S.R.L.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [642856 2008-12-12] (Cisco Systems, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
R2 WlanWpsSvc; C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 VSSERV; "C:\Program Files\Security Shield\Security Shield 2010\vsserv.exe" /service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [50688 2009-07-13] (Microsoft Corporation)
S3 CBPSp50; C:\Windows\System32\Drivers\CBPSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2008-12-12] (Cisco Systems, Inc.)
R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2008-12-12] (Cisco Systems, Inc.)
S3 ser2plms; C:\Windows\System32\DRIVERS\ser2plms.sys [42240 2010-07-07] (Prolific Technology Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2010-06-15] (Acronis)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-22] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-22] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-22] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-09-22] (Microsoft Corporation)
S3 WPC600N; C:\Windows\System32\DRIVERS\WPC600N.sys [691192 2007-06-21] (Broadcom Corporation)
S3 BDFM; system32\DRIVERS\bdfm.sys [X]
S0 bdfsfltr; system32\DRIVERS\bdfsfltr.sys [X]
S3 BDSelfPr; \??\C:\Program Files\Security Shield\Security Shield 2010\bdselfpr.sys [X]
S2 BDVEDISK; \??\C:\Program Files\Security Shield\Security Shield 2010\bdvedisk.sys [X]
S1 hajusami; \??\C:\Windows\system32\drivers\hajusami.sys [X]
S1 hikuyayh; \??\C:\Windows\system32\drivers\hikuyayh.sys [X]
S1 lopsghoc; \??\C:\Windows\system32\drivers\lopsghoc.sys [X]
S1 nnxxiess; \??\C:\Windows\system32\drivers\nnxxiess.sys [X]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 16:58 - 2014-07-27 16:58 - 00000000 ____D () C:\Program Files\ESET
2014-07-27 16:54 - 2014-07-27 16:54 - 02347384 _____ (ESET) C:\Users\Jeff M\Downloads\esetsmartinstaller_enu.exe
2014-07-27 15:51 - 2014-07-27 23:27 - 00000000 ____D () C:\Users\Jeff M\Desktop\P U P Removal 2014
2014-07-27 15:30 - 2014-07-27 19:17 - 00000000 ____D () C:\Users\Jeff M\Desktop\Bikini Bridge
2014-07-27 13:46 - 2014-07-27 12:44 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-27 13:28 - 2014-07-27 13:54 - 00000000 ____D () C:\zoek
2014-07-27 12:48 - 2014-07-27 13:54 - 00017979 _____ () C:\zoek-results.log
2014-07-27 12:44 - 2014-07-27 13:40 - 00000000 ____D () C:\zoek_backup
2014-07-27 12:42 - 2014-07-27 12:42 - 01287168 _____ () C:\Users\Jeff M\Desktop\zoek.exe
2014-07-27 12:09 - 2014-07-27 12:10 - 00011616 _____ () C:\Users\Jeff M\Desktop\AdwCleaner[s0].txt
2014-07-27 12:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-27 12:00 - 2014-07-27 12:04 - 00000000 ____D () C:\AdwCleaner
2014-07-27 11:57 - 2014-07-27 11:57 - 01354223 _____ () C:\Users\Jeff M\Desktop\adwcleaner_3.216.exe
2014-07-26 21:04 - 2014-07-26 21:04 - 00000274 _____ () C:\Users\Jeff M\Desktop\Content You Follow - Malwarebytes Forum.URL
2014-07-26 19:10 - 2014-07-26 19:10 - 00069628 _____ () C:\Users\Jeff M\Desktop\Fantasy Football 2014.xlsx
2014-07-23 21:30 - 2014-07-23 21:31 - 00020710 _____ () C:\Users\Jeff M\Downloads\My_Contacts_for_VCard.vcf
2014-07-23 21:29 - 2014-07-23 21:29 - 00023560 _____ () C:\Users\Jeff M\Downloads\My_Contacts_for_Outlook.csv
2014-07-22 21:06 - 2014-07-22 21:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-21 19:07 - 2014-07-28 20:01 - 00000000 ____D () C:\FRST
2014-07-17 17:04 - 2014-07-28 16:42 - 00000000 ___RD () C:\Users\Jeff M\Dropbox
2014-07-17 17:04 - 2014-07-25 09:47 - 00001020 _____ () C:\Users\Jeff M\Desktop\Dropbox.lnk
2014-07-17 16:30 - 2014-07-25 09:47 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-17 16:18 - 2014-07-28 16:42 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Dropbox
2014-07-17 16:16 - 2014-07-17 16:16 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller(1).exe
2014-07-17 16:15 - 2014-07-17 16:16 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller.exe
2014-07-14 20:39 - 2014-07-21 15:41 - 00000000 ____D () C:\Users\Jeff M\Desktop\Family Photos
2014-07-14 19:58 - 2014-07-14 20:01 - 00000000 ____D () C:\Users\Jeff M\Desktop\New Facebook Wall Posts
2014-07-08 22:51 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 22:51 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 22:51 - 2014-06-18 18:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 22:51 - 2014-06-18 18:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 22:51 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 22:51 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 22:50 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 22:50 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 22:50 - 2014-06-18 18:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 22:50 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 22:50 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 22:50 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 22:50 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 22:50 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 22:50 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 22:50 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 22:50 - 2014-06-18 17:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 22:50 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 22:50 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 22:50 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 22:50 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 22:50 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 22:49 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 22:49 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 22:49 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 22:49 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 22:49 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 22:49 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 22:49 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 22:49 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 22:48 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 22:48 - 2014-06-17 19:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 22:48 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 22:48 - 2014-05-30 01:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 22:47 - 2014-06-29 20:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-08 22:47 - 2014-06-29 20:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-08 22:47 - 2014-06-05 09:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 22:47 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 22:47 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 22:47 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 22:47 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 22:47 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 22:47 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 22:47 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-07 22:08 - 2014-07-07 22:08 - 00000000 ____D () C:\Users\Jeff M\Desktop\Old Firefox Data
2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-07 18:25 - 2014-07-07 18:25 - 00036864 _____ () C:\Users\Jeff M\Desktop\Paraquad - REIMBURSEMENT SHEET  blank - SWEP Coaches.xls
2014-07-07 08:07 - 2014-07-07 19:46 - 00000003 _____ () C:\Users\Jeff M\AppData\Local\proxy.log
2014-07-06 15:07 - 2014-07-07 17:41 - 00070144 _____ () C:\Windows\system32\tasks.dll
2014-07-05 03:39 - 2014-07-28 19:26 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 03:38 - 2014-07-05 03:38 - 00001131 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-05 03:38 - 2014-07-05 03:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-05 03:37 - 2014-07-05 03:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-05 03:37 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-05 03:37 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-04 20:56 - 2014-07-08 05:11 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Adobe
2014-07-04 17:43 - 2014-07-07 21:10 - 00000670 __RSH () C:\ProgramData\ntuser.pol
2014-07-04 17:43 - 2014-07-04 17:47 - 00000000 ____D () C:\ProgramData\1a87371232efe5f
2014-07-04 17:42 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-04 17:42 - 2014-07-04 17:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-04 17:42 - 2014-07-04 17:43 - 00000000 ____D () C:\ProgramData\EnergoTech
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Comodo
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-28 16:01 - 2007-04-02 08:27 - 00011056 _____ () C:\Windows\bcm43xx64.cat
2014-06-28 16:01 - 2007-04-02 08:27 - 00011056 _____ () C:\Windows\bcm43xx.cat
2014-06-28 16:01 - 2007-02-12 09:23 - 00034304 _____ () C:\Windows\DrvTool64.exe
2014-06-28 16:01 - 2007-02-12 09:09 - 00032768 _____ () C:\Windows\DrvTool.exe
2014-06-28 16:01 - 2007-02-09 11:31 - 00000520 _____ () C:\Windows\Hardware.ID
2014-06-28 16:01 - 2006-11-28 21:46 - 00027072 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\CBPSp50.sys
2014-06-28 16:01 - 2006-11-14 01:08 - 00640000 _____ (Broadcom Corporation) C:\Windows\bcmwl664.sys
2014-06-28 16:01 - 2006-11-14 01:08 - 00534016 _____ (Broadcom Corporation) C:\Windows\bcmwl6.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 20:01 - 2014-07-21 19:07 - 00000000 ____D () C:\FRST
2014-07-28 19:57 - 2010-01-25 18:16 - 00000000 ____D () C:\Users\Jeff M
2014-07-28 19:42 - 2010-05-21 19:14 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Deployment
2014-07-28 19:26 - 2014-07-05 03:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 19:24 - 2013-11-02 14:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-28 19:08 - 2010-01-31 20:22 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 17:08 - 2010-01-31 20:22 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 16:50 - 2009-07-13 23:34 - 00027424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 16:50 - 2009-07-13 23:34 - 00027424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 16:48 - 2010-01-25 20:15 - 01593855 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 16:42 - 2014-07-17 17:04 - 00000000 ___RD () C:\Users\Jeff M\Dropbox
2014-07-28 16:42 - 2014-07-17 16:18 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Dropbox
2014-07-28 16:41 - 2013-12-26 00:50 - 00010976 _____ () C:\Windows\setupact.log
2014-07-28 16:41 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-27 23:47 - 2010-01-25 18:17 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 23:27 - 2014-07-27 15:51 - 00000000 ____D () C:\Users\Jeff M\Desktop\P U P Removal 2014
2014-07-27 19:17 - 2014-07-27 15:30 - 00000000 ____D () C:\Users\Jeff M\Desktop\Bikini Bridge
2014-07-27 16:58 - 2014-07-27 16:58 - 00000000 ____D () C:\Program Files\ESET
2014-07-27 16:54 - 2014-07-27 16:54 - 02347384 _____ (ESET) C:\Users\Jeff M\Downloads\esetsmartinstaller_enu.exe
2014-07-27 13:54 - 2014-07-27 13:28 - 00000000 ____D () C:\zoek
2014-07-27 13:54 - 2014-07-27 12:48 - 00017979 _____ () C:\zoek-results.log
2014-07-27 13:48 - 2013-12-26 00:49 - 00112036 _____ () C:\Windows\PFRO.log
2014-07-27 13:40 - 2014-07-27 12:44 - 00000000 ____D () C:\zoek_backup
2014-07-27 12:44 - 2014-07-27 13:46 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-27 12:42 - 2014-07-27 12:42 - 01287168 _____ () C:\Users\Jeff M\Desktop\zoek.exe
2014-07-27 12:10 - 2014-07-27 12:09 - 00011616 _____ () C:\Users\Jeff M\Desktop\AdwCleaner[s0].txt
2014-07-27 12:04 - 2014-07-27 12:00 - 00000000 ____D () C:\AdwCleaner
2014-07-27 11:57 - 2014-07-27 11:57 - 01354223 _____ () C:\Users\Jeff M\Desktop\adwcleaner_3.216.exe
2014-07-26 21:04 - 2014-07-26 21:04 - 00000274 _____ () C:\Users\Jeff M\Desktop\Content You Follow - Malwarebytes Forum.URL
2014-07-26 19:13 - 2014-05-18 12:30 - 02664131 _____ () C:\Users\Jeff M\Desktop\A - Jeff's Balance Sheet 5-2-12.xlsx
2014-07-26 19:10 - 2014-07-26 19:10 - 00069628 _____ () C:\Users\Jeff M\Desktop\Fantasy Football 2014.xlsx
2014-07-25 09:47 - 2014-07-17 17:04 - 00001020 _____ () C:\Users\Jeff M\Desktop\Dropbox.lnk
2014-07-25 09:47 - 2014-07-17 16:30 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-24 18:32 - 2010-02-06 13:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 07:25 - 2010-06-04 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 07:04 - 2012-04-29 12:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-23 21:31 - 2014-07-23 21:30 - 00020710 _____ () C:\Users\Jeff M\Downloads\My_Contacts_for_VCard.vcf
2014-07-23 21:29 - 2014-07-23 21:29 - 00023560 _____ () C:\Users\Jeff M\Downloads\My_Contacts_for_Outlook.csv
2014-07-22 21:13 - 2014-07-22 21:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-22 20:01 - 2013-11-02 14:25 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-22 20:01 - 2013-11-02 14:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-21 16:54 - 2013-12-25 23:25 - 00000000 ____D () C:\Users\Jeff M\Desktop\IT Resources
2014-07-21 15:41 - 2014-07-14 20:39 - 00000000 ____D () C:\Users\Jeff M\Desktop\Family Photos
2014-07-17 16:16 - 2014-07-17 16:16 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller(1).exe
2014-07-17 16:16 - 2014-07-17 16:15 - 00323632 _____ (Dropbox, Inc.) C:\Users\Jeff M\Downloads\DropboxInstaller.exe
2014-07-14 20:01 - 2014-07-14 19:58 - 00000000 ____D () C:\Users\Jeff M\Desktop\New Facebook Wall Posts
2014-07-12 14:19 - 2014-06-05 08:40 - 00000000 ____D () C:\Users\Jeff M\Desktop\Yamaha Virago XV535
2014-07-09 16:20 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-07-09 15:15 - 2009-07-13 23:53 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-09 04:01 - 2009-07-13 23:33 - 00347272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:53 - 2014-05-11 09:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 03:53 - 2009-07-14 02:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:37 - 2010-03-31 15:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 03:20 - 2013-08-13 23:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:05 - 2010-01-25 18:54 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 05:11 - 2014-07-04 20:56 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Adobe
2014-07-07 22:08 - 2014-07-07 22:08 - 00000000 ____D () C:\Users\Jeff M\Desktop\Old Firefox Data
2014-07-07 21:18 - 2014-07-07 21:18 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-07 21:10 - 2014-07-04 17:43 - 00000670 __RSH () C:\ProgramData\ntuser.pol
2014-07-07 19:46 - 2014-07-07 08:07 - 00000003 _____ () C:\Users\Jeff M\AppData\Local\proxy.log
2014-07-07 18:25 - 2014-07-07 18:25 - 00036864 _____ () C:\Users\Jeff M\Desktop\Paraquad - REIMBURSEMENT SHEET  blank - SWEP Coaches.xls
2014-07-07 17:41 - 2014-07-06 15:07 - 00070144 _____ () C:\Windows\system32\tasks.dll
2014-07-05 13:09 - 2013-06-29 15:52 - 00000000 ____D () C:\Users\Jeff M\Downloads\Brian Keane
2014-07-05 03:38 - 2014-07-05 03:38 - 00001131 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-05 03:38 - 2014-07-05 03:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-05 03:38 - 2014-07-05 03:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-05 03:38 - 2010-05-19 21:57 - 00000000 ____D () C:\Users\Jeff M\AppData\Roaming\Malwarebytes
2014-07-05 03:37 - 2010-05-19 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 20:24 - 2013-03-17 15:17 - 00000000 ____D () C:\Users\Jeff M\Downloads\Playlists
2014-07-04 17:47 - 2014-07-04 17:43 - 00000000 ____D () C:\ProgramData\1a87371232efe5f
2014-07-04 17:43 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-04 17:43 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-04 17:43 - 2014-07-04 17:42 - 00000000 ____D () C:\ProgramData\EnergoTech
2014-07-04 17:43 - 2010-01-31 20:18 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Google
2014-07-04 17:43 - 2010-01-28 13:38 - 00000000 ____D () C:\Program Files\Google
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Jeff M\AppData\Local\Comodo
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Guest
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-04 17:42 - 2014-07-04 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-04 17:42 - 2009-07-13 21:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-01 19:38 - 2013-08-18 15:40 - 00000000 ____D () C:\Users\Jeff M\Desktop\New folder
2014-07-01 19:38 - 2011-11-03 12:49 - 00000000 ___RD () C:\Users\Jeff M\Desktop\Facebook Images
2014-07-01 19:29 - 2014-04-20 01:58 - 00000000 ____D () C:\Users\Jeff M\Desktop\Desktop Background
2014-07-01 19:18 - 2014-01-01 16:36 - 00000000 ____D () C:\Users\Jeff M\Desktop\Main Profile Pics of Jeff 2
2014-06-29 20:40 - 2014-07-08 22:47 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 20:36 - 2014-07-08 22:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 16:01 - 2010-01-25 23:28 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

Some content of TEMP:
====================
C:\Users\Jeff M\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprpihkj.dll
C:\Users\Jeff M\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 17:12

==================== End Of Log ============================

Link to post
Share on other sites

Post 4 of 4:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-07-2014
Ran by Jeff M at 2014-07-28 20:02:21
Running from C:\Users\Jeff M\Desktop\Virus Scan Tools and Logs\FRST\FRST-OlderVersion
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 8.1.4 - Hewlett-Packard) Hidden
470_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
470_Readme (Version: 1.00.0000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acronis True Image Home (HKLM\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7046 - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKCU\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.15 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASPCA Reminder by We-Care.com v4.1.21.1 (HKLM\...\{A6558E2A-FAF9-4570-AA49-6328D0354517}) (Version: 4.1.21.1 - We-Care.com)
AVS Image Converter 1.1.3.71 (HKLM\...\AVS Image Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
BBSAK (HKLM\...\{E8289E29-F9E1-4F3F-B50E-461529A6DCA7}) (Version: 1.7 - JMT Labs Inc.)
Belarc Advisor 8.3 (HKLM\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.)
BlackBerry App World Browser Plugin (HKLM\...\{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}) (Version: 3.0.1.2 - Research In Motion Limited)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BPDSoftware (Version: 130.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Brother MFL-Pro Suite MFC-7460DN (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Camera Window DS (Version: 5.3.1 - Canon) Hidden
Canon Camera Window DSLR 5 for ZoomBrowser EX (HKLM\...\InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}) (Version: 5.3.1 - Canon)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon PhotoRecord (HKLM\...\{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}) (Version: 02.02.03002 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}) (Version: 2.2 - Canon)
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.12.0.0 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}) (Version: 3.1.16 - Canon)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
D-Link DWA-131 Wireless N Nano USB Adapter (HKLM\...\{D9198056-A296-4583-A790-C0E73694CFE8}) (Version:  - D-Link)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
EOSInfo (HKLM\...\{CC23FF9A-989C-4DEB-8970-50E6E4862315}) (Version: 0.2.0 - astrojargon.net)
Epub2Pdf version 1.40.5 (HKLM\...\{A49328DE-FAB8-41B9-9377-AA65FDE8283C}_is1) (Version: 1.40.5 - Epubor)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Free Video to MP3 Converter version 4.2.20.421 (HKLM\...\Free Video to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Gmail Notifier (HKLM\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version:  - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
H470 (Version: 130.0.000.000 - Hewlett-Packard) Hidden
HandBrake 0.9.9 (HKLM\...\HandBrake) (Version: 0.9.9 - )
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
High-Definition Video Playback 10 (Version: 7.0.11400.29.0 - Nero AG) Hidden
HP OfficeJet H470 (HKLM\...\{2B71BB94-F52C-4EF2-85E8-45E63296EDF2}) (Version: 13.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Linksys Dual Band Wireless-N Notebook Adapter (HKLM\...\{8465C2C2-E744-4895-8A83-1E93B070738B}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.)
Linksys EasyLink Advisor (HKLM\...\Linksys EasyLink Advisor) (Version:  - Linksys By Cisco Systems)
Linksys EasyLink Advisor (Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden
Linksys Wireless-N Notebook Adapter Driver -  WPC300N (HKLM\...\{02AC211F-0026-4D6D-A5D8-429F94C86181}) (Version: 1.10.0416 - Linksys, A Division of Cisco Systems, Inc.)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MessageViewer Pro 3.1.11 (HKCU\...\MessageViewer Pro) (Version: 3.1.11 - Encryptomatic, LLC)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Location Finder (HKLM\...\{9D18F7F8-B984-4249-8512-CC621BC59F12}) (Version: 1.2.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Streets & Trips 2011 (HKLM\...\{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}) (Version: 18.0.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Nero 10 Menu TemplatePack Basic (Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero Control Center 10 (Version: 10.0.12000.1.4 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (Version: 2.0.13700.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.0.10700.9.100 - Nero AG)
Nero DiscCopyGadget 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero Dolby Files 10 (Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero Express 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero MediaHub 10 (HKLM\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero Recode 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero SoundTrax 10 (HKLM\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Vision 10 (HKLM\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero Vision 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero WaveEditor 10 (HKLM\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Network (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Control Panel 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.12561 - NVIDIA Corporation) Hidden
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PhotoStitch (Version: 3.1.16 - Canon) Hidden
Plus Pack for Acronis True Image Home 2010 (HKLM\...\{4C556B5C-8EF7-47B4-AE05-FE71EEB2C25B}) (Version: 13.0.7046 - Acronis)
ProductContext (Version: 130.0.000.000 - Hewlett-Packard) Hidden
Pure Networks Platform (Version: 11.1.9051.0 - Pure Networks) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RAW Image Task 2.2 (Version: 2.2 - Canon) Hidden
Revo Uninstaller 1.87 (HKLM\...\Revo Uninstaller) (Version: 1.87 - VS Revo Group)
Scansoft PDF Professional (Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.1 - IObit)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SnagIt 6 (HKLM\...\SnagIt6) (Version: 6.1 - TechSmith Corporation)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{326787D9-37B9-47A6-B539-EE13E7B04B8B}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{53DBCD97-3FDF-4B60-975B-2596B57482EF}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\BBWebSLLauncher.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\JEFFM~1\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{82D1C283-A637-4A07-B1EC-8C7AE661EAF1}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{CAFCE71A-72F0-41AD-A8A4-4F70CDD72381}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-971228617-1270584449-2651310907-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

09-07-2014 08:01:41 Windows Update
12-07-2014 15:09:06 Windows Update
15-07-2014 22:14:43 Windows Update
17-07-2014 23:02:11 Removed Microsoft Access database engine 2010 (English)
19-07-2014 01:10:13 Windows Update
23-07-2014 00:56:09 Windows Update
24-07-2014 12:23:43 Windows Update
27-07-2014 16:29:39 Removed Secure Download Manager
27-07-2014 17:48:13 zoek.exe restore point
28-07-2014 04:50:09 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2014-07-07 21:10 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {036AFE72-38E7-423C-958C-0BA6F92EFF43} - System32\Tasks\{624015A0-6064-4478-BE78-16D97630780E} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {11091284-5321-4C1C-B882-5E645A04A8A9} - System32\Tasks\{A979F251-9955-4A69-9C95-FB746D514E2D} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {13148F73-4D89-47C1-AC33-47B9E20021DA} - System32\Tasks\{EB2FDF4E-C7A5-4E82-9B15-527B131052AF} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {18ED7E63-C4CB-470F-9A02-914E1EE86EFB} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Task: {198D2B6A-A19C-4893-8712-1EB184F7E0E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {1BC7E7C2-6B54-46E8-BB47-D995CB951551} - \Updater21804.exe No Task File <==== ATTENTION
Task: {24554F0B-BA6C-46BE-9592-09AE4C1644C5} - System32\Tasks\{1F91C1DD-F862-4E3A-9612-60789B4AD8A9} => C:\Program Files\TouchpadPal\TouchpadPal.exe
Task: {2D434D09-CB97-4245-B5E2-DDBB586F6D54} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3C0A29D0-4423-44C5-85ED-DEAEDA5BA6EA} - System32\Tasks\{C81729C5-366A-4531-8E68-696BC5F1D731} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {4EEB5801-B8EC-402B-881D-AA6C9546D9A4} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-03-10] (IObit)
Task: {573E1049-DBDC-4DB6-95C1-089A6D511728} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {71F9E3DB-7604-45E6-915E-AA23014049ED} - System32\Tasks\{A4AA02CD-1633-4C40-BBE0-5C0AD9F705B7} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {813E0829-8EC7-4A23-93F2-6B84CB3B27D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {9BBB17A7-D7BF-4AD6-9781-2491B0F75B1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {B01D6922-3804-42B2-88D2-7C91E127A3B0} - System32\Tasks\EnergoTech Update => C:\ProgramData\EnergoTech\update.exe [2014-07-04] (EnergoTech LLC)
Task: {B673599C-36EB-43D1-BA7D-3E1C4F2AF8C0} - System32\Tasks\{C72C8CCD-CE97-4A64-B922-518492161262} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {BED95BEC-7FC1-4EDC-A458-D92217C3C419} - System32\Tasks\{99F185FB-9172-4EF8-913C-6997613EC37A} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {C751F892-2400-4278-83E2-35B5B7CC011C} - System32\Tasks\GPUP => C:\Program Files\GetPrivate\gpup.exe
Task: {CAAD75CF-DDD1-4B8C-9164-322224819500} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
Task: {CB1E31CE-D6E4-45F2-A945-8CC31536B7E8} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe [2014-03-10] (IObit)
Task: {EF0542D7-ECA9-4EDA-BE14-EC3715FA75C0} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-07-21 21:24 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2014-01-26 12:06 - 2013-08-29 18:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2011-04-24 22:24 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-01-20 22:45 - 2012-09-05 18:55 - 00892288 _____ () C:\Program Files\IObit\Smart Defrag 3\webres.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00148480 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00097280 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2012-06-04 21:28 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2011-06-18 13:40 - 2008-06-26 19:09 - 00167936 _____ () C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe
2010-01-25 23:28 - 2009-07-20 13:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2014-07-28 16:42 - 2014-07-28 16:42 - 00043008 _____ () c:\users\jeffm~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprpihkj.dll
2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\Jeff M\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-04 23:32 - 2014-07-28 16:42 - 00046080 _____ () C:\Users\Jeff M\AppData\Local\Apps\2.0\RW9C72G5.VK3\0C0ATDG0.MHV\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll
2014-07-27 13:56 - 2014-07-27 13:56 - 00541696 _____ () C:\Users\Jeff M\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk => C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup

==================== Faulty Device Manager Devices =============

Name: BDVEDISK
Description: BDVEDISK
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BDVEDISK
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Intel® PRO/Wireless 3945ABG Network Connection
Description: Intel® PRO/Wireless 3945ABG Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: netw5v32
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (07/28/2014 05:16:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/28/2014 05:16:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/28/2014 05:16:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/27/2014 11:47:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (07/27/2014 11:47:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (07/27/2014 09:56:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (07/27/2014 09:56:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (07/27/2014 05:37:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/27/2014 05:37:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/27/2014 05:36:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/28/2014 04:44:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (07/28/2014 04:42:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/28/2014 04:42:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bdfsfltr
PxHelp20

Error: (07/28/2014 04:41:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDVEDISK service failed to start due to the following error:
%%3

Error: (07/28/2014 04:41:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Shield 2010 Virus Shield service failed to start due to the following error:
%%2

Error: (07/27/2014 11:41:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (07/27/2014 11:39:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/27/2014 11:39:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bdfsfltr
PxHelp20

Error: (07/27/2014 11:39:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDVEDISK service failed to start due to the following error:
%%3

Error: (07/27/2014 11:38:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Shield 2010 Virus Shield service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (07/28/2014 05:16:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe

Error: (07/28/2014 05:16:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe

Error: (07/28/2014 05:16:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe

Error: (07/27/2014 11:47:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (07/27/2014 11:47:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (07/27/2014 09:56:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (07/27/2014 09:56:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (07/27/2014 05:37:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe

Error: (07/27/2014 05:37:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe

Error: (07/27/2014 05:36:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe


CodeIntegrity Errors:
===================================
  Date: 2013-11-07 20:35:55.814
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 20:35:55.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 20:35:55.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 20:35:55.243
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 20:35:55.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 20:35:54.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 19:56:42.745
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 19:56:42.552
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 19:56:42.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 19:56:41.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech\SetPoint\lgscroll.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 3581.97 MB
Available physical RAM: 2045.04 MB
Total Pagefile: 7162.23 MB
Available Pagefile: 5404.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:184.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Seagate Expansion 1TB) (Fixed) (Total:931.51 GB) (Free:764.39 GB) NTFS
Drive f: () (Removable) (Total:1.88 GB) (Free:0.85 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 9000D87E)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 472BDCBC)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

Link to post
Share on other sites

Hi,
this is looking good. No active malware or adware has been found. Can you please tell me which problems still persist now? Please post up screenshots.

28-07-2014 04:50:09 Windows Update

Can you please post up the description of this update?

 

Link to post
Share on other sites

Ok, it is getting really bad.  I fixed the screen resolution issue by changing the user settings for the video card.  But here are the issues that seem to be worse since the "fix process".

 

The CPU is constantly running at 100%.

 

My GUESS is that there is a Rootkit issue, or a SVChost.exe problem happening.

 

Attached are some screen shots of my task manager processes.  I'm concerned about the ones called RasMan, TapiSRV, and W32Time..... among several others.  Pics to follow in other posts.

Link to post
Share on other sites

Hi,

 


My GUESS is that there is a Rootkit issue, or a SVChost.exe problem happening.

 

the rootkit scan was enabled...nothing found...

Rootkits: EnabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)

unfortunately I can't find your attachments?

Link to post
Share on other sites
  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.