Jump to content

pup.Optional.SearchNet.A persists after deletion


Recommended Posts

I am running a trail version of Premium Malwarebytes.  Everytime I run a full scan pup.Optional.SearchNet.A shows up and I quarantine and then delete it.  It keeps reappearing.  

 

1) Is it important that I delete it? or can I just leave it in quarantine?

2) if it is important to remove it, how do I do so. 

 

I have pasted First.txt below.  I have attached Addition.txt because the post was too long

 

Thank you, Judy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-08-2014
Ran by Judy (administrator) on JUDY-TOSHIBAP75 on 12-08-2014 09:47:51
Running from C:\Users\Judy\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Two Pilots) C:\Windows\VPDAgent_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Automation Anywhere, Inc.) C:\Program Files (x86)\Automation Anywhere 7.0\AAAutoLoginService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Judy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Automation Anywhere, Inc.) C:\Program Files (x86)\Automation Anywhere 7.0\AutomationEventWatcher.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Judy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\nacl64.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-14] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-06-27] (Siber Systems)
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-07] (Google Inc.)
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\Run: [Google Update] => C:\Users\Judy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-04] (Google Inc.)
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\Run: [0458F608A1E0B32D203BA4233B467E516A7344D4._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 4\StartupManager.exe [37152 2014-04-01] (Glarysoft Ltd)
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\Run: [spotify Web Helper] => C:\Users\Judy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-28] (Spotify Ltd)
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-06-27] (Siber Systems)
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.)
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\MountPoints2: E - E:\TL-Bootstrap.exe
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\MountPoints2: G - G:\TL-Bootstrap.exe
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\MountPoints2: {088f4420-87f7-11e1-b966-b870f4cb12c7} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\MountPoints2: {7241ca75-e7b0-11e1-86c5-b870f4cb12c7} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\MountPoints2: {7241d06a-e7b0-11e1-86c5-b870f4cb12c7} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\MountPoints2: {76f3f2b4-865e-11e1-8d18-b870f4cb12c7} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\MountPoints2: {f0db946a-000e-11e2-9426-b870f4cb12c7} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-2542400236-3638991707-106445637-1000\...\MountPoints2: {f908d650-dc17-11e2-91bd-b870f4cb12c7} - G:\TL-Bootstrap.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Automation Anywhere Event Watcher.lnk
ShortcutTarget: Automation Anywhere Event Watcher.lnk -> C:\Program Files (x86)\Automation Anywhere 7.0\AutomationEventWatcher.exe (Automation Anywhere, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg5.mail.yahoo.com/neo/launch?rdsc=100&rand=2044245720
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\c696bz4j.default-1393803319299
FF Homepage: hxxp://www.judybsails.com/myaccount.asp
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Judy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Judy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Judy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Judy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Judy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\c696bz4j.default-1393803319299\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Judy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Judy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-13]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-10]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-08-01]
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
 
Chrome: 
=======
CHR HomePage: hxxp://www-search.net/?s=E88yobryu02482,fbf8c27d-7e26-4aff-a539-3597c85c1d8a,
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.650.20) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U65) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Judy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Update) - C:\Users\Judy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Judy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Judy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-20]
CHR Extension: (Google Drive) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-20]
CHR Extension: (Search) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-20]
CHR Extension: (Voice In) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkogfbjkfchelfjonefnnenhfgglpnn [2013-06-07]
CHR Extension: (Speech Recognition for Text Inputs) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\heennmclhgoopfpeahknkiammigjllce [2013-06-07]
CHR Extension: (Skype Click to Call) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-20]
CHR Extension: (Google Wallet) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Gmail) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-20]
CHR Extension: (RoboForm) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AAPIPAutologinService; C:\Program Files (x86)\Automation Anywhere 7.0\AAAutoLoginService.exe [72704 2013-08-21] (Automation Anywhere, Inc.) [File not signed]
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S3 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 Agent; C:\windows\VPDAgent_x64.exe [148480 2013-02-04] (Two Pilots) [File not signed]
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-01-07] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2014-01-03] (The Neat Company) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
S3 Usbcaiost; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139352 2013-07-31] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [139352 2013-07-31] (SlySoft, Inc.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-03-31] (Glarysoft Ltd)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [154624 2011-08-04] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S2 MCSTRM; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-08-09] (CACE Technologies, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-12 09:47 - 2014-08-12 09:48 - 00040503 _____ () C:\Users\Judy\Desktop\FRST.txt
2014-08-12 09:47 - 2014-08-12 09:48 - 00000000 ____D () C:\FRST
2014-08-12 09:46 - 2014-08-12 09:47 - 02099712 _____ (Farbar) C:\Users\Judy\Desktop\FRST64.exe
2014-08-10 18:06 - 2014-08-10 18:06 - 00004489 _____ () C:\Users\Judy\Desktop\mybigcommerce-product_options_example.csv
2014-08-09 10:22 - 2014-08-09 10:25 - 00000302 _____ () C:\Users\Judy\Documents\mbam-chameleon-3.1.4.0.zip
2014-08-09 09:52 - 2014-08-12 09:44 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 07:13 - 2014-08-09 07:13 - 00000000 ____D () C:\windows\SysWOW64\Adobe
2014-08-08 12:37 - 2014-08-08 12:37 - 06004615 _____ (Tim Kosse) C:\Users\Judy\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-08 10:12 - 2014-08-09 10:45 - 00000000 ____D () C:\ProgramData\Systweak
2014-08-08 10:12 - 2014-08-08 10:19 - 00000000 ____D () C:\Program Files (x86)\ASP
2014-08-08 10:12 - 2014-08-08 10:12 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Free PDF Solutions
2014-08-08 10:11 - 2014-08-09 10:45 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\systweak
2014-08-08 10:11 - 2014-08-08 10:19 - 00000000 ____D () C:\ProgramData\pastaleads
2014-08-08 10:11 - 2014-08-08 10:19 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-08-08 10:11 - 2014-08-08 10:18 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\System Speedup
2014-08-08 10:10 - 2014-08-08 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
2014-08-08 10:10 - 2014-08-08 10:19 - 00000000 ____D () C:\Program Files (x86)\YouTube Accelerator
2014-08-08 10:10 - 2014-08-08 10:10 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
2014-08-08 08:59 - 2014-08-08 09:04 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-08 08:59 - 2014-08-08 09:00 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-08-08 08:59 - 2014-08-08 08:59 - 00000000 ____D () C:\Users\Judy\AppData\Local\globalUpdate
2014-08-08 08:57 - 2014-08-08 10:19 - 00000000 ____D () C:\Program Files (x86)\GIRDAC PDF to Word Converter
2014-08-08 08:57 - 2014-08-08 08:57 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\GIRDAC
2014-08-08 08:57 - 2014-08-08 08:57 - 00000000 ____D () C:\GIRDAC
2014-08-04 13:30 - 2014-08-04 13:31 - 00262144 _____ () C:\windows\Minidump\080414-37877-01.dmp
2014-08-04 13:30 - 2014-08-04 13:30 - 516785538 _____ () C:\windows\MEMORY.DMP
2014-08-04 13:30 - 2014-08-04 13:30 - 00000000 ____D () C:\windows\Minidump
2014-08-03 23:15 - 2014-08-03 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-03 23:15 - 2014-08-03 23:15 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-31 19:51 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-31 19:51 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-07-31 19:51 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-07-31 19:51 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-31 19:51 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-07-31 19:51 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-07-31 19:51 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-07-31 19:51 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-31 19:51 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-07-31 19:51 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-07-31 19:50 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-07-31 19:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-07-31 19:50 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-07-31 19:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-31 16:37 - 2014-07-31 16:37 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-31 16:35 - 2014-07-31 16:35 - 00244120 _____ () C:\Users\Judy\Downloads\Firefox Setup Stub 31.0.exe
2014-07-30 17:46 - 2014-07-30 17:46 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Oracle
2014-07-30 17:45 - 2014-07-30 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-30 17:45 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-30 17:45 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-07-30 17:45 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-07-30 17:45 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-07-30 17:44 - 2014-07-30 17:45 - 00004489 _____ () C:\windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-28 16:53 - 2014-07-28 16:53 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-07-28 16:53 - 2014-07-28 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-07-17 12:19 - 2014-07-17 12:20 - 00348160 _____ () C:\Users\Judy\Documents\Database10.accdb
2014-07-13 04:47 - 2014-08-04 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-12 09:48 - 2014-08-12 09:47 - 00040503 _____ () C:\Users\Judy\Desktop\FRST.txt
2014-08-12 09:48 - 2014-08-12 09:47 - 00000000 ____D () C:\FRST
2014-08-12 09:47 - 2014-08-12 09:46 - 02099712 _____ (Farbar) C:\Users\Judy\Desktop\FRST64.exe
2014-08-12 09:44 - 2014-08-09 09:52 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 09:43 - 2012-01-07 20:28 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Skype
2014-08-12 09:06 - 2014-01-31 12:23 - 00000556 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2542400236-3638991707-106445637-1000.job
2014-08-12 09:00 - 2012-06-29 01:06 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 08:59 - 2012-01-07 14:08 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 08:49 - 2014-02-08 18:21 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2542400236-3638991707-106445637-1000UA.job
2014-08-12 08:39 - 2012-01-07 13:34 - 02082450 _____ () C:\windows\WindowsUpdate.log
2014-08-12 03:59 - 2012-01-07 14:08 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 02:00 - 2014-06-28 16:49 - 00000000 ____D () C:\Users\Judy\AppData\Local\Adobe
2014-08-11 16:49 - 2014-02-08 18:21 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2542400236-3638991707-106445637-1000Core.job
2014-08-11 10:57 - 2012-01-07 19:41 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-08-10 23:40 - 2013-11-24 10:40 - 00030717 _____ () C:\windows\setupact.log
2014-08-10 23:24 - 2009-07-13 22:13 - 00787552 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-10 18:06 - 2014-08-10 18:06 - 00004489 _____ () C:\Users\Judy\Desktop\mybigcommerce-product_options_example.csv
2014-08-10 12:04 - 2012-01-14 09:16 - 00000000 ____D () C:\Users\Judy\AppData\Local\CrashDumps
2014-08-10 10:13 - 2013-12-03 18:17 - 00000132 _____ () C:\Users\Judy\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-08-09 21:18 - 2012-10-17 09:43 - 00000000 ____D () C:\Users\Judy\Documents\Snagit
2014-08-09 21:15 - 2012-01-07 20:05 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\PrimoPDF
2014-08-09 16:55 - 2009-07-13 21:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 16:55 - 2009-07-13 21:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 16:46 - 2012-01-07 15:55 - 00000000 ___RD () C:\Users\Judy\Dropbox
2014-08-09 16:45 - 2012-01-07 15:54 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Dropbox
2014-08-09 16:44 - 2013-11-24 10:06 - 00000330 _____ () C:\windows\Tasks\GlaryInitialize 4.job
2014-08-09 16:44 - 2012-11-23 21:24 - 00000000 ____D () C:\Users\Judy\AppData\Local\NETGEARGenie
2014-08-09 16:40 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-09 15:29 - 2012-07-09 20:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-09 10:47 - 2014-03-28 10:02 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-09 10:45 - 2014-08-08 10:12 - 00000000 ____D () C:\ProgramData\Systweak
2014-08-09 10:45 - 2014-08-08 10:11 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\systweak
2014-08-09 10:25 - 2014-08-09 10:22 - 00000302 _____ () C:\Users\Judy\Documents\mbam-chameleon-3.1.4.0.zip
2014-08-09 09:54 - 2014-03-28 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-09 09:54 - 2014-03-28 10:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-09 07:13 - 2014-08-09 07:13 - 00000000 ____D () C:\windows\SysWOW64\Adobe
2014-08-09 06:46 - 2012-11-23 21:24 - 00369168 _____ (CACE Technologies, Inc.) C:\windows\system32\wpcap.dll
2014-08-09 06:46 - 2012-11-23 21:24 - 00281104 _____ (CACE Technologies, Inc.) C:\windows\SysWOW64\wpcap.dll
2014-08-09 06:46 - 2012-11-23 21:24 - 00106000 _____ (CACE Technologies, Inc.) C:\windows\system32\packet.dll
2014-08-09 06:46 - 2012-11-23 21:24 - 00096784 _____ (CACE Technologies, Inc.) C:\windows\SysWOW64\packet.dll
2014-08-09 06:46 - 2012-11-23 21:24 - 00035344 _____ (CACE Technologies, Inc.) C:\windows\system32\Drivers\npf.sys
2014-08-09 06:46 - 2012-11-23 21:24 - 00002073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2014-08-08 14:43 - 2012-01-07 20:23 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\FileZilla
2014-08-08 12:37 - 2014-08-08 12:37 - 06004615 _____ (Tim Kosse) C:\Users\Judy\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-08 11:31 - 2012-02-26 18:28 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Nitro PDF
2014-08-08 10:20 - 2012-01-07 14:48 - 00000000 ____D () C:\Users\Judy
2014-08-08 10:19 - 2014-08-08 10:12 - 00000000 ____D () C:\Program Files (x86)\ASP
2014-08-08 10:19 - 2014-08-08 10:11 - 00000000 ____D () C:\ProgramData\pastaleads
2014-08-08 10:19 - 2014-08-08 10:11 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-08-08 10:19 - 2014-08-08 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
2014-08-08 10:19 - 2014-08-08 10:10 - 00000000 ____D () C:\Program Files (x86)\YouTube Accelerator
2014-08-08 10:19 - 2014-08-08 08:57 - 00000000 ____D () C:\Program Files (x86)\GIRDAC PDF to Word Converter
2014-08-08 10:19 - 2014-03-08 15:15 - 00000000 ____D () C:\Users\Admin
2014-08-08 10:19 - 2014-02-15 22:27 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-08 10:19 - 2012-01-07 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-08 10:18 - 2014-08-08 10:11 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\System Speedup
2014-08-08 10:18 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\registration
2014-08-08 10:12 - 2014-08-08 10:12 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Free PDF Solutions
2014-08-08 10:10 - 2014-08-08 10:10 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
2014-08-08 09:04 - 2014-08-08 08:59 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-08 09:00 - 2014-08-08 08:59 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-08-08 08:59 - 2014-08-08 08:59 - 00000000 ____D () C:\Users\Judy\AppData\Local\globalUpdate
2014-08-08 08:57 - 2014-08-08 08:57 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\GIRDAC
2014-08-08 08:57 - 2014-08-08 08:57 - 00000000 ____D () C:\GIRDAC
2014-08-06 09:49 - 2012-01-07 19:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-05 08:20 - 2012-03-21 19:47 - 00000000 ____D () C:\Users\Judy\Documents\Outlook Files
2014-08-04 13:31 - 2014-08-04 13:30 - 00262144 _____ () C:\windows\Minidump\080414-37877-01.dmp
2014-08-04 13:30 - 2014-08-04 13:30 - 516785538 _____ () C:\windows\MEMORY.DMP
2014-08-04 13:30 - 2014-08-04 13:30 - 00000000 ____D () C:\windows\Minidump
2014-08-04 13:30 - 2014-07-13 04:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-04 13:30 - 2014-01-06 11:37 - 00210256 _____ () C:\windows\PFRO.log
2014-08-04 13:30 - 2013-03-06 15:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-03 23:15 - 2014-08-03 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-03 23:15 - 2014-08-03 23:15 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-31 16:37 - 2014-07-31 16:37 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-31 16:37 - 2013-03-06 15:29 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-31 16:35 - 2014-07-31 16:35 - 00244120 _____ () C:\Users\Judy\Downloads\Firefox Setup Stub 31.0.exe
2014-07-30 17:46 - 2014-07-30 17:46 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Oracle
2014-07-30 17:45 - 2014-07-30 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-30 17:45 - 2014-07-30 17:44 - 00004489 _____ () C:\windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-30 17:45 - 2013-10-18 19:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-30 17:45 - 2011-07-27 00:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-29 07:03 - 2013-03-14 03:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-29 07:03 - 2013-03-14 03:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 16:53 - 2014-07-28 16:53 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-07-28 16:53 - 2014-07-28 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-07-25 13:11 - 2014-01-10 20:32 - 00003991 _____ () C:\windows\LkmdfCoInst.log
2014-07-25 13:07 - 2014-01-10 20:32 - 00018960 _____ (Logitech, Inc.) C:\windows\system32\Drivers\LNonPnP.sys
2014-07-24 03:03 - 2013-03-14 03:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 11:43 - 2012-01-07 15:54 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-18 06:53 - 2013-07-11 03:08 - 00000000 ____D () C:\windows\system32\MRT
2014-07-18 06:49 - 2012-01-07 20:44 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-17 12:20 - 2014-07-17 12:19 - 00348160 _____ () C:\Users\Judy\Documents\Database10.accdb
2014-07-15 16:22 - 2013-07-23 15:50 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-13 20:44 - 2014-07-11 21:44 - 00000000 ____D () C:\Users\Judy\Downloads\photos
 
Some content of TEMP:
====================
C:\Users\Judy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4twqn_.dll
C:\Users\Judy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphrjsnr.dll
C:\Users\Judy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 02:07
 
==================== End Of Log ============================

 

 

 

Addition.txt

FRST.txt

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Post the log

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    =======================

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

    Run FRST.exe/FRST64.exe and click Fix only once and wait

    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ======================

    Please download AdwCleaner from HERE or HERE to your desktop.

    • Double click on AdwCleaner.exe to run the tool.

      Vista/Windows 7/8 users right-click and select Run As Administrator

    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next..................

    Next:

    Go to Tools > Clear Browser Data

    Put a check next to all of these:

    • Clear browsing history
    • Clear download history
    • Delete cookies and other site and plug-in data
    • Empty the cache
    Click "Clear Browsing Data"

    -------------------------------

    Next:

    Click the Chrome menu on the browser toolbar.

    Select Settings.

    In the "Search" section, click Manage search engines.

    Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default.

    Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.

    -------------------------------------

    Click the Chrome menu .

    Select Settings.

    In the "On startup" section, select Open a specific page or set of pages.

    Click Set pages. (in blue to the right)

    Remove any unfamiliar pages.

    -----------------------

    Click the Chrome menu .

    Select Settings.

    In the "Appearance" section, if the "Show Home button" checkbox is selected, see if the page listed below is the home page you’d like to use.

    If the page isn't the home page you'd like to use, click Change and select your preferred page.

    -------------------------

    Open up Chrome by clicking on the 3 bars in the upper right hand corner.

    Then in Chrome go to Settings > Under Sign In, go to Google Dashboard > Click on Settings > Click on Stop and Clear left bottom of the page.

    ===================

    Update and run a scan with Malwarebytes.

    If the same infection is detected, run another scan and see if it's clear now.

    Let me now.....MrC

Link to post
Share on other sites

I ran FRST64.exe and I have attached Fixlog.txt . 

I stopped at this point because two unexpected things happened that I want to bring to your attention:

 

1)  I am concerned because the log reports

 

C:\Program Files (x86)\Automation Anywhere 7.0 =>  ":{46006900-4300-5400-6F00-4C0030006F00}" ADS removed successfully.

 

Automation Anywhere 7.0" which is a very important program that I use to run my business.  It automates many of my daily business tasks.

 

2) There was a pop up notification saying that Google had block an attempt to change the search options.  I don't know exactly what it said, because it appeared only for a few seconds and I didn't copy it down.

 

Please advise

 

 

Fixlog.txt

Link to post
Share on other sites

1) I am concerned because the log reports

C:\Program Files (x86)\Automation Anywhere 7.0 => ":{46006900-4300-5400-6F00-4C0030006F00}" ADS removed successfully.

Automation Anywhere 7.0" which is a very important program that I use to run my business. It automates many of my daily business tasks.


No harm was done to the program.

2) There was a pop up notification saying that Google had block an attempt to change the search options. I don't know exactly what it said, because it appeared only for a few seconds and I didn't copy it down.

Continue on with the fix.

MrC

Link to post
Share on other sites

So it's OK now????

If so........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.