Jump to content

Bikiniland Removal. Please Help!


Recommended Posts

Hello and :welcome:

If you've not already done so please start here and post back the 2 log files FRST.txt and Addition.txt

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
Please do the following scan (install the program if you need to):

Download Malwarebytes' Anti-Malware and save it to your Desktop.

If you already got Malwarebytes' Anti-Malware installed on your computer, please go to step 3-A.

Start Malwarebytes' Anti-Malware.
  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).
Link to post
Share on other sites

Hi dbreeze

 

Thank you for responding so quickly!

 

I ran Malwarebytes anti-malware, but didnt check the box to include "scan for rootkits".  You did say to read your instructions carefully ... sorry, I hope that doesnt cause any complications.  Ive included the log for your review and am in the process of re-running the program and will post the new log when completed. 

 

I ran the Fabar Recovery Scan Tool BEFORE I ran the Malwarebytes anti-malware.  Would you like to see the logs from that scan or the logs post-scan?

 

Thanks again for your help!

 

Paul

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/21/2015
Scan Time: 6:30:04 AM
Logfile: Malwarebytes.txt
Administrator: No

Version: 2.00.4.1028
Malware Database: v2015.02.21.03
Rootkit Database: v2015.02.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Paul Rubenstein

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 437597
Time Elapsed: 12 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.OptimizerPro, C:\ProgramData\{998986af-5c84-e28d-9989-986af5c81abd}\OptimizerPro.exe, 1364, , [26f1f82959313204d9dc170d5ba726da]

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{9ca97048-43b1-43e4-b2ce-0f8419984bcc}Gw64, , [b265fa271c6efa3ccf89bdfa0ff4fd03],
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elggllhppljlljkgfeokjpehmdamkejk, , [fb1c78a9cfbb38fef02347dbea1bd828],
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\elggllhppljlljkgfeokjpehmdamkejk, , [1dfa101151393ff7987bba68798cd22e],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{4ef60154}, , [27f067ba6723b18506701d9fe1221ce4],
PUP.Optional.FollowRules.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Follow Rules, , [be5931f05b2ffc3a07ee98ffba49f20e],
PUP.Optional.Binkiland.A, HKU\S-1-5-21-1621979730-2415421749-3395902806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Binkiland Browser, , [52c562bfd6b453e3a771d15159ac04fc],
PUP.Optional.Binkiland.A, HKU\S-1-5-21-1621979730-2415421749-3395902806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elggllhppljlljkgfeokjpehmdamkejk, , [02153ae75c2ebb7b987cee34f21327d9],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1621979730-2415421749-3395902806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [6daa70b14e3cf04661d31ec2f11215eb],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1621979730-2415421749-3395902806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [59be7ca52763e74fbc5aa353fa0a46ba],

Registry Values: 3
PUP.Optional.Binkiland, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Binkiland, , [f81f73aeb7d373c39b8054cea65fb14f]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1621979730-2415421749-3395902806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, , [59be7ca52763e74fbc5aa353fa0a46ba]
PUP.Optional.Binkiland, HKU\S-1-5-21-1621979730-2415421749-3395902806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Binkiland, , [9582f1303258be7872aaca584fb6d729]

Registry Data: 8
PUP.Optional.Safesear.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20150220-170-ff-sm, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20150220-170-ff-sm),,[2ceb6db4afdb191dd7515f6b768ff10f]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20150220-170-ie-sm, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20150220-170-ie-sm),,[a572958c02880b2b5dcc18b25da8649c]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20150220-170-ff-sm, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20150220-170-ff-sm),,[ca4d49d8b6d41125d85023a7b352c739]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20150220-170-ie-sm, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20150220-170-ie-sm),,[21f6e140880289adaa7f1fab17eee31d]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.safesear.ch/?type=20150220-170-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20150220-170-ie),,[bd5afd2404863df9190706c451b46d93]
PUP.Optional.SafeSear.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.safesear.ch/?type=20150220-170-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20150220-170-ie),,[56c1f1308703d26445e5843bdd28ee12]
PUP.Optional.Safesear.A, HKU\S-1-5-21-1621979730-2415421749-3395902806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.safesear.ch/?type=20150220-170-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20150220-170-ie),,[051259c8b1d95bdb948d4684897c8977]
PUP.Optional.Safesear.A, HKU\S-1-5-21-1621979730-2415421749-3395902806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://www.safesear.ch/web/?type=20150220-170-sshome-ie-df&q={searchTerms}, Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20150220-170-sshome-ie-df&q={searchTerms}),,[7b9c26fb4842e74f48dfc505fc0957a9]

Folders: 3
PUP.Optional.FollowRules.A, C:\Users\Paul Rubenstein\AppData\Local\Temp\Follow Rules, , [48cf68b9503ab086e45e1c75b0532cd4],
PUP.Optional.Binkiland.A, C:\Users\Paul Rubenstein\AppData\Roaming\Binkiland, , [ae6969b8078326105d76f1a08b78e21e],
PUP.Optional.Binkiland.A, C:\Users\Paul Rubenstein\AppData\Roaming\Binkiland\UpdateProc, , [ae6969b8078326105d76f1a08b78e21e],

Files: 13
PUP.Optional.OptimizerPro, C:\ProgramData\{998986af-5c84-e28d-9989-986af5c81abd}\OptimizerPro.exe, , [26f1f82959313204d9dc170d5ba726da],
PUP.Optional.Conduit.A, C:\Users\Paul Rubenstein\AppData\Local\Temp\sp-downloader.exe, , [ce49a97814769b9b8c78c28325dc28d8],
PUP.Optional.IBryte, C:\Users\Paul Rubenstein\AppData\Local\Temp\椴ç?¶å??佦ã?汧Q&cancè??å?½æ?à ?Ä?.exe(ï¿?OLè?¨ç?¼æ?, , [9681021f0a80e056768bac4440c1fd03],
PUP.Optional.OutBrowse, C:\Users\Paul Rubenstein\Downloads\Installation.exe, , [c94e34ed4f3b0333fc535ea406fdcb35],
PUP.Optional.OptimunInstaller, C:\Users\Paul Rubenstein\Downloads\fl_setup.exe, , [f91e0e13701a4aece23144066a9637c9],
PUP.Optional.NSManager.A, C:\Users\Paul Rubenstein\AppData\Local\NSManager\manager.exe, , [918639e8890168cef093009c09fa926e],
PUP.Optional.AZLyrics.A, C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, , [df38ec352664290d736a851b02010cf4],
PUP.Optional.AZLyrics.A, C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, , [2fe83ce5acde9b9bad30cad6669df808],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{9ca97048-43b1-43e4-b2ce-0f8419984bcc}Gw64.sys, , [b265fa271c6efa3ccf89bdfa0ff4fd03],
PUP.Optional.Binkiland.A, C:\Users\Paul Rubenstein\AppData\Roaming\Binkiland\UpdateProc\info.dat, , [ae6969b8078326105d76f1a08b78e21e],
PUP.Optional.Conduit, C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "suggest_url": "http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}",), ,[a17658c9e5a59d99e74b49bc35d129d7]
PUP.Optional.Binkiland.A, C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage":"http://binkiland.com/?f=1&a=bnk_adkpub_15_08&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztByEzz0E0ByB0F0BtAzy0AtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtD0C0B0C0B0E0FtGyDtCyEyDtGtB0A0FtCtGtA0F0B0DtGtA0DtC0EtCtCtA0DyDzz0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtCtAtBtB0D0AtGyEtDtCtBtGyEyCtCtAtGzzyCtBtAtG0D0ByCzy0A0E0BtB0CtD0Ezz2Q&cr=189293737&ir=",), ,[33e4b26f1377ab8b2b1f20e84cbaa15f]
PUP.Optional.Binkiland.A, C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls":["http://binkiland.com/?f=7&a=bnk_adkpub_15_08&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztByEzz0E0ByB0F0BtAzy0AtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtD0C0B0C0B0E0FtGyDtCyEyDtGtB0A0FtCtGtA0F0B0DtGtA0DtC0EtCtCtA0DyDzz0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtCtAtBtB0D0AtGyEtDtCtBtGyEyCtCtAtGzzyCtBtAtG0D0ByCzy0A0E0BtB0CtD0Ezz2Q&cr=189293737&ir=]), ,[ab6c64bd503a1b1b4c0016f2a4626a96]

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

dbreeze

 

Here is the Malwarebytes log after I ran the program

 

Thanks again

 

Paul

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/21/2015
Scan Time: 7:00:54 AM
Logfile: Malwarebyte II.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.21.04
Rootkit Database: v2015.02.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Paul Rubenstein

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 648636
Time Elapsed: 2 hr, 12 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

dbreeze

 

I ran the Farbar Recovery Scan Tool AFTER running the Malwarebytes anti-malware tool.  Here are the FRST and Addition txt files.  I have the originals if you would like to see those.

 

Thanks!

 

Paul

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Paul Rubenstein (administrator) on PAULRUBENSTEIN on 21-02-2015 09:52:46
Running from C:\Users\Paul Rubenstein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JH5V81E6
Loaded Profiles: Paul Rubenstein (Available profiles: Paul Rubenstein & UpdatusUser & Mom)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Ericsson AB) C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Google Inc.) C:\Users\Paul Rubenstein\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Paul Rubenstein\AppData\Local\Autobahn\nexdef.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [137088 2012-10-11] (Memeo Inc.)
HKLM-x32\...\Run: [seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79776 2012-10-15] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\Run: [Google Update] => C:\Users\Paul Rubenstein\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-25] (Google Inc.)
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\Run: [skyDrive] => C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\Run: [MusicManager] => C:\Users\Paul Rubenstein\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\MountPoints2: {353f17ed-65a6-11e2-b919-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Paul Rubenstein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Paul Rubenstein\AppData\Local\Autobahn\nexdef.exe ()
Startup: C:\Users\Paul Rubenstein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Paul Rubenstein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk
ShortcutTarget: OptimizerPro.lnk -> C:\ProgramData\{998986af-5c84-e28d-9989-986af5c81abd}\OptimizerPro.exe (No File)
Startup: C:\Users\Paul Rubenstein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20150220-170-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20150220-170-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.safesear.ch/web/?type=20150220-170-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_adkpub_15_08&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztByEzz0E0ByB0F0BtAzy0AtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtD0C0B0C0B0E0FtGyDtCyEyDtGtB0A0FtCtGtA0F0B0DtGtA0DtC0EtCtCtA0DyDzz0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtCtAtBtB0D0AtGyEtDtCtBtGyEyCtCtAtGzzyCtBtAtG0D0ByCzy0A0E0BtB0CtD0Ezz2Q&cr=189293737&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_adkpub_15_08&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztByEzz0E0ByB0F0BtAzy0AtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtD0C0B0C0B0E0FtGyDtCyEyDtGtB0A0FtCtGtA0F0B0DtGtA0DtC0EtCtCtA0DyDzz0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtCtAtBtB0D0AtGyEtDtCtBtGyEyCtCtAtGzzyCtBtAtG0D0ByCzy0A0E0BtB0CtD0Ezz2Q&cr=189293737&ir=
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.safesear.ch/web/?type=20150220-170-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.safesear.ch/web/?type=20150220-170-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_adkpub_15_08&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztByEzz0E0ByB0F0BtAzy0AtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtD0C0B0C0B0E0FtGyDtCyEyDtGtB0A0FtCtGtA0F0B0DtGtA0DtC0EtCtCtA0DyDzz0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtCtAtBtB0D0AtGyEtDtCtBtGyEyCtCtAtGzzyCtBtAtG0D0ByCzy0A0E0BtB0CtD0Ezz2Q&cr=189293737&ir=
SearchScopes: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_adkpub_15_08&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztByEzz0E0ByB0F0BtAzy0AtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtD0C0B0C0B0E0FtGyDtCyEyDtGtB0A0FtCtGtA0F0B0DtGtA0DtC0EtCtCtA0DyDzz0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtCtAtBtB0D0AtGyEtDtCtBtGyEyCtCtAtGzzyCtBtAtG0D0ByCzy0A0E0BtB0CtD0Ezz2Q&cr=189293737&ir=
SearchScopes: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1621979730-2415421749-3395902806-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Paul Rubenstein\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1621979730-2415421749-3395902806-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Paul Rubenstein\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 6282496\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - 1\extensions\{jid1-vS7biDmom8YxhA@jetpack}
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-24]
CHR Extension: (Google Drive) - C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-24]
CHR Extension: (Google Search) - C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-24]
CHR Extension: (Skype Click to Call) - C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-27]
CHR Extension: (Google Wallet) - C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-24]
CHR HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - No Path
CHR HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\Chrome\Extension: [joefoganpblmedgjeigepgjfikhhdnnj] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - No Path
CHR HKLM-x32\...\Chrome\Extension: [joefoganpblmedgjeigepgjfikhhdnnj] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome.EOHSYXVV2RL72HLTRBPSA3CKUU - C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-09-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2006-11-09] (Intuit Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [463912 2010-08-18] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-10-08] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 09:47 - 2015-02-21 09:47 - 00001080 _____ () C:\Users\Paul Rubenstein\Desktop\Malwarebyte II.txt
2015-02-21 06:45 - 2015-02-21 06:45 - 00009144 _____ () C:\Users\Paul Rubenstein\Desktop\Malwarebytes.txt
2015-02-21 06:29 - 2015-02-21 07:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 06:29 - 2015-02-21 06:29 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-21 06:29 - 2015-02-21 06:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-21 06:29 - 2015-02-21 06:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-21 06:29 - 2015-02-21 06:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-21 06:29 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-21 06:29 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-21 06:29 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-20 18:47 - 2015-02-20 18:47 - 00056160 _____ () C:\Users\Paul Rubenstein\Desktop\FRST old.txt
2015-02-20 18:46 - 2015-02-20 18:46 - 00034051 _____ () C:\Users\Paul Rubenstein\Desktop\Addition old.txt
2015-02-20 18:39 - 2015-02-21 09:52 - 00000000 ____D () C:\FRST
2015-02-20 16:47 - 2015-02-20 16:47 - 00000000 ____D () C:\ProgramData\11d596f600007253
2015-02-20 16:19 - 2015-02-20 16:19 - 00000000 ____D () C:\Users\Paul Rubenstein\Documents\Optimizer Pro
2015-02-20 16:17 - 2015-02-20 16:17 - 00000000 ____D () C:\Users\Paul Rubenstein\AppData\Roaming\java
2015-02-20 16:15 - 2015-02-20 16:15 - 00000000 ____D () C:\Users\Paul Rubenstein\Downloads\runtime
2015-02-20 16:14 - 2015-02-20 16:17 - 00000000 ____D () C:\Users\Paul Rubenstein\Downloads\game
2015-02-20 16:13 - 2015-02-21 06:46 - 00000000 ____D () C:\ProgramData\{998986af-5c84-e28d-9989-986af5c81abd}
2015-02-20 16:13 - 2015-02-20 16:17 - 00000000 ____D () C:\Users\Paul Rubenstein\AppData\Local\427305614
2015-02-20 16:13 - 2015-02-20 16:13 - 00000000 ____D () C:\Users\Paul Rubenstein\AppData\Local\IsolatedStorage
2015-02-20 16:12 - 2015-02-20 16:12 - 01294088 _____ (Mojang) C:\Users\Paul Rubenstein\Downloads\Minecraft.exe
2015-02-20 16:12 - 2015-02-20 16:12 - 00695616 _____ (Generic program ) C:\Users\Paul Rubenstein\Downloads\minecraftsetup.exe
2015-02-20 15:53 - 2015-02-21 06:46 - 00000000 ____D () C:\Users\Paul Rubenstein\AppData\Local\NSManager
2015-02-20 15:53 - 2015-02-20 16:23 - 00000000 ____D () C:\Users\Paul Rubenstein\AppData\Roaming\.minecraft
2015-02-20 15:53 - 2015-02-20 15:53 - 00003306 _____ () C:\Windows\System32\Tasks\NSManager_1424491899
2015-02-20 15:53 - 2015-02-20 15:53 - 00000000 ____D () C:\Windows\System32\Tasks\Component System
2015-02-20 15:53 - 2015-02-20 15:53 - 00000000 ____D () C:\Users\Paul Rubenstein\AppData\Local\Component
2015-02-20 15:53 - 2015-02-20 15:53 - 00000000 ____D () C:\ProgramData\Npackd
2015-02-20 15:52 - 2015-02-20 15:53 - 00000258 __RSH () C:\Users\Paul Rubenstein\ntuser.pol
2015-02-20 15:51 - 2015-02-20 15:56 - 00000000 ____D () C:\Users\Paul Rubenstein\AppData\Local\Fast Browser
2015-02-20 15:50 - 2015-02-20 15:50 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-02-19 13:52 - 2015-02-19 13:52 - 00061062 _____ () C:\Users\Paul Rubenstein\Downloads\Property List- Tryko Partners- Cell Tower.xlsx
2015-02-13 19:10 - 2015-02-13 19:10 - 00176011 _____ () C:\Users\Paul Rubenstein\Downloads\winmail (1).dat
2015-02-13 19:08 - 2015-02-13 19:08 - 00176155 _____ () C:\Users\Paul Rubenstein\Downloads\ATA - Winfield Ave, Scranton Monopole Site.zip
2015-02-13 19:08 - 2015-02-13 19:08 - 00176035 _____ () C:\Users\Paul Rubenstein\Downloads\winmail.dat
2015-02-12 10:27 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 10:27 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 10:27 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 10:27 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 18:54 - 2015-02-11 18:54 - 03190892 _____ () C:\Users\Paul Rubenstein\Downloads\Attachments_2015211.zip
2015-02-11 03:10 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 03:10 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 03:10 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 03:10 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 03:10 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 03:10 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 03:10 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 03:10 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 03:10 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 03:10 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 03:10 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 03:10 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 03:10 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 03:10 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 03:10 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 03:10 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 03:10 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 03:10 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 03:10 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 03:10 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 03:10 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 03:10 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 03:09 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 03:09 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 03:09 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 03:09 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 03:09 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 03:09 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 03:09 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 03:09 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 03:09 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 03:09 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 03:09 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 03:09 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 03:09 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 03:09 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 03:09 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 03:09 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 03:09 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 03:09 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 03:09 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 03:09 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 03:09 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 03:09 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 03:09 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 03:09 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 03:09 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 03:09 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 03:09 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 03:09 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 03:09 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 03:09 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 03:09 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 03:09 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 03:09 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 03:09 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 03:09 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 03:09 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 03:09 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 03:09 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 03:09 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 03:09 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 03:09 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 03:09 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 03:09 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 03:09 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 03:09 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 03:09 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 03:09 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 03:09 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 03:09 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 03:09 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 03:09 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 03:09 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 03:09 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 03:09 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 03:09 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 03:09 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 03:09 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 03:09 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 03:09 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 03:09 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 03:09 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 03:09 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 03:09 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 03:09 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 03:09 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 03:09 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 03:09 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 03:09 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 03:09 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 03:09 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 03:09 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 03:09 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 03:09 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 03:09 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 03:09 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 03:09 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 03:09 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 03:09 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 03:08 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 03:08 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 03:08 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 03:08 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 03:08 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 03:08 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 03:08 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 03:08 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 03:08 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 03:08 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 03:08 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 03:08 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 03:08 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 03:08 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 03:07 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-09 16:06 - 2015-02-09 16:06 - 00009468 _____ () C:\Users\Paul Rubenstein\Downloads\AIR_4_DEN_PIT.ics
2015-02-09 16:00 - 2015-02-09 16:00 - 00011376 _____ () C:\Users\Paul Rubenstein\Downloads\AIR_1_PIT_IAH (3).ics
2015-02-09 15:59 - 2015-02-09 15:59 - 00011376 _____ () C:\Users\Paul Rubenstein\Downloads\AIR_1_PIT_IAH (2).ics
2015-02-09 15:55 - 2015-02-09 15:55 - 00011376 _____ () C:\Users\Paul Rubenstein\Downloads\AIR_1_PIT_IAH (1).ics
2015-02-09 15:47 - 2015-02-09 15:47 - 00011376 _____ () C:\Users\Paul Rubenstein\Downloads\AIR_1_PIT_IAH.ics
2015-02-08 17:50 - 2015-02-08 17:51 - 43860658 _____ () C:\Users\Paul Rubenstein\Desktop\Gran and Bup 50th.mp4
2015-02-08 17:48 - 2015-02-08 17:48 - 58559425 _____ () C:\Users\Paul Rubenstein\Desktop\2014 Year in Review Video.mp4
2015-02-06 18:01 - 2015-02-06 18:01 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-06 14:58 - 2015-02-06 15:08 - 00000000 ____D () C:\Users\Paul Rubenstein\Desktop\SILKYPIX_DS
2015-02-05 05:16 - 2015-02-05 05:16 - 00031549 _____ () C:\Users\Paul Rubenstein\Downloads\Matthew Smith.vcf
2015-01-25 20:43 - 2015-01-25 20:43 - 00000000 ____D () C:\Users\Paul Rubenstein\Documents\Broker Summit

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 09:52 - 2013-01-24 21:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 09:27 - 2013-01-23 14:23 - 01655294 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 09:17 - 2013-12-25 11:50 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1621979730-2415421749-3395902806-1000UA.job
2015-02-21 09:01 - 2013-01-24 11:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-21 07:04 - 2009-07-14 00:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-21 06:59 - 2014-12-20 06:28 - 00005038 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PaulRubenstein-Paul Rubenstein PaulRubenstein
2015-02-21 06:54 - 2009-07-13 23:45 - 00022656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-21 06:54 - 2009-07-13 23:45 - 00022656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-21 06:49 - 2014-12-01 19:23 - 00000000 ___RD () C:\Users\Paul Rubenstein\iCloudDrive
2015-02-21 06:49 - 2014-04-09 08:10 - 00000000 ___RD () C:\Users\Paul Rubenstein\OneDrive
2015-02-21 06:48 - 2013-01-24 21:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 06:47 - 2013-01-23 15:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-21 06:47 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 06:47 - 2009-07-13 23:51 - 00071834 _____ () C:\Windows\setupact.log
2015-02-21 06:46 - 2013-01-24 12:00 - 00904640 _____ () C:\Windows\PFRO.log
2015-02-21 06:12 - 2013-01-24 08:47 - 00003990 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{987FC150-9CC3-4EBA-A13D-4D28FD8F24F0}
2015-02-20 20:17 - 2013-12-25 11:50 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1621979730-2415421749-3395902806-1000Core.job
2015-02-20 17:10 - 2014-05-11 12:51 - 00000000 ____D () C:\Users\Paul Rubenstein\AppData\Roaming\Skype
2015-02-20 16:15 - 2009-07-13 21:34 - 00000580 _____ () C:\Windows\win.ini
2015-02-20 15:53 - 2013-01-23 14:23 - 00000000 ____D () C:\Users\Paul Rubenstein
2015-02-20 15:50 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-20 15:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-02-19 05:50 - 2014-06-08 09:20 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 05:50 - 2014-06-08 09:20 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 05:49 - 2014-06-08 09:20 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-02-19 05:49 - 2014-06-08 09:20 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-02-19 05:49 - 2014-06-08 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-19 05:49 - 2014-06-08 09:20 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-18 18:15 - 2013-08-22 07:28 - 00028160 _____ () C:\Users\Paul Rubenstein\Documents\POKER NIGHT GROUP.xls
2015-02-18 12:18 - 2014-02-01 22:21 - 00000000 ____D () C:\Users\Paul Rubenstein\Documents\Outlook Files
2015-02-18 12:18 - 2013-01-24 09:15 - 00000000 ____D () C:\Users\Paul Rubenstein\Documents\ATA - LLC
2015-02-18 10:21 - 2014-12-01 19:23 - 00000000 ____D () C:\Users\Paul Rubenstein\AppData\Local\F57ACA57-5C69-4856-9E58-6E05DBBFFCBB.aplzod
2015-02-17 21:15 - 2013-01-24 09:14 - 00000000 ____D () C:\Users\Paul Rubenstein\Documents\NLC Corp
2015-02-13 13:20 - 2015-01-02 09:50 - 00000000 ____D () C:\Users\Paul Rubenstein\Documents\IRS 2013
2015-02-13 09:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 08:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-12 05:47 - 2009-07-13 23:45 - 00446256 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 05:45 - 2014-12-10 18:08 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 05:45 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 05:39 - 2013-01-24 18:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 05:36 - 2013-01-24 11:47 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 05:36 - 2013-01-24 11:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-12 05:36 - 2013-01-24 11:47 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 05:36 - 2013-01-24 11:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-12 05:35 - 2013-08-02 20:53 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 05:21 - 2013-01-24 12:21 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-08 17:51 - 2014-10-15 16:15 - 00094720 ___SH () C:\Users\Paul Rubenstein\Downloads\Thumbs.db
2015-02-08 10:24 - 2014-08-20 17:36 - 00000000 ____D () C:\Users\Paul Rubenstein\Documents\Ella Homework
2015-02-06 22:47 - 2013-01-24 21:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 22:47 - 2013-01-24 21:21 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 18:01 - 2013-01-24 11:44 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 18:01 - 2013-01-24 11:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 18:01 - 2013-01-24 11:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 06:25 - 2013-06-23 09:51 - 00000000 ____D () C:\Users\Paul Rubenstein\Documents\McMahon Financial
2015-02-04 20:12 - 2013-12-25 11:50 - 00003938 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1621979730-2415421749-3395902806-1000UA
2015-02-04 20:12 - 2013-12-25 11:50 - 00003542 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1621979730-2415421749-3395902806-1000Core
2015-02-02 12:20 - 2013-01-24 09:15 - 00000000 ____D () C:\Users\Paul Rubenstein\Documents\Resume

==================== Files in the root of some directories =======

2013-03-14 05:50 - 2013-03-14 05:50 - 0000103 _____ () C:\Users\Paul Rubenstein\AppData\Local\fusioncache.dat

Some content of TEMP:
====================
C:\Users\Mom\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\lkp6vnwf.dll
C:\Users\Paul Rubenstein\AppData\Local\Temp\optprosetup.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\ose00000.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\sumvynpc.dll
C:\Users\Paul Rubenstein\AppData\Local\Temp\uozqqyso.dll
C:\Users\Paul Rubenstein\AppData\Local\Temp\wp-adinject-adk.211.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\{DE246EA4-F566-40F6-8B1C-F344C7B7D88E}-GoogleUpdateSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 09:33

==================== End Of Log ============================

 

 

 

 

 

Addition TXT Log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Paul Rubenstein at 2015-02-21 09:53:33
Running from C:\Users\Paul Rubenstein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JH5V81E6
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon SELPHY ES30 (HKLM\...\Canon SELPHY ES30) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Wireless HSPA Mini-Card Drivers (HKLM-x32\...\{9D583F01-A973-4B04-90BD-FB7886779090}) (Version: 6.1.26.6 - Dell)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 520 Series Printer Uninstall (HKLM\...\EPSON WorkForce 520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin POI Loader (HKLM-x32\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7955 - Memeo Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\MusicManager) (Version:  - Google, Inc.)
NVIDIA 3D Vision Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
QuickBooks Pro 2007 (HKLM-x32\...\{7E545666-F422-45FD-B3DF-C0B99A1A579F}) (Version:  - )
QuickBooks Product Listing Service (HKLM-x32\...\{55584E16-4D70-44EE-93DD-F144E8B7D4B7}) (Version: 2.0.126 - Intuit)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1554 - Memeo Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SILKYPIX Developer Studio 3.0 LE (HKLM-x32\...\InstallShield_{7F3487F5-E4FA-4A28-8196-6C9F785BC638}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.0 LE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

16-02-2015 09:02:31 Windows Update
19-02-2015 05:48:42 Garmin Express
19-02-2015 05:50:42 Garmin Express
19-02-2015 16:49:26 Windows Update
20-02-2015 15:52:59 Installed NpackdCL
20-02-2015 16:44:13 Removed NpackdCL

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A5E946C-4CBC-414C-AF0A-12166E1330B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {15DDE349-8F0E-4C7E-8263-2C5A4C8E7598} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {33FB2FC1-27FA-45B7-B6AF-CF1457B0C3C0} - System32\Tasks\Component System\Component => C:\Users\Paul Rubenstein\AppData\Local\Component\com.exe [2015-02-20] ()
Task: {57C3785C-6A37-4CF7-A09A-6B5E50692254} - System32\Tasks\NSManager_1424491899 => C:\Users\Paul Rubenstein\AppData\Local\NSManager\manager.exe
Task: {606CE7E8-0086-4BC2-B3E7-A41F0C9E6E16} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {62A4072E-997A-4FCB-AB0F-4B316A262034} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {934D0440-4DCF-4C2D-938E-F55719246BA6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1621979730-2415421749-3395902806-1000Core => C:\Users\Paul Rubenstein\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-25] (Google Inc.)
Task: {94BE0A59-2BD8-462A-A7B4-FB7B2F97175A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9E2A7839-8737-459A-965F-34B6627D382F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PaulRubenstein-Paul Rubenstein PaulRubenstein => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-12-20] (Microsoft Corporation)
Task: {A25076E8-D1F7-46A4-8EE1-FB3CB0908ABA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1621979730-2415421749-3395902806-1000UA => C:\Users\Paul Rubenstein\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-25] (Google Inc.)
Task: {B28C0C30-9AAD-46C6-A3E9-A20C680824D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-24] (Google Inc.)
Task: {C3CF8EB8-9151-480D-9D9B-8453B4AD8BAE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {CFDD4B77-4747-47F4-98E5-ED151D51A458} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1621979730-2415421749-3395902806-1000Core.job => C:\Users\Paul Rubenstein\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1621979730-2415421749-3395902806-1000UA.job => C:\Users\Paul Rubenstein\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-01-24 09:00 - 2012-10-02 14:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-20 06:23 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-12-20 06:26 - 2014-12-20 06:26 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-01-23 14:55 - 2010-11-29 04:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-24 09:11 - 2010-12-17 10:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2013-03-14 09:47 - 2013-03-14 09:47 - 15500800 _____ () C:\Users\Paul Rubenstein\AppData\Local\Autobahn\nexdef.exe
2012-10-11 18:24 - 2012-10-11 18:24 - 00325504 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-23 14:42 - 2010-02-17 12:20 - 00065576 ____R () C:\Program Files (x86)\Dell\Dell WWAN\WMCore\MBMDebug.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-09-25 04:05 - 2014-09-25 04:05 - 00081056 _____ () C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 10683392 _____ () C:\Users\Paul Rubenstein\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 07741952 _____ () C:\Users\Paul Rubenstein\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 02248192 _____ () C:\Users\Paul Rubenstein\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 01681408 _____ () C:\Users\Paul Rubenstein\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-11-13 13:57 - 2014-11-13 13:57 - 00117248 _____ () C:\Users\Paul Rubenstein\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-11-13 13:57 - 2014-11-13 13:57 - 00231936 _____ () C:\Users\Paul Rubenstein\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-11-13 13:57 - 2014-11-13 13:57 - 00253440 _____ () C:\Users\Paul Rubenstein\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-11-13 13:57 - 2014-11-13 13:57 - 00344064 _____ () C:\Users\Paul Rubenstein\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 00026624 _____ () C:\Users\Paul Rubenstein\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00020480 _____ () C:\Users\Paul Rubenstein\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00069632 _____ () C:\Users\Paul Rubenstein\AppData\Local\Autobahn\rt\bin\java.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00126976 _____ () C:\Users\Paul Rubenstein\AppData\Local\Autobahn\rt\bin\zip.dll
2013-03-14 09:47 - 2013-03-14 09:47 - 00159744 _____ () C:\Users\Paul Rubenstein\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
2014-12-20 06:23 - 2014-12-20 06:23 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-10-15 00:41 - 2012-10-15 00:41 - 00108960 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
2012-10-15 00:46 - 2012-10-15 00:46 - 00031648 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2012-10-01 13:18 - 2012-10-01 13:18 - 00015360 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.TroubleshootingPlugin.dll
2012-10-01 13:18 - 2012-10-01 13:18 - 00014848 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.VideoTutorialsPlugin.dll
2012-10-11 18:24 - 2012-10-11 18:24 - 02897280 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2012-10-11 18:24 - 2012-10-11 18:24 - 00028032 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-03-22 17:59 - 2010-03-22 17:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL
2010-03-22 17:57 - 2010-03-22 17:57 - 00178176 _____ () C:\Program Files (x86)\Common Files\Memeo\ProfMan.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-12-20 06:24 - 2014-12-20 06:26 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2010-04-20 12:22 - 2010-04-20 12:22 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2010-04-20 12:22 - 2010-04-20 12:22 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
2014-10-17 02:49 - 2014-10-17 02:49 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2013-01-24 08:51 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Paul Rubenstein\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-1621979730-2415421749-3395902806-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1621979730-2415421749-3395902806-1006 - Limited - Enabled)
Guest (S-1-5-21-1621979730-2415421749-3395902806-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1621979730-2415421749-3395902806-1004 - Limited - Enabled)
Mom (S-1-5-21-1621979730-2415421749-3395902806-1002 - Administrator - Enabled) => C:\Users\Mom
Paul Rubenstein (S-1-5-21-1621979730-2415421749-3395902806-1000 - Administrator - Enabled) => C:\Users\Paul Rubenstein
UpdatusUser (S-1-5-21-1621979730-2415421749-3395902806-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2015 09:27:54 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (02/21/2015 06:48:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/21/2015 06:48:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/20/2015 05:44:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/20/2015 05:44:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/20/2015 04:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 51714

Error: (02/20/2015 04:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 51714

Error: (02/20/2015 04:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/20/2015 04:34:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2075

Error: (02/20/2015 04:34:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2075

System errors:
=============
Error: (02/21/2015 06:49:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (02/21/2015 06:49:35 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/20/2015 05:46:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (02/20/2015 05:46:37 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/20/2015 05:44:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Follow Rules service failed to start due to the following error:
%%2

Error: (02/20/2015 04:48:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Follow Rules service failed to start due to the following error:
%%2

Error: (02/20/2015 04:48:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update Follow Rules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (02/20/2015 04:48:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Util Follow Rules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (02/20/2015 00:56:31 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (02/19/2015 05:49:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Garmin Core Update Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (02/21/2015 09:27:54 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (02/21/2015 06:48:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2\MFC80.DLL

Error: (02/21/2015 06:48:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2\MFC80.DLL

Error: (02/20/2015 05:44:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2\MFC80.DLL

Error: (02/20/2015 05:44:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2\MFC80.DLL

Error: (02/20/2015 04:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 51714

Error: (02/20/2015 04:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 51714

Error: (02/20/2015 04:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/20/2015 04:34:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2075

Error: (02/20/2015 04:34:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2075

==================== Memory info ===========================

Processor: Intel® Core i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 43%
Total physical RAM: 6058.17 MB
Available physical RAM: 3406.57 MB
Total Pagefile: 12114.53 MB
Available Pagefile: 9265.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:282.92 GB) NTFS
Drive e: () (Removable) (Total:7.39 GB) (Free:6.49 GB) FAT32
Drive f: () (Removable) (Total:0.48 GB) (Free:0.28 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 96604B7E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 488.7 MB) (Disk ID: B4A48AAF)
Partition 1: (Not Active) - (Size=488 MB) - (Type=06)

==================== End Of Log ============================

Link to post
Share on other sites

Sorry about missing your posts; somehow I overlooked the "Follow this topic" selection and missed the notifications.
 
I have looked at the logs and it seems that MBAM worked very well (not really a surprize there).  Let's get some of the other outstanding errors off your system:
 
First, please move FRST64.exe to your desktop.  To do so, navigate to the following location (in Windows file Explorer) [ C:\Users\Paul Rubenstein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JH5V81E6 ], right click on FRST64.exe, select CUT, go to your desktop, click on an empty stop on it and right click, select Paste. The file FRST64.exe should now be on the desktop; don't worry, we will not leave this there when we are done.

Next, download and run the following script for FRST:

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.

Fixlist.txt

Link to post
Share on other sites

dbreeze

 

No worries, thank you for your response!   I've followed your instructions that you outined and posted the log. 

 

Thx

 

Paul

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by Paul Rubenstein at 2015-02-22 20:42:08 Run:1
Running from C:\Users\Paul Rubenstein\Desktop
Loaded Profiles: Paul Rubenstein (Available profiles: Paul Rubenstein & UpdatusUser & Mom)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\RunOnce: [uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\MountPoints2: {353f17ed-65a6-11e2-b919-806e6f6e6963} - D:\autoRcd.exe
Startup: C:\Users\Paul Rubenstein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk
ShortcutTarget: OptimizerPro.lnk -> C:\ProgramData\{998986af-5c84-e28d-9989-986af5c81abd}\OptimizerPro.exe (PC Utilities Software Limited)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear.ch/?type=20150220-170-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20150220-170-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear.ch/?type=20150220-170-ie
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20150220-170-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear.ch/?type=20150220-170-ie
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.safesear.ch/web/?type=20150220-170-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_adkpub_15_08&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztByEzz0E0ByB0F0BtAzy0AtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtD0C0B0C0B0E0FtGyDtCyEyDtGtB0A0FtCtGtA0F0B0DtGtA0DtC0EtCtCtA0DyDzz0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtCtAtBtB0D0AtGyEtDtCtBtGyEyCtCtAtGzzyCtBtAtG0D0ByCzy0A0E0BtB0CtD0Ezz2Q&cr=189293737&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_adkpub_15_08&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztByEzz0E0ByB0F0BtAzy0AtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtD0C0B0C0B0E0FtGyDtCyEyDtGtB0A0FtCtGtA0F0B0DtGtA0DtC0EtCtCtA0DyDzz0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtCtAtBtB0D0AtGyEtDtCtBtGyEyCtCtAtGzzyCtBtAtG0D0ByCzy0A0E0BtB0CtD0Ezz2Q&cr=189293737&ir=
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.safesear.ch/web/?type=20150220-170-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.safesear.ch/web/?type=20150220-170-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_adkpub_15_08&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztByEzz0E0ByB0F0BtAzy0AtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtD0C0B0C0B0E0FtGyDtCyEyDtGtB0A0FtCtGtA0F0B0DtGtA0DtC0EtCtCtA0DyDzz0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtCtAtBtB0D0AtGyEtDtCtBtGyEyCtCtAtGzzyCtBtAtG0D0ByCzy0A0E0BtB0CtD0Ezz2Q&cr=189293737&ir=
SearchScopes: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_adkpub_15_08&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztByEzz0E0ByB0F0BtAzy0AtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtD0C0B0C0B0E0FtGyDtCyEyDtGtB0A0FtCtGtA0F0B0DtGtA0DtC0EtCtCtA0DyDzz0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtCtAtBtB0D0AtGyEtDtCtBtGyEyCtCtAtGzzyCtBtAtG0D0ByCzy0A0E0BtB0CtD0Ezz2Q&cr=189293737&ir=
SearchScopes: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear.ch/?type=20150220-170-ie-sm
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 6282496\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - 1\extensions\{jid1-vS7biDmom8YxhA@jetpack}
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear.ch/?type=20150220-170-ff-sm
CHR HKLM\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - No Path
CHR HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - No Path
CHR HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - No Path
CHR HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\...\Chrome\Extension: [joefoganpblmedgjeigepgjfikhhdnnj] - No Path
CHR HKLM-x32\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - No Path
CHR HKLM-x32\...\Chrome\Extension: [joefoganpblmedgjeigepgjfikhhdnnj] - No Path
StartMenuInternet: Google Chrome.EOHSYXVV2RL72HLTRBPSA3CKUU - C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
S2 Update Follow Rules; "C:\Program Files (x86)\Follow Rules\updateFollowRules.exe" [X]
R1 {9ca97048-43b1-43e4-b2ce-0f8419984bcc}Gw64; C:\Windows\System32\drivers\{9ca97048-43b1-43e4-b2ce-0f8419984bcc}Gw64.sys [48784 2015-02-20] (StdLib)
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Paul Rubenstein\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
2015-02-20 16:19 - 2015-02-20 16:19 - 00000000 ____D () C:\Users\Paul Rubenstein\Documents\Optimizer Pro
2015-02-20 16:15 - 2015-02-20 16:15 - 00000000 ____D () C:\Users\Paul Rubenstein\Downloads\runtime
2015-02-20 16:15 - 2015-02-20 00:28 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{9ca97048-43b1-43e4-b2ce-0f8419984bcc}Gw64.sys
2015-02-20 16:13 - 2015-02-20 17:45 - 00000000 ____D () C:\ProgramData\{998986af-5c84-e28d-9989-986af5c81abd}
2015-02-20 16:13 - 2015-02-20 16:17 - 00000000 ____D () C:\Users\Paul Rubenstein\AppData\Local\427305614
2015-02-20 16:13 - 2015-02-20 16:13 - 00000000 ____D () C:\Users\Paul Rubenstein\AppData\Roaming\Binkiland
2015-02-20 16:13 - 2015-02-20 16:13 - 00000000 ____D () C:\Users\Paul Rubenstein\AppData\Local\IsolatedStorage
C:\Users\Mom\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\lkp6vnwf.dll
C:\Users\Paul Rubenstein\AppData\Local\Temp\optprosetup.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\ose00000.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\sp-downloader.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\sumvynpc.dll
C:\Users\Paul Rubenstein\AppData\Local\Temp\uozqqyso.dll
C:\Users\Paul Rubenstein\AppData\Local\Temp\wp-adinject-adk.211.exe
C:\Users\Paul Rubenstein\AppData\Local\Temp\{DE246EA4-F566-40F6-8B1C-F344C7B7D88E}-GoogleUpdateSetup.exe
C:\ProgramData\{998986af-5c84-e28d-9989-986af5c81abd}\OptimizerPro.exe
C:\Program Files (x86)\Follow Rules\updateFollowRules.exe
Reboot:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64 => value deleted successfully.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910 => value deleted successfully.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64 => value deleted successfully.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112 => value deleted successfully.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64 => value deleted successfully.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328 => value deleted successfully.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64 => value deleted successfully.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512 => value deleted successfully.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64 => value deleted successfully.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Paul Rubenstein\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714 => value deleted successfully.
"HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{353f17ed-65a6-11e2-b919-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{353f17ed-65a6-11e2-b919-806e6f6e6963} => Key not found.
C:\Users\Paul Rubenstein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk => Moved successfully.
C:\ProgramData\{998986af-5c84-e28d-9989-986af5c81abd}\OptimizerPro.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => Key deleted successfully.
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{jid1-eFRcA0eiPxecTQ@jetpack} => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{jid1-vS7biDmom8YxhA@jetpack} => value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk => Key not found.
HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\SOFTWARE\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk => Key not found.
"HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\SOFTWARE\Google\Chrome\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji" => Key deleted successfully.
"HKU\S-1-5-21-1621979730-2415421749-3395902806-1000\SOFTWARE\Google\Chrome\Extensions\joefoganpblmedgjeigepgjfikhhdnnj" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\joefoganpblmedgjeigepgjfikhhdnnj" => Key deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
Update Follow Rules => Service not found.
{9ca97048-43b1-43e4-b2ce-0f8419984bcc}Gw64 => Service not found.
"HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-1621979730-2415421749-3395902806-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
C:\Users\Paul Rubenstein\Documents\Optimizer Pro => Moved successfully.
C:\Users\Paul Rubenstein\Downloads\runtime => Moved successfully.
"C:\Windows\system32\Drivers\{9ca97048-43b1-43e4-b2ce-0f8419984bcc}Gw64.sys" => File/Directory not found.
C:\ProgramData\{998986af-5c84-e28d-9989-986af5c81abd} => Moved successfully.
C:\Users\Paul Rubenstein\AppData\Local\427305614 => Moved successfully.
"C:\Users\Paul Rubenstein\AppData\Roaming\Binkiland" => File/Directory not found.
C:\Users\Paul Rubenstein\AppData\Local\IsolatedStorage => Moved successfully.
C:\Users\Mom\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Paul Rubenstein\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\Paul Rubenstein\AppData\Local\Temp\lkp6vnwf.dll => Moved successfully.
C:\Users\Paul Rubenstein\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\Paul Rubenstein\AppData\Local\Temp\ose00000.exe => Moved successfully.
"C:\Users\Paul Rubenstein\AppData\Local\Temp\sp-downloader.exe" => File/Directory not found.
C:\Users\Paul Rubenstein\AppData\Local\Temp\sumvynpc.dll => Moved successfully.
C:\Users\Paul Rubenstein\AppData\Local\Temp\uozqqyso.dll => Moved successfully.
C:\Users\Paul Rubenstein\AppData\Local\Temp\wp-adinject-adk.211.exe => Moved successfully.
C:\Users\Paul Rubenstein\AppData\Local\Temp\{DE246EA4-F566-40F6-8B1C-F344C7B7D88E}-GoogleUpdateSetup.exe => Moved successfully.
"C:\ProgramData\{998986af-5c84-e28d-9989-986af5c81abd}\OptimizerPro.exe" => File/Directory not found.
"C:\Program Files (x86)\Follow Rules\updateFollowRules.exe" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog 20:42:33 ====

Link to post
Share on other sites

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[s0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
 

 

Link to post
Share on other sites

Thank you debreeze!

 

Ive run the ADWCleaner and have attached the log below.

 

Here is the report

 

Paul

 

# AdwCleaner v4.111 - Logfile created 24/02/2015 at 05:56:51
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Paul Rubenstein - PAULRUBENSTEIN
# Running from : C:\Users\Paul Rubenstein\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\11d596f600007253
File Deleted : C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage
File Deleted : C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage-journal
File Deleted : C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Paul Rubenstein\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Paul Rubenstein\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Paul Rubenstein\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v40.0.2214.115

[C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=breaking+bad&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Paul Rubenstein\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_adkpub_15_08&cd=2XzuyEtN2Y1L1Qzuzz0C0AzyzztByEzz0E0ByB0F0BtAzy0AtN0D0Tzu0StCtCyEyCtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtD0C0B0C0B0E0FtGyDtCyEyDtGtB0A0FtCtGtA0F0B0DtGtA0DtC0EtCtCtA0DyDzz0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtCtAtBtB0D0AtGyEtDtCtBtGyEyCtCtAtGzzyCtBtAtG0D0ByCzy0A0E0BtB0CtD0Ezz2Q&cr=189293737&ir=

*************************

AdwCleaner[R0].txt - [4518 bytes] - [24/02/2015 05:54:41]
AdwCleaner[s0].txt - [4818 bytes] - [24/02/2015 05:56:51]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4877  bytes] ##########

Link to post
Share on other sites

FIRST >>>>

Start Malwarebytes' Anti-Malware.

  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).
SECOND >>>>

This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)

Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Getinstallerpopup2_zps65f446a6.png

Double click on the icon on your desktop.

desktopfile_zps98a1ee89.png

Check (accept) the Terms of Use.

TOU_zps4ecd3406.png

Click the START button.

Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-

Make sure that the option Enable detection of potentially unwanted applications is selected.

Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked

Scan archives is checked

Scan for potentially unsafe applications is checked

Enable Anti-Stealth Technology is checked

Now click on: Start

Loadsettings_2014-08-23_zps3f2d0c88.png

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

Downloadingsignatures_zps36c38587.png

Scanningdisplay_zpsec3aac14.png

When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats.

Threatsfound_zpsfe95fb4e.png

At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Exporttotextfile_zps16cb487f.png

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

UninstallcheckedandFinish_zps6fb26ad8.pn

Attach the saved log file in your next reply please. Thanks.

Link to post
Share on other sites

dbreeze

 

Ive run both scans and have pasted the results from the malwarebytes anti-malware scan below.  Ive attached the results of ESET online virus scanner.

 

Thank you!

 

Paul

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/24/2015
Scan Time: 3:11:34 PM
Logfile: Malwarebyte2_24_15.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.24.06
Rootkit Database: v2015.02.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Paul Rubenstein

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 647558
Time Elapsed: 2 hr, 10 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

ESET.txt

Link to post
Share on other sites



Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.
 

Also, how is everything running now?

Fixlist.txt

Link to post
Share on other sites

dbreeze

 

Everything seems to be running okay.  Were the 6 items that were identified from the ESET scan removed?

 

Thank you for your help

 

Paul

 

Below is the list from FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Paul Rubenstein at 2015-02-25 11:30:36 Run:2
Running from C:\Users\Paul Rubenstein\Desktop
Loaded Profiles: Paul Rubenstein &  (Available profiles: Paul Rubenstein & UpdatusUser & Mom)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\Paul Rubenstein\AppData\Local\Temp\429371598.Uninstall\uninstaller.exe
C:\Users\Paul Rubenstein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1ba9addf-6369db7a
C:\Users\Paul Rubenstein\Downloads\minecraftsetup.exe
C:\Users\Paul Rubenstein\Downloads\rcp_dcomnew_sec_300.exe
EmptyTemp:
Reboot:
end

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Paul Rubenstein\AppData\Local\Temp\429371598.Uninstall\uninstaller.exe => Moved successfully.
C:\Users\Paul Rubenstein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1ba9addf-6369db7a => Moved successfully.
C:\Users\Paul Rubenstein\Downloads\minecraftsetup.exe => Moved successfully.
C:\Users\Paul Rubenstein\Downloads\rcp_dcomnew_sec_300.exe => Moved successfully.
EmptyTemp: => Removed 2.7 GB temporary data.

The system needed a reboot.

==== End of Fixlog 11:32:44 ====

Link to post
Share on other sites

All right!! :D Your logs are clean and you're good to go now!! :lol: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:

Clean up of Malware Removal Tools

Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

  • Download Delfix from here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked

    Also tick:

  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

Keep Windows Updated

Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated

Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java

Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader

Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that I recommend is Sumatra PDF.

To update Adobe Reader:

  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.10 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system

Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Update Checker from FileHippo.com (you can get the software from here and read more about it on the same page).

You are now done! :D :D :D :D

Now some information on programs to help keep you safe:

Along with Malwarebytes Antimalware, use the following as a base level security:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:

Microsoft Security Essentials

Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:

Emsisoft Online Armor - installs as trialware which converts to freeware in 30 days

Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====

Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:

How did I get infected in the first place?

and

COMPUTER SECURITY - a short quide to staying safer online

_____________________________________________________________________

Please come back and paste the DelFix.txt log when you can. After that, if you have no more questions, you are good to go. Surf safe, my friend!!

Link to post
Share on other sites

IE vs. Chrome?  Only thing I can say is that Chrome is faster than IE but, because of the popularity of Chrome, malware writers target it a lot.  Which ever one you use (or set up both to do this ) change the settings to delete the Temporary files / history when you close the browser.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.