Barowwsoe2Save Infection

[AudjM]

Hi,thanks for your help. My computer is infected with the Barowwsoe2Save Virus.
I don't believe that I can run ERUNT because my operating system is Windows 7.
Also, Teatimer was turned off before I ran Spybot as Administrator.



DDS LOG

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.25.2
Run by Way at 13:28:56 on 2014-04-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.508 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
C:\Program Files\HP webOS\PDK\tcprelay.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Way\AppData\Local\TVersity\Media Server\MediaServer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Lexmark S410 Series\LMADGmon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Way\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Lexmark S410 Series\LMADGmon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\Program Files\VistaSwitcher\vswitch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CaptureIt Plus\CaptureItPlus.exe
C:\Users\Way\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
E:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Users\Way\AppData\Local\Programs\Houdah Software\ACTPrinter Win Client\ACTPrinter Win.exe
C:\Users\Way\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Way\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\calc.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: RebateRobot BHO: {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdcBase.exe
mRun: [LMADGmon] "c:\program files\lexmark s410 series\LMADGmon.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\way\appdata\roaming\micros~1\windows\startm~1\programs\startup\7stick~1.lnk - c:\program files\7 sticky notes\7StickyNotes.exe
StartupFolder: c:\users\way\appdata\roaming\micros~1\windows\startm~1\programs\startup\actpri~1.lnk - c:\users\way\appdata\local\programs\houdah software\actprinter win client\ACTPrinter Win.exe
StartupFolder: c:\users\way\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\way\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\way\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\way\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\way\appdata\roaming\micros~1\windows\startm~1\programs\startup\quickm~1.lnk - c:\program files\quickmenu\QuickMenu.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\actpri~1.lnk - c:\program files\houdah software\actprinter win client\ACTPrinter Win.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{849F4D15-2429-45CF-8BF7-002AEFD138C0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{849F4D15-2429-45CF-8BF7-002AEFD138C0}\131364850353133323837373 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{849F4D15-2429-45CF-8BF7-002AEFD138C0}\27F6574756 : DHCPNameServer = 192.168.1.1 192.168.1.1 192.168.0.1 192.168.1.1 192.168.1.1
TCP: Interfaces\{FA537B2D-EBA3-4F18-BD89-C96A61DB53EA} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\way\appdata\roaming\mozilla\firefox\profiles\1t8q293v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SLVTDF&PC=MSSL&q=
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\users\way\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\users\way\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\way\appdata\roaming\mozilla\firefox\profiles\1t8q293v.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\users\way\appdata\roaming\mozilla\firefox\profiles\1t8q293v.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2_x64.dll
FF - plugin: c:\users\way\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\way\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: e:\program files\foxit reader\plugins\npFoxitReaderPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.brc,
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-28 64288]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2013-1-26 401920]
R2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2009-7-13 44544]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 104264]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-3-20 98328]
R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.SYS [2008-3-20 134168]
R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.SYS [2008-3-20 309784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-8-6 273960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2010-3-31 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2010-3-31 20864]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2010-3-31 19968]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2010-3-31 24960]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [2010-7-21 25856]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [2010-3-31 25728]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2011-7-17 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-3-20 98328]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.SYS [2008-3-20 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-3-20 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-3-20 528920]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-3-20 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.SYS [2008-3-20 163352]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS [2008-3-20 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.SYS [2008-3-20 259096]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS [2008-3-20 259096]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS [2008-3-20 134168]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS [2008-3-20 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-3-20 99352]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-3-20 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-3-20 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-3-20 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.SYS [2008-3-20 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-3-20 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-3-20 534040]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-3-20 534040]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2010-10-1 52096]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [2011-2-11 728064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="c:\program files\notepad++\notepad++.exe" "%1" [UserChoice]
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-04-23 13:00:39 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{df42f470-b1fe-439a-9a9c-71f714db35d4}\mpengine.dll
2014-04-23 01:43:25 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-04-20 01:46:28 -------- d-----w- c:\users\way\appdata\roaming\OverDrive
2014-04-19 14:43:05 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d79664f4-5a6b-4f6d-b6e1-1460d1c50231}\gapaengine.dll
2014-04-18 22:48:33 -------- d-sh--w- c:\users\way\appdata\local\EmieUserList
2014-04-18 22:48:33 -------- d-sh--w- c:\users\way\appdata\local\EmieSiteList
2014-04-17 07:00:58 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-04-17 03:50:28 107736 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-04-12 21:59:51 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-12 21:56:10 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-12 21:56:10 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-12 19:33:43 -------- d-----w- c:\program files\SearchProtect
2014-04-12 19:30:29 -------- d-----w- c:\programdata\VisualBee
2014-04-12 19:29:51 -------- d-----w- c:\users\way\appdata\local\emaze
2014-04-12 19:29:43 1097384 ----a-w- c:\users\way\appdata\local\nsoE3E3.tmp
2014-04-12 19:28:58 -------- d-----w- C:\temp
2014-04-12 19:27:02 -------- d-----w- c:\program files\003
2014-04-12 19:25:50 -------- d-----w- c:\program files\Optimizer Pro
2014-04-12 18:22:20 -------- d-----w- c:\users\way\appdata\local\webinternetsecurity
2014-04-11 00:27:01 -------- d-----w- c:\users\way\appdata\local\Adobe_Systems_Incorporate
2014-04-09 12:23:53 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-09 12:23:53 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-09 12:23:53 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-09 12:23:53 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-09 12:23:48 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-02 21:52:13 -------- d-----w- c:\users\way\appdata\local\ABBYY
.
==================== Find3M ====================
.
2014-04-03 13:50:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-11 21:58:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 21:58:42 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 13:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 08:32:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-25 05:19:42 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-11-30 04:38:32 49940480 ----a-w- c:\program files\GUT9A67.tmp
.
============= FINISH: 13:31:05.75 ===============

aswMBR


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-23 13:47:46
-----------------------------
13:47:46.056 OS Version: Windows 6.1.7601 Service Pack 1
13:47:46.056 Number of processors: 2 586 0x170A
13:47:46.057 ComputerName: REBIRTH UserName: Way
13:47:47.983 Initialize success
13:48:12.248 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:48:12.249 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 3
13:48:12.389 Disk 0 MBR read successfully
13:48:12.391 Disk 0 MBR scan
13:48:12.393 Disk 0 Windows 7 default MBR code
13:48:12.396 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
13:48:12.401 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8318 MB offset 81920
13:48:12.412 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 50003 MB offset 17117184
13:48:12.415 Disk 0 Partition - 00 0F Extended LBA 246882 MB offset 119523600
13:48:12.434 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 185881 MB offset 119523663
13:48:12.437 Disk 0 Partition - 00 05 Extended 20999 MB offset 500213697
13:48:12.461 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 20999 MB offset 500213760
13:48:12.465 Disk 0 Partition - 00 05 Extended 39999 MB offset 923911794
13:48:12.484 Disk 0 Partition 6 00 07 HPFS/NTFS NTFS 39999 MB offset 543221760
13:48:12.489 Disk 0 scanning sectors +625139712
13:48:12.559 Disk 0 scanning C:\Windows\system32\drivers
13:48:18.873 Service scanning
13:48:24.919 Service MpKsla04e0c8c C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF42F470-B1FE-439A-9A9C-71F714DB35D4}\MpKsla04e0c8c.sys **LOCKED** 32
13:48:31.327 Modules scanning
13:48:36.191 Disk 0 trace - called modules:
13:48:36.199
13:48:36.204 Scan finished successfully
13:49:02.353 Disk 0 MBR has been saved successfully to "C:\Users\Way\Desktop\SPY BOT CLEANUP\MBR.dat"
13:49:02.359 The log file has been saved successfully to "C:\Users\Way\Desktop\SPY BOT CLEANUP\aswMBR.txt"


Spybot SEARCH AND DESTROY LOG

Barowwsoe2Save: [SBI $F5174E26] Program directory (Directory, nothing done)
C:\Program Files\Optimizer Pro\


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

[Juliet]

Hi and welcome

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. rkill.pif
5. WiNlOgOn.exe
6. uSeRiNiT.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Farbar Recovery Scan Tool
http://www.bleepingcomputer.com/down...an-tool/dl/81/
(use correct version for your system.....Which system am I using?)
Tutorial http://www.geekstogo.com/forum/topic...ery-scan-tool/



Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[AudjM]

Here are the files :

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2014
Ran by Way (administrator) on REBIRTH on 25-04-2014 19:10:37
Running from C:\Users\Way\Desktop\__SPY BOT CLEANUP
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Amazon.com) C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Corporation) E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
() C:\Program Files\HP webOS\PDK\tcprelay.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Creative Technology Ltd) C:\Windows\System32\CTHELPER.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Amazon.com) C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
() C:\Program Files\Lexmark S410 Series\LMADGmon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(E-MU Systems) C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
(NTWind Software) C:\Program Files\VistaSwitcher\vswitch.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(dotnetthoughts.net) C:\Program Files\CaptureIt Plus\CaptureItPlus.exe
() C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) E:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) E:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
() C:\Users\Way\AppData\Local\Programs\Houdah Software\ACTPrinter Win Client\ACTPrinter Win.exe
(MagicISO, Inc.) C:\Program Files\MagicDisc\MagicDisc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Way\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Way\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CTxfiHlp] => C:\Windows\system32\CTXFIHLP.EXE [23552 2008-03-20] (Creative Technology Ltd)
HKLM\...\Run: [CTHelper] => C:\Windows\system32\CTHELPER.EXE [23040 2008-03-20] (Creative Technology Ltd)
HKLM\...\Run: [Adobe_ID0ENQBO] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AmazonGSDownloaderTray] => C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LMADGmon] => C:\Program Files\Lexmark S410 Series\LMADGmon.exe [952496 2012-09-07] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [VistaSwitcher] => C:\Program Files\VistaSwitcher\vswitch.exe [191440 2010-05-11] (NTWind Software)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [Google Update] => C:\Users\Way\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-06] (Google Inc.)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [ModemOnHold] => C:\Program Files\Netwaiting\netWaiting.exe [25856 2008-01-16] (BVRP)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [CaptureItPlus] => C:\Program Files\CaptureIt Plus\CaptureItPlus.exe [415744 2011-09-12] (dotnetthoughts.net)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Way\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\lmab1err.exe [645296 2012-08-07] ()
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [LMADGmon] => C:\Program Files\Lexmark S410 Series\LMADGmon.exe [952496 2012-09-07] ()
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [433F2230225CBFC9339AC380E9991C101237BA5C._service_run] => C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-01] (Google Inc.)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [iCloudServices] => E:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [ApplePhotoStreams] => E:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe [841096 2014-03-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\MountPoints2: {fa1382dc-937a-11df-a67d-d4f02c81cb91} - H:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ACTPrinter Win.lnk
ShortcutTarget: ACTPrinter Win.lnk -> C:\Program Files\Houdah Software\ACTPrinter Win Client\ACTPrinter Win.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7 Sticky Notes.lnk
ShortcutTarget: 7 Sticky Notes.lnk -> C:\Program Files\7 Sticky Notes\7StickyNotes.exe (No File)
Startup: C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ACTPrinter Win.lnk
ShortcutTarget: ACTPrinter Win.lnk -> C:\Users\Way\AppData\Local\Programs\Houdah Software\ACTPrinter Win Client\ACTPrinter Win.exe ()
Startup: C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Way\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QuickMenu.lnk
ShortcutTarget: QuickMenu.lnk -> C:\Program Files\QuickMenu\QuickMenu.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7599A5713111CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
SearchScopes: HKCU - {2F3369E5-BDE0-4A5C-8BA7-6E822CA5B8FB} URL = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: RebateRobot BHO - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default
FF user.js: detected! => C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\user.js
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Way\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Way\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Way\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Way\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Way\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Way\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Way\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\searchplugins\s-amazon-byskipity.xml
FF SearchPlugin: C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\searchplugins\skipity-search.xml
FF SearchPlugin: C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\searchplugins\youtube.xml
FF Extension: Dropdo - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\09h200hasdf@0hasdf09h.av08h2 [2011-05-23]
FF Extension: FBSecure - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\FBSecure@liisp.edu [2011-08-28]
FF Extension: HTTPS-Everywhere - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\https-everywhere@eff.org [2014-01-27]
FF Extension: Pocket - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\isreaditlater@ideashower.com [2013-07-05]
FF Extension: Master Password+ - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\masterpasswordtimeoutplus@vano [2013-03-26]
FF Extension: Tab Kit - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\tabkit@jomel.me.uk [2010-10-22]
FF Extension: Download Youtube Videos + - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\video.downloader.plugin@ffpimp.com [2012-03-29]
FF Extension: VTzilla - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\vtzilla@virustotal.com [2011-07-17]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-01-18]
FF Extension: Evernote Web Clipper - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-01-18]
FF Extension: QuickDrag - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\quickdrag@mozilla.ktechcomputing.com.xpi [2012-03-24]
FF Extension: Uppity - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{16cbd87c-eb99-4f5c-9825-83cf13ab7ff8}.xpi [2012-01-06]
FF Extension: NoScript - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-01-06]
FF Extension: StumbleUpon - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2012-01-11]
FF Extension: Adblock Plus - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-05]
FF Extension: Download Statusbar - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012-01-06]
FF Extension: DownThemAll! - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-01-25]

Chrome:
=======
CHR HomePage: hxxp://www.marthastewart.com/
CHR StartupUrls: "hxxp://marthastewart.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Way\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Way\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Extension: (Google Drive) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-09-18]
CHR Extension: (Language Immersion for Chrome) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2012-05-24]
CHR Extension: (Solitaire) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim [2012-06-28]
CHR Extension: (Facebook Colour Changer) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpllmoilcakpgbeodibeifcfnndoheam [2012-05-24]
CHR Extension: (Ge.tt) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdgghbbgmhcpidlmnepkbihehhkmjomc [2012-01-08]
CHR Extension: (Adblock Plus) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-01-11]
CHR Extension: (__MSG_buttonTitle__) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\clikkblliffbbkffahjehcdeknmedelg [2012-11-10]
CHR Extension: (Springpad Clipper) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\eclcnlepmfepnccogfjdafhhlgcfdmnj [2013-06-09]
CHR Extension: (Search All) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk [2014-01-14]
CHR Extension: (Springpad) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla [2012-01-08]
CHR Extension: (EasyDrop) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie [2012-05-17]
CHR Extension: (AdBlock) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-03]
CHR Extension: (Pin It Button) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-05-18]
CHR Extension: (Caroline Gardner) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlajhhigpcohfpjjmnbifacfbdoponci [2013-09-24]
CHR Extension: (Cloud Reader) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2012-07-18]
CHR Extension: (Dropbox) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2012-05-24]
CHR Extension: (Clearly) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2012-05-24]
CHR Extension: (Evernote Web) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-09-15]
CHR Extension: (Planner 5D) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2013-08-14]
CHR Extension: (Ge.tt) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflehelhgpjjhfiigceaplnmgiblnclo [2013-08-19]
CHR Extension: (Springpad Extension) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng [2012-01-08]
CHR Extension: (Google Wallet) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Origami Player) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2013-08-27]
CHR Extension: (Evernote Web Clipper) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2012-05-24]
CHR HKLM\...\Chrome\Extension: [pmfbdeonhcacfoakminfhhgllaelfhda] - C:\Program Files\RebateRobot\rrchrome_im-c1_2_1_2.crx [2012-05-24]
CHR StartMenuInternet: Google Chrome - C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)
R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [220800 2014-04-12] ()
R2 FoxitCloudUpdateService; E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
R2 HPSLPSVC; C:\Users\Way\AppData\Local\Temp\7zS36DF\hpslpsvc32.dll [701288 2011-11-14] (Hewlett-Packard Co.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe [61440 2011-03-15] (Palm)
R2 Palm_TCP_Relay; C:\Program Files\HP webOS\PDK\tcprelay.exe [11776 2011-10-07] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 TVersityMediaServer; C:\Users\Way\AppData\Local\TVersity\Media Server\MediaServer.exe [884736 2010-07-25] ()
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 vosr; C:\Users\Way\AppData\Roaming\VOPackage\VOsrv.exe [X]

==================== Drivers (Whitelisted) ====================

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-03-31] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20864 2010-03-31] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [19968 2010-03-31] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [24960 2010-03-31] (LG Electronics Inc.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2010-07-21] (Google Inc)
S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [25728 2010-03-31] (Google Inc)
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
S3 COMMONFX; C:\Windows\System32\drivers\COMMONFX.SYS [98328 2008-03-20] (Creative Technology Ltd)
R3 COMMONFX.SYS; C:\Windows\System32\drivers\COMMONFX.SYS [98328 2008-03-20] (Creative Technology Ltd)
S3 CTAUDFX; C:\Windows\System32\drivers\CTAUDFX.SYS [528920 2008-03-20] (Creative Technology Ltd)
S3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [528920 2008-03-20] (Creative Technology Ltd)
S3 CTEAPSFX; C:\Windows\System32\drivers\CTEAPSFX.SYS [163352 2008-03-20] (Creative Technology Ltd)
S3 CTEAPSFX.SYS; C:\Windows\System32\drivers\CTEAPSFX.SYS [163352 2008-03-20] (Creative Technology Ltd)
S3 CTEDSPFX; C:\Windows\System32\drivers\CTEDSPFX.SYS [259096 2008-03-20] (Creative Technology Ltd)
S3 CTEDSPFX.SYS; C:\Windows\System32\drivers\CTEDSPFX.SYS [259096 2008-03-20] (Creative Technology Ltd)
S3 CTEDSPIO; C:\Windows\System32\drivers\CTEDSPIO.SYS [134168 2008-03-20] (Creative Technology Ltd)
R3 CTEDSPIO.SYS; C:\Windows\System32\drivers\CTEDSPIO.SYS [134168 2008-03-20] (Creative Technology Ltd)
S3 CTEDSPSY; C:\Windows\System32\drivers\CTEDSPSY.SYS [309784 2008-03-20] (Creative Technology Ltd)
R3 CTEDSPSY.SYS; C:\Windows\System32\drivers\CTEDSPSY.SYS [309784 2008-03-20] (Creative Technology Ltd)
S3 CTERFXFX; C:\Windows\System32\drivers\CTERFXFX.SYS [99352 2008-03-20] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\Windows\System32\drivers\CTERFXFX.SYS [99352 2008-03-20] (Creative Technology Ltd)
S3 CTSBLFX; C:\Windows\System32\drivers\CTSBLFX.SYS [534040 2008-03-20] (Creative Technology Ltd)
S3 CTSBLFX.SYS; C:\Windows\System32\drivers\CTSBLFX.SYS [534040 2008-03-20] (Creative Technology Ltd)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [802840 2008-03-20] (Creative Technology Ltd)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-07-12] (Lavasoft AB)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [728064 2011-02-11] (Realtek Semiconductor Corporation )
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3486336 2009-08-20] ()
R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [79408 2007-09-05] (PACE Anti-Piracy, Inc.)
S1 MpKslbb21eba2; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{74688BB0-9750-45C4-8FAF-CA49AE678B2F}\MpKslbb21eba2.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-25 19:10 - 2014-04-25 19:10 - 00000000 ____D () C:\FRST
2014-04-24 23:20 - 2014-04-24 23:20 - 00078697 _____ () C:\Users\Way\Desktop\Bill_2014-04-13 (1).xls
2014-04-24 23:19 - 2014-04-24 23:19 - 00078697 _____ () C:\Users\Way\Desktop\Bill_2014-04-13.xls
2014-04-23 14:30 - 2014-04-23 14:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Notepad++
2014-04-23 13:31 - 2014-04-23 13:31 - 00022798 _____ () C:\Users\Way\Desktop\dds.txt
2014-04-23 13:31 - 2014-04-23 13:31 - 00011422 _____ () C:\Users\Way\Desktop\attach.txt
2014-04-22 20:39 - 2014-04-25 19:10 - 00000000 ____D () C:\Users\Way\Desktop\__SPY BOT CLEANUP
2014-04-21 16:49 - 2014-04-21 16:49 - 00149840 _____ () C:\Windows\Minidump\042114-17518-01.dmp
2014-04-21 14:52 - 2014-04-21 15:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\EmuPatchMixDSP
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\Documents\My Sessions
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-21 14:51 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-21 14:51 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator
2014-04-21 14:51 - 2014-04-21 14:51 - 00001413 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-21 14:51 - 2014-04-21 14:51 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-04-21 14:51 - 2011-09-27 03:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-04-21 14:51 - 2010-07-29 03:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-04-21 14:51 - 2009-07-14 00:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-21 14:51 - 2009-07-14 00:37 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-19 21:46 - 2014-04-19 21:46 - 00000000 ____D () C:\Users\Way\Documents\My Media
2014-04-19 21:46 - 2014-04-19 21:46 - 00000000 ____D () C:\Users\Way\AppData\Roaming\OverDrive
2014-04-19 21:45 - 2014-04-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive Media Console
2014-04-18 18:48 - 2014-04-18 18:48 - 00000000 __SHD () C:\Users\Way\AppData\Local\EmieUserList
2014-04-18 18:48 - 2014-04-18 18:48 - 00000000 __SHD () C:\Users\Way\AppData\Local\EmieSiteList
2014-04-17 03:01 - 2014-03-06 05:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-17 03:01 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-17 03:01 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-17 03:01 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-17 03:01 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-17 03:01 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-17 03:01 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-17 03:01 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-17 03:01 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-17 03:01 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-17 03:01 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-17 03:01 - 2014-03-06 03:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-17 03:01 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-17 03:01 - 2014-03-06 03:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-17 03:01 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-17 03:01 - 2014-03-06 03:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-17 03:01 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-17 03:01 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-17 03:01 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-17 03:01 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-17 03:01 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-17 03:01 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-17 03:01 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-17 03:01 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-17 03:01 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-17 03:00 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 23:50 - 2014-04-16 23:50 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-04-12 17:59 - 2014-04-22 10:09 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-12 17:56 - 2014-04-12 19:43 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-12 17:56 - 2014-04-12 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-12 17:56 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-12 16:13 - 2014-04-12 16:14 - 00004060 _____ () C:\Windows\wininit.ini
2014-04-12 15:33 - 2014-04-15 15:33 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-12 15:33 - 2014-04-13 15:33 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-12 15:33 - 2014-04-12 17:24 - 00000000 ____D () C:\Program Files\SearchProtect
2014-04-12 15:33 - 2014-04-12 15:56 - 00000368 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-12 15:33 - 2014-04-12 15:33 - 00000318 _____ () C:\Users\Way\AppData\Roaming\aps.uninstall.scan.results
2014-04-12 15:30 - 2014-04-12 15:36 - 00000000 ____D () C:\ProgramData\VisualBee
2014-04-12 15:29 - 2014-04-12 15:29 - 01097384 _____ (AnyProtect.com) C:\Users\Way\AppData\Local\nsoE3E3.tmp
2014-04-12 15:29 - 2014-04-12 15:29 - 00001236 _____ () C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2014-04-12 15:29 - 2014-04-12 15:29 - 00000000 ____D () C:\Users\Way\AppData\Local\emaze
2014-04-12 15:28 - 2014-04-12 15:28 - 00000000 ____D () C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-04-12 15:27 - 2014-04-12 19:40 - 00000000 ____D () C:\Program Files\003
2014-04-12 15:26 - 2014-04-12 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-04-12 15:25 - 2014-04-12 16:13 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-04-12 14:22 - 2014-04-12 14:22 - 00000000 ____D () C:\Users\Way\AppData\Local\webinternetsecurity
2014-04-10 20:27 - 2014-04-10 20:27 - 00000000 ____D () C:\Users\Way\AppData\Local\Adobe_Systems_Incorporate
2014-04-10 20:26 - 2014-04-10 20:26 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2014-04-09 08:23 - 2014-02-03 22:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 08:23 - 2014-02-03 22:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 08:23 - 2014-02-03 22:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 08:23 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 08:23 - 2014-01-23 22:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 08:22 - 2014-03-04 05:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-04 20:34 - 2014-04-04 20:34 - 00000916 _____ () C:\Users\Way\.recently-used.xbel
2014-04-02 17:52 - 2014-04-02 17:52 - 00000000 ____D () C:\Users\Way\AppData\Local\ABBYY
2014-03-30 12:32 - 2014-03-30 12:32 - 00000000 ____D () C:\Users\Way\Desktop\__OCR_LEXMARK

==================== One Month Modified Files and Folders =======

2014-04-25 19:10 - 2014-04-25 19:10 - 00000000 ____D () C:\FRST
2014-04-25 19:10 - 2014-04-22 20:39 - 00000000 ____D () C:\Users\Way\Desktop\__SPY BOT CLEANUP
2014-04-25 19:02 - 2010-07-19 16:37 - 01966640 _____ () C:\Windows\WindowsUpdate.log
2014-04-25 18:58 - 2012-04-23 11:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-25 18:55 - 2010-08-06 02:50 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816093974-2989711645-1971761348-1000UA.job
2014-04-25 18:40 - 2012-04-09 16:57 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-25 18:03 - 2012-05-11 11:19 - 00000000 ____D () C:\Users\Way\AppData\Local\Akamai
2014-04-25 18:00 - 2010-07-22 03:59 - 00000370 _____ () C:\Windows\Tasks\At3.job
2014-04-25 18:00 - 2010-07-22 03:59 - 00000370 _____ () C:\Windows\Tasks\At2.job
2014-04-25 18:00 - 2010-07-22 03:59 - 00000370 _____ () C:\Windows\Tasks\At1.job
2014-04-25 14:55 - 2010-08-06 02:50 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816093974-2989711645-1971761348-1000Core.job
2014-04-25 14:40 - 2012-04-09 16:57 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-25 14:07 - 2009-07-14 00:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-25 14:07 - 2009-07-14 00:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-25 14:02 - 2012-02-20 22:19 - 00000000 ____D () C:\Users\Way\AppData\Local\CUSTPDF Writer
2014-04-25 14:02 - 2012-02-20 16:50 - 00000000 ____D () C:\Users\Way\Documents\ACT Printer Drop Folder
2014-04-25 14:02 - 2010-09-30 22:13 - 00000000 ____D () C:\Users\Way\AppData\Roaming\Dropbox
2014-04-25 14:01 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-25 13:59 - 2014-01-23 18:01 - 00007472 _____ () C:\Windows\setupact.log
2014-04-25 13:59 - 2010-07-29 02:09 - 00491452 _____ () C:\aaw7boot.log
2014-04-25 13:59 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-24 23:23 - 2014-01-26 14:02 - 00000000 ____D () C:\Users\Way\AppData\Local\8F0F0093-273B-42BA-90EA-4B4D27092AB9.aplzod
2014-04-24 23:20 - 2014-04-24 23:20 - 00078697 _____ () C:\Users\Way\Desktop\Bill_2014-04-13 (1).xls
2014-04-24 23:19 - 2014-04-24 23:19 - 00078697 _____ () C:\Users\Way\Desktop\Bill_2014-04-13.xls
2014-04-23 14:30 - 2014-04-23 14:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Notepad++
2014-04-23 13:31 - 2014-04-23 13:31 - 00022798 _____ () C:\Users\Way\Desktop\dds.txt
2014-04-23 13:31 - 2014-04-23 13:31 - 00011422 _____ () C:\Users\Way\Desktop\attach.txt
2014-04-22 19:57 - 2010-07-19 17:24 - 00000000 ____D () C:\Users\Way\AppData\Roaming\Mozilla
2014-04-22 11:49 - 2012-01-24 17:19 - 00000000 ____D () C:\Users\Way\.gimp-2.6
2014-04-22 11:48 - 2012-01-13 09:39 - 00004596 _____ () C:\Users\Way\Desktop\PW (1).txt
2014-04-22 10:09 - 2014-04-12 17:59 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 16:49 - 2014-04-21 16:49 - 00149840 _____ () C:\Windows\Minidump\042114-17518-01.dmp
2014-04-21 16:49 - 2010-10-27 04:24 - 00000000 ____D () C:\Windows\Minidump
2014-04-21 15:41 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\EmuPatchMixDSP
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\Documents\My Sessions
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-21 14:52 - 2014-04-21 14:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-21 14:52 - 2014-04-21 14:51 - 00000000 ____D () C:\Users\Administrator
2014-04-21 14:52 - 2009-07-14 00:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-21 14:51 - 2014-04-21 14:51 - 00001413 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-21 14:51 - 2014-04-21 14:51 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-04-19 21:46 - 2014-04-19 21:46 - 00000000 ____D () C:\Users\Way\Documents\My Media
2014-04-19 21:46 - 2014-04-19 21:46 - 00000000 ____D () C:\Users\Way\AppData\Roaming\OverDrive
2014-04-19 21:45 - 2014-04-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive Media Console
2014-04-19 21:23 - 2010-07-19 16:46 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 18:48 - 2014-04-18 18:48 - 00000000 __SHD () C:\Users\Way\AppData\Local\EmieUserList
2014-04-18 18:48 - 2014-04-18 18:48 - 00000000 __SHD () C:\Users\Way\AppData\Local\EmieSiteList
2014-04-17 09:43 - 2013-03-27 21:25 - 00000000 ____D () C:\Users\Way\Documents\My Digital Editions
2014-04-17 09:24 - 2013-04-05 14:40 - 00000000 ____D () C:\Users\Way\Desktop\OCR
2014-04-17 03:55 - 2013-11-13 05:02 - 00000000 ____D () C:\Windows\rescache
2014-04-17 03:19 - 2010-07-19 16:53 - 00132048 _____ () C:\Users\Way\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 03:18 - 2014-03-06 08:53 - 00037324 _____ () C:\Windows\PFRO.log
2014-04-17 03:18 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\SchCache
2014-04-17 01:16 - 2009-07-13 22:37 - 00000000 _SHDC () C:\Windows\$NtUninstallKB17194$
2014-04-16 23:50 - 2014-04-16 23:50 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-04-15 15:33 - 2014-04-12 15:33 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-15 12:50 - 2012-12-10 14:07 - 00000000 ____D () C:\Users\Way\Desktop\___GIFT SHOP SALES Forms
2014-04-13 15:33 - 2014-04-12 15:33 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-12 19:43 - 2014-04-12 17:56 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-12 19:40 - 2014-04-12 15:27 - 00000000 ____D () C:\Program Files\003
2014-04-12 19:40 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\tracing
2014-04-12 18:00 - 2011-11-27 15:56 - 00000000 ____D () C:\Users\Way\AppData\Roaming\Malwarebytes
2014-04-12 17:56 - 2014-04-12 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-12 17:56 - 2011-11-27 15:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 17:49 - 2014-04-12 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-04-12 17:24 - 2014-04-12 15:33 - 00000000 ____D () C:\Program Files\SearchProtect
2014-04-12 16:14 - 2014-04-12 16:13 - 00004060 _____ () C:\Windows\wininit.ini
2014-04-12 16:13 - 2014-04-12 15:25 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-04-12 15:56 - 2014-04-12 15:33 - 00000368 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-12 15:36 - 2014-04-12 15:30 - 00000000 ____D () C:\ProgramData\VisualBee
2014-04-12 15:33 - 2014-04-12 15:33 - 00000318 _____ () C:\Users\Way\AppData\Roaming\aps.uninstall.scan.results
2014-04-12 15:29 - 2014-04-12 15:29 - 01097384 _____ (AnyProtect.com) C:\Users\Way\AppData\Local\nsoE3E3.tmp
2014-04-12 15:29 - 2014-04-12 15:29 - 00001236 _____ () C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2014-04-12 15:29 - 2014-04-12 15:29 - 00000000 ____D () C:\Users\Way\AppData\Local\emaze
2014-04-12 15:28 - 2014-04-12 15:28 - 00000000 ____D () C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-04-12 14:22 - 2014-04-12 14:22 - 00000000 ____D () C:\Users\Way\AppData\Local\webinternetsecurity
2014-04-10 20:27 - 2014-04-10 20:27 - 00000000 ____D () C:\Users\Way\AppData\Local\Adobe_Systems_Incorporate
2014-04-10 20:26 - 2014-04-10 20:26 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2014-04-10 20:26 - 2010-08-14 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-04-09 23:20 - 2010-12-12 14:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 23:18 - 2013-07-14 23:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 23:16 - 2010-08-06 09:36 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-04 20:34 - 2014-04-04 20:34 - 00000916 _____ () C:\Users\Way\.recently-used.xbel
2014-04-04 20:34 - 2012-01-24 17:23 - 00000000 ____D () C:\Users\Way\AppData\Roaming\gtk-2.0
2014-04-04 20:34 - 2010-07-19 16:43 - 00000000 ____D () C:\Users\Way
2014-04-03 09:51 - 2014-04-12 17:56 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2011-11-27 15:56 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 18:14 - 2013-04-05 15:16 - 00023100 _____ () C:\ProgramData\LMADGscan.log
2014-04-02 18:14 - 2013-04-05 15:16 - 00000230 _____ () C:\Windows\system32\LexFiles.usr
2014-04-02 17:52 - 2014-04-02 17:52 - 00000000 ____D () C:\Users\Way\AppData\Local\ABBYY
2014-03-31 17:10 - 2012-09-06 21:04 - 00000000 ____D () C:\Users\Way\Desktop\CCCONA MAILINGS_AND BROCHURES
2014-03-30 12:32 - 2014-03-30 12:32 - 00000000 ____D () C:\Users\Way\Desktop\__OCR_LEXMARK
2014-03-27 23:37 - 2012-04-27 01:16 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-03-27 23:37 - 2011-12-14 09:27 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-27 23:37 - 2011-09-25 21:25 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-26 10:28 - 2014-01-23 14:53 - 00000000 ____D () C:\Users\Way\Desktop\___JOB SEARCH

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 00:25

==================== End Of Log ==========================

[AudjM]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-04-2014
Ran by Way at 2014-04-25 19:12:05
Running from C:\Users\Way\Desktop\__SPY BOT CLEANUP
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
3MCloudLibrary PC (QML) 1.33 (HKLM\...\3MCloudLibrary PC (QML)) (Version: 1.33 - 3M)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
A Flipping Good Time Version 2.1 (HKLM\...\{575EFF03-44F9-46f4-A229-F245DA972CD2}_is1) (Version: - DigiPen Institute of Technology)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
ACID Pro 7.0 (HKLM\...\{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}) (Version: 7.0.536 - Sony)
Act Printer (HKLM\...\Act Printer) (Version: - )
ACTPrinter Win Client (HKLM\...\{2AC40764-904F-4138-8EA2-C1E435005A32}) (Version: 5.0 - Houdah Software)
ACTPrinter Win Client (HKLM\...\{8D9A351E-C708-4293-B135-1C8F880278F3}) (Version: 5.1 - Houdah Software)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.0.0 - Adobe Systems) Hidden
Adobe After Effects CS4 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Audition 3.0 (HKLM\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Master Collection (HKLM\...\{FBB02B04-C034-4382-A3F6-57416E2752C4}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe CS4 American English Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Dynamiclink Support (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Functional Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS4 Server (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.1.0.332 - Amazon Services LLC)
Amazon Games & Software Downloader (HKLM\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.10 (HKLM\...\Amazon MP3 Downloader) (Version: - )
Amazon MP3 Uploader (HKLM\...\com.amazon.music.uploader) (Version: 1.0.1 - Amazon Services LLC)
Amazon MP3 Uploader (Version: 1.0.1 - Amazon Services LLC) Hidden
Any Video Converter Professional 2.7.6 (HKLM\...\Any Video Converter Professional_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art Explosion Greeting Card Factory Express (HKLM\...\{AE15D0F7-8C2E-4419-97B4-995ED16FBB4E}) (Version: 1.04.3600 - Nova Development)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
calibre (HKLM\...\{D0940326-79BF-4D05-98CA-ED208661D34B}) (Version: 1.19.0 - Kovid Goyal)
CaptureIt Plus version 1.0 (HKLM\...\{18F651DA-E472-441A-A7CD-88C7DFBBFFA3}_is1) (Version: 1.0 - dotnetthoughts.net)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CopyFilenames 3.1 (HKLM\...\CopyFilenames_is1) (Version: 3.1 - ExtraBit Software)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
eFax Messenger (HKLM\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.1.528 - j2 Global)
E-muPatchMix DSP (HKLM\...\EMU PatchMix DSP) (Version: - )
eMusic Download Manager 4.1.4 (HKLM\...\eMusic Download Manager) (Version: 4.1.4 - eMusic, Inc.)
eVoice Player 1.0 (HKLM\...\{DBAC1413-D5AE-4c89-AE9A-B330B02DBAB0}) (Version: 1.0 - j2 Global Communications)
FileMaker Pro 11 Advanced (HKLM\...\{C53BECC0-C579-44F8-A995-E97FACB04DFC}_FileMaker) (Version: 11.0.2.0 - FileMaker, Inc.)
FileMaker Pro 11 Advanced (Version: 11.0.2.0 - FileMaker, Inc.) Hidden
FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Talk Plugin (HKLM\...\{6080787C-8D8A-3334-B79E-FFDC020FA0A1}) (Version: 5.3.0.18358 - Google)
Google Update Helper (Version: 1.3.21.153 - Google Inc.) Hidden
Hong Kong Mahjong 800x600 demo (HKLM\...\Hong Kong Mahjong 800x600 demo) (Version: - )
HP webOS SDK (HKLM\...\{7BAC15E1-52CB-4529-B678-9EEDADE55E79}) (Version: 3.0.669 - HP)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.7.2.2923 - PACE Anti-Piracy)
Internet TV for Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java(TM) SE Development Kit 6 Update 24 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160240}) (Version: 1.6.0.240 - Oracle)
Karen's Directory Printer (HKLM\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
K-Lite Codec Pack 7.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.8.0 - )
Lexmark S410 Series Uninstaller (HKLM\...\Lexmark S410 Series) (Version: - Lexmark International, Inc.)
LG United Mobile Drivers (HKLM\...\{0B03443D-8E0B-453e-8EFC-4490D0D24E6A}) (Version: 1.0 - LG Electronics)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Magic ISO Maker v5.5 (build 0273) (HKLM\...\Magic ISO Maker v5.5 (build 0273)) (Version: - )
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mavis Beacon Teaches Typing Platinum 20 (HKLM\...\{58F9D852-9443-4955-A1ED-12C9E0504DD0}) (Version: 20.00.0000 - Broderbund)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.28.0 - Dell)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
mysms version 2.0.0 (HKLM\...\{48F31003-B5A3-4E17-917A-5DDFF60B9FA2}_is1) (Version: 2.0.0 - Up to Eleven Digital Solutions GmbH)
Name Dropper (HKLM\...\{D2D0FBAD-1736-4B36-A46C-58EAAEDC0546}) (Version: 1.0.0 - Rapid Streams Software Factory)
Netflix in Windows Media Center (HKLM\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
Netwaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
Nora Roberts Vision in White (HKLM\...\Nora Roberts Vision in White_is1) (Version: - )
Notepad++ (HKLM\...\Notepad++) (Version: 5.9.2 - )
NotesHolder 2.2 (HKLM\...\NotesHolder_is1) (Version: 2.2 - A!K Research Labs)
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.73 - Palm, Inc.)
OmmWriter (HKLM\...\{61356085-6C51-4DC9-99E6-33ED72304690}) (Version: 0.1.0.8 - Herraiz & Soto)
Oracle VM VirtualBox 4.1.6 (HKLM\...\{650E4124-292E-4638-944C-99A880C9D0F0}) (Version: 4.1.6 - Oracle Corporation)
Orbit Downloader (HKLM\...\Orbit_is1) (Version: - www.orbitdownloader.com)
OverDrive Media Console (HKLM\...\{7326DA0C-C09B-491C-81FF-6DA12B2256BB}) (Version: 3.3.0 - OverDrive, Inc.)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
PoiZone (HKLM\...\PoiZone) (Version: - Image-Line)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0174 - REALTEK Semiconductor Corp.)
Sawer (HKLM\...\Sawer) (Version: - Image-Line)
Semper Driver Backup (HKLM\...\Semper Driver Backup_is1) (Version: 4.0 - Semper Software)
SKTools Lite (HKLM\...\SKTools Lite) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SugarSync Manager (HKLM\...\SugarSync) (Version: 1.9.96.111090 - SugarSync, Inc.)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeraCopy 2.2 (HKLM\...\TeraCopy_is1) (Version: - Code Sector Inc.)
TL Space Native 7.4 (HKLM\...\{A09ABB28-33D6-4662-8282-C46D480BE863}) (Version: 7.4 - Digidesign, A Division of Avid Technology, Inc.)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
TreeSize Free V2.5 (HKLM\...\TreeSize Free_is1) (Version: 2.5 - JAM Software)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation)
TVersity Codec Pack 1.4 (HKLM\...\TVersity Codec Pack) (Version: 1.4 - TVersity Inc.)
TVersity Media Server 1.9.2 (HKLM\...\TVersity Media Server) (Version: 1.9.2 - TVersity)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
USB Video Device (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.54000.0 - Sonix)
VDownloader 2.9.443 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
VistaSwitcher (HKLM\...\VistaSwitcher) (Version: 1.1.3 - NTWind Software)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC (HKLM\...\{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}) (Version: 1.0.0.0 - VLC)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
Windows Media Center Add-in for Flash (HKLM\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

==================== Restore Points =========================


==================== Hosts content: ==========================

2011-12-03 15:11 - 2014-04-21 15:12 - 00450753 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {025BFA3D-273C-45C1-9942-1C644D96BE83} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1DAF1A63-900B-428F-A614-240523BEC0FD} - System32\Tasks\At3 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: {29C80397-D1CA-4C60-B84F-DD19B539D0D4} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {38799036-37F9-4DB5-84A9-82D71EDB73AC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {45A1EC23-AE9E-4FC7-9486-8CC7A3CE9E8C} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe [2012-09-11] ()
Task: {6090CAD5-694A-4CF7-8850-7FD18F422566} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1816093974-2989711645-1971761348-1000Core => C:\Users\Way\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-06] (Google Inc.)
Task: {612B2E03-7EBA-4F91-AD34-16526525F6A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {74D200E7-26FE-4F42-B0E2-0908FC1DBE25} - System32\Tasks\{1C9F9671-7CE0-41F7-BFC1-EC14D37C4235} => C:\Program Files\REALTEK\11n USB Wireless LAN Utility\ReStart.exe [2009-04-20] (Realtek)
Task: {7D62CFAC-A5DE-44EC-8B3C-3CC35D91E9C3} - System32\Tasks\{410425B6-70EB-455F-BE5F-32FCCAB52D02} => C:\Program Files\Skype\Phone\Skype.exe
Task: {7DED9114-7E8C-4CA9-9D35-F76E1A95DF5A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {82BA4169-32AE-4090-BD2D-403CBDFB31D8} - System32\Tasks\AdobeAAMUpdater-1.0-Rebirth-Way => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {95151BDB-61A3-4E7E-9D49-88B5C3B5A548} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {9CB64F41-6AE1-4B85-B9D8-D1AF9039A6DA} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9F233CA0-F7A2-4EFD-89C7-022F9B2D2968} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {9F8A70C5-AF21-4972-89FF-4DDFFDA400E9} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B28DEA05-56E4-4183-831F-51B896E4FD4B} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {C64EB799-E245-4893-BD1A-39C5392C21DD} - System32\Tasks\Amazon Music Helper => C:\Users\Way\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2013-06-21] ()
Task: {CCBC01C7-57C0-4D2A-B9AE-7337EB7171F4} - System32\Tasks\At2 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: {E8DCFC4B-9945-455A-953D-BA6AA6BCEE3F} - System32\Tasks\At1 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: {FF83D9C7-5498-40B5-BB95-CBEB24CF2C58} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1816093974-2989711645-1971761348-1000UA => C:\Users\Way\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\At1.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
Task: C:\Windows\Tasks\At2.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
Task: C:\Windows\Tasks\At3.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816093974-2989711645-1971761348-1000Core.job => C:\Users\Way\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816093974-2989711645-1971761348-1000UA.job => C:\Users\Way\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 16:50 - 2008-07-19 17:02 - 00086016 _____ () C:\Windows\System32\custmon32.dll
2013-01-26 23:06 - 2009-10-23 13:31 - 00038912 _____ () C:\Program Files\Amazon\Amazon Games & Software Downloader\utility.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-12 15:26 - 2014-04-12 15:26 - 00220800 ____N () C:\Program Files\Optimizer Pro\OptProCrashSvc.dll
2014-04-12 15:26 - 2014-04-12 15:26 - 04110808 ____N () C:\Program Files\Optimizer Pro\OptProCrash.dll
2011-10-07 17:07 - 2011-10-07 17:07 - 00011776 _____ () C:\Program Files\HP webOS\PDK\tcprelay.exe
2012-11-14 22:12 - 2012-11-14 22:12 - 00217600 _____ () C:\Program Files\Lexmark\LMADG\LMabmini.dll
2010-07-21 00:21 - 2010-03-15 14:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2011-10-16 17:08 - 2009-06-22 02:26 - 00305664 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll
2011-02-08 20:56 - 2011-02-08 20:56 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll
2011-10-16 17:08 - 2009-07-13 23:50 - 00325120 _____ () C:\Program Files\TeraCopy\TeraCopy.dll
2013-04-05 14:27 - 2012-09-07 02:40 - 00952496 _____ () C:\Program Files\Lexmark S410 Series\LMADGmon.exe
2013-04-05 14:27 - 2012-08-22 06:05 - 01490944 _____ () C:\Program Files\Lexmark S410 Series\lmabdrs.dll
2013-04-05 14:27 - 2012-08-07 07:40 - 00645296 _____ () C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
2013-04-05 14:27 - 2012-08-07 07:37 - 00217088 _____ () C:\Program Files\Lexmark\ErrorApp\lmab1err.dll
2014-04-09 09:16 - 2014-04-01 21:57 - 00065352 _____ () C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2012-11-14 22:12 - 2012-11-14 22:12 - 00888832 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\LMADGQ4Z.DLL
2012-11-14 22:12 - 2012-11-14 22:12 - 01805312 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\LMADGQUE.DLL
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () E:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () E:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-06-24 13:20 - 2013-06-24 13:20 - 01956800 _____ () C:\Users\Way\AppData\Local\Programs\Houdah Software\ACTPrinter Win Client\ACTPrinter Win.exe
2012-02-20 16:50 - 2004-09-26 17:35 - 02768896 _____ () C:\Program Files\GPLGS\gsdll32.dll
2014-04-09 09:16 - 2014-04-01 21:57 - 00674632 _____ () C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-09 09:16 - 2014-04-01 21:57 - 00093000 _____ () C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-09 09:16 - 2014-04-01 21:57 - 04081480 _____ () C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 09:16 - 2014-04-01 21:58 - 00390472 _____ () C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 09:16 - 2014-04-01 21:57 - 01647432 _____ () C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-09 09:16 - 2014-04-01 21:58 - 13691720 _____ () C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\$NtUninstallKB17194$:SummaryInformation
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\35048670.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\35048670.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Way^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: 433F2230225CBFC9339AC380E9991C101237BA5C._service_run => "C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Amazon Cloud Player => C:\Users\Way\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_TRAY => C:\Program Files\AVG\AVG10\avgtray.exe
MSCONFIG\startupreg: eFax 4.4 => "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe
MSCONFIG\startupreg: tsnp2uvc => C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe

==================== Faulty Device Manager Devices =============

Name: MpKslbb21eba2
Description: MpKslbb21eba2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslbb21eba2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2014 06:03:08 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/25/2014 06:02:44 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/25/2014 02:02:45 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/25/2014 02:02:18 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/24/2014 08:45:30 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/24/2014 08:44:57 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/24/2014 03:49:58 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/24/2014 03:49:20 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/24/2014 11:46:54 AM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/24/2014 11:46:30 AM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.


System errors:
=============
Error: (04/25/2014 06:14:14 PM) (Source: Service Control Manager) (User: )
Description: The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).

Error: (04/25/2014 02:02:13 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (04/25/2014 01:59:54 PM) (Source: Service Control Manager) (User: )
Description: The Service Component of VO service failed to start due to the following error:
%%2

Error: (04/24/2014 11:24:21 PM) (Source: Service Control Manager) (User: )
Description: The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).

Error: (04/24/2014 09:07:10 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.173.549.0

Update Source: %NT AUTHORITY59

Update Stage: 4.5.0216.00

Source Path: 4.5.0216.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (04/24/2014 07:25:04 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/23/2014 02:58:17 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/21/2014 05:17:09 PM) (Source: Service Control Manager) (User: )
Description: The Foxit Cloud Safe Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/21/2014 04:51:46 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (04/21/2014 04:49:36 PM) (Source: Service Control Manager) (User: )
Description: The Service Component of VO service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (01/05/2014 11:25:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/25/2013 01:04:35 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 31886 seconds with 300 seconds of active time. This session ended with a crash.

Error: (09/15/2013 10:46:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/03/2013 03:19:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1937 seconds with 840 seconds of active time. This session ended with a crash.

Error: (03/02/2013 08:46:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37639 seconds with 14760 seconds of active time. This session ended with a crash.

Error: (10/30/2012 11:56:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27177 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/27/2012 03:45:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3748 seconds with 1920 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 72%
Total physical RAM: 2012.8 MB
Available physical RAM: 560.06 MB
Total Pagefile: 4025.61 MB
Available Pagefile: 1397.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:7.39 GB) NTFS
Drive d: (Files) (Fixed) (Total:181.53 GB) (Free:158.81 GB) NTFS
Drive e: (Downloads) (Fixed) (Total:20.51 GB) (Free:14.63 GB) NTFS
Drive f: (Scratch Disk) (Fixed) (Total:39.06 GB) (Free:20.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8A427EA7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=241 GB) - (Type=OF Extended)

==================== End Of Log ============================

[Juliet]

What is AnyProtect?
AnyProtect by ClickMeIn Limited is a potentially unwanted program run by ironSource, a known distributor of web browser extensions and toolbars.
It is advised you uninstall/remove AnyProtect

The below script I have created will also reboot your computer, please don't be alarmed.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
BHO: RebateRobot BHO - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
FF user.js: detected! => C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\user.js
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF SearchPlugin: C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\searchplugins\safeguard-secure-search.xml
CHR HKLM\...\Chrome\Extension: [pmfbdeonhcacfoakminfhhgllaelfhda] - C:\Program Files\RebateRobot\rrchrome_im-c1_2_1_2.crx [2012-05-24]
R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [220800 2014-04-12] ()
C:\Program Files\SearchProtect
C:\Program Files\Optimizer Pro
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
Task: {1DAF1A63-900B-428F-A614-240523BEC0FD} - System32\Tasks\At3 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: {29C80397-D1CA-4C60-B84F-DD19B539D0D4} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9CB64F41-6AE1-4B85-B9D8-D1AF9039A6DA} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9F8A70C5-AF21-4972-89FF-4DDFFDA400E9} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CCBC01C7-57C0-4D2A-B9AE-7337EB7171F4} - System32\Tasks\At2 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: {E8DCFC4B-9945-455A-953D-BA6AA6BCEE3F} - System32\Tasks\At1 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
Task: C:\Windows\Tasks\At2.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
Task: C:\Windows\Tasks\At3.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
C:\Program Files\Optimizer Pro\OptProCrashSvc.dll
C:\Program Files\Optimizer Pro\OptProCrash.dll
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~~~~~~~~~`

AdwCleaner by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open windows and browsers.

• Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  
  *****
  
  
  
• Click the Scan button and wait for the scan to finish.

• After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
• Click the Report button to get the log
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
• NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please post:
Fixlog.txt
AdwCleaner[R0].txt
JRT.txt

[AudjM]

Thank you Juliet,

I will run this tomorrow afternoon.
One question - how do I disable my protective software?
I have never done so before

Thank you

[Juliet]

You can get help on disabling your protection programs here

[AudjM]

Thanks Juliet,
I am going to turn computer protection back on. Please let me know if I need to turn it off again for any upcoming steps.

FIXLOG.TXT


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2014
Ran by Way at 2014-04-27 18:05:34 Run:1
Running from C:\Users\Way\Desktop\__SPY BOT CLEANUP\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
BHO: RebateRobot BHO - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
FF user.js: detected! => C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\user.js
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF SearchPlugin: C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\searchplugins\safeguard-secure-search.xml
CHR HKLM\...\Chrome\Extension: [pmfbdeonhcacfoakminfhhgllaelfhda] - C:\Program Files\RebateRobot\rrchrome_im-c1_2_1_2.crx [2012-05-24]
R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [220800 2014-04-12] ()
C:\Program Files\SearchProtect
C:\Program Files\Optimizer Pro
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
Task: {1DAF1A63-900B-428F-A614-240523BEC0FD} - System32\Tasks\At3 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: {29C80397-D1CA-4C60-B84F-DD19B539D0D4} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9CB64F41-6AE1-4B85-B9D8-D1AF9039A6DA} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9F8A70C5-AF21-4972-89FF-4DDFFDA400E9} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CCBC01C7-57C0-4D2A-B9AE-7337EB7171F4} - System32\Tasks\At2 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: {E8DCFC4B-9945-455A-953D-BA6AA6BCEE3F} - System32\Tasks\At1 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
Task: C:\Windows\Tasks\At2.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
Task: C:\Windows\Tasks\At3.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
C:\Program Files\Optimizer Pro\OptProCrashSvc.dll
C:\Program Files\Optimizer Pro\OptProCrash.dll
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Reboot:
end
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} => Key deleted successfully.
HKCR\CLSID\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\user.js => Moved successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\searchplugins\safeguard-secure-search.xml => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda => Key deleted successfully.
"C:\Program Files\RebateRobot\rrchrome_im-c1_2_1_2.crx" => File/Directory not found.
ca82e1a5 => Service stopped successfully.
ca82e1a5 => Service deleted successfully.
C:\Program Files\SearchProtect => Moved successfully.
C:\Program Files\Optimizer Pro => Moved successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At3.job => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DAF1A63-900B-428F-A614-240523BEC0FD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DAF1A63-900B-428F-A614-240523BEC0FD} => Key deleted successfully.
C:\Windows\System32\Tasks\At3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29C80397-D1CA-4C60-B84F-DD19B539D0D4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29C80397-D1CA-4C60-B84F-DD19B539D0D4} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CB64F41-6AE1-4B85-B9D8-D1AF9039A6DA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CB64F41-6AE1-4B85-B9D8-D1AF9039A6DA} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F8A70C5-AF21-4972-89FF-4DDFFDA400E9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F8A70C5-AF21-4972-89FF-4DDFFDA400E9} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCBC01C7-57C0-4D2A-B9AE-7337EB7171F4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCBC01C7-57C0-4D2A-B9AE-7337EB7171F4} => Key deleted successfully.
C:\Windows\System32\Tasks\At2 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8DCFC4B-9945-455A-953D-BA6AA6BCEE3F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8DCFC4B-9945-455A-953D-BA6AA6BCEE3F} => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1 => Key deleted successfully.
C:\Windows\Tasks\At1.job not found.
C:\Windows\Tasks\At2.job not found.
C:\Windows\Tasks\At3.job not found.
"C:\Program Files\Optimizer Pro\OptProCrashSvc.dll" => File/Directory not found.
"C:\Program Files\Optimizer Pro\OptProCrash.dll" => File/Directory not found.
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog ====

ADWCLEANER.TXT


# AdwCleaner v3.204 - Report created 27/04/2014 at 18:20:41
# Updated 26/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Way - REBIRTH
# Running from : C:\Users\Way\Desktop\__SPY BOT CLEANUP\ADWCLEANER\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Way\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Windows\Tasks\APSnotifierPP1.job
File Found : C:\Windows\Tasks\APSnotifierPP2.job
File Found : C:\Windows\Tasks\APSnotifierPP3.job
Folder Found : C:\Program Files\003
Folder Found : C:\Program Files\GamesBar
Folder Found : C:\Program Files\orbitdownloader
Folder Found : C:\Users\Way\.android
Folder Found : C:\Users\Way\AppData\Local\emaze
Folder Found : C:\Users\Way\AppData\Local\Webinternetsecurity
Folder Found : C:\Users\Way\AppData\Roaming\digitalsite
Folder Found : C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Found : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\isreaditlater@ideashower.com
Folder Found : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\FoxTab
Folder Found : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\StumbleUpon

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\Orbit
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\visualbee
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\Software\LevelQualityWatcher
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_free-video-cutter_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_free-video-cutter_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Key Found : HKLM\Software\Orbit
Key Found : HKLM\Software\visualbee
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitdm.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitnet.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://movies.netflix.com/WiSearch?oq=once+upon+a+time&ac_posn=-1&ac_rec=true&ac_count=-1&ac_match=false&v1={searchTerms}&search_submit=
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3317822&octid=EB_ORIGINAL_CTID&ISID=M785A6931-084E-460B-9F5E-4A1647B6C37F&SearchSource=58&CUI=&UM=5&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
Found [Search Provider] : hxxp://s8int.com/search.htm?mact=Search%2Ccntnt01%2Cdosearch%2C0&cntnt01returnid=32&cntnt01searchinput={searchTerms}&cntnt01origreturnid=43&cntnt01modules=CGBlog
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [6376 octets] - [27/04/2014 18:20:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6436 octets] ##########


JRT.TXT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Way on Sun 04/27/2014 at 18:40:41.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&download by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&grab video by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\do&wnload selected by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\down&load all by orbit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\orbit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\orbit_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_free-video-cutter_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_free-video-cutter_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2F3369E5-BDE0-4A5C-8BA7-6E822CA5B8FB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\Users\Way\AppData\Roaming\digitalsite"
Successfully deleted: [Folder] "C:\Users\Way\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Program Files\gamesbar"
Successfully deleted: [Folder] "C:\Program Files\orbitdownloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2"



~~~ FireFox

Successfully deleted the following from C:\Users\Way\AppData\Roaming\mozilla\firefox\profiles\1t8q293v.default\prefs.js

user_pref("browser.bdtoolbar.search_searchbar", false);
user_pref("extensions.vidbar.search_searchbox_welcomeshown", true);
Emptied folder: C:\Users\Way\AppData\Roaming\mozilla\firefox\profiles\1t8q293v.default\minidumps [24 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/27/2014 at 18:42:21.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Juliet]

That located a good deal of bad files.

Yes, please remember to turn your computer security back on after running the scans.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete this time click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes AntiMalware recently had a program update.
You can download the newest version over the top of the one you have or download and install again.

http://www.malwarebytes.org/update/

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits


Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log


Please post these 2 logs.

Also, can you give me an update on how the computer is now.

[AudjM]

That located a good deal of bad files.
Yes, please remember to turn your computer security back on after running the scans.

Thanks Juliet...my computer seems to be running more quickly now!

Here are the logs below:

ADWCLEANER[S1].TXT


# AdwCleaner v3.204 - Report created 28/04/2014 at 14:52:47
# Updated 26/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Way - REBIRTH
# Running from : C:\Users\Way\Desktop\__SPY BOT CLEANUP\ADWCLEANER\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Users\Way\.android
Folder Deleted : C:\Users\Way\AppData\Local\emaze
Folder Deleted : C:\Users\Way\AppData\Local\Webinternetsecurity
Folder Deleted : C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\FoxTab
Folder Deleted : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\StumbleUpon
Folder Deleted : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\isreaditlater@ideashower.com
File Deleted : C:\Users\Way\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Windows\Tasks\APSnotifierPP1.job
File Deleted : C:\Windows\Tasks\APSnotifierPP2.job
File Deleted : C:\Windows\Tasks\APSnotifierPP3.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitdm.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitnet.exe]
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\LevelQualityWatcher

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?oq=once+upon+a+time&ac_posn=-1&ac_rec=true&ac_count=-1&ac_match=false&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3317822&octid=EB_ORIGINAL_CTID&ISID=M785A6931-084E-460B-9F5E-4A1647B6C37F&SearchSource=58&CUI=&UM=5&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://s8int.com/search.htm?mact=Search%2Ccntnt01%2Cdosearch%2C0&cntnt01returnid=32&cntnt01searchinput={searchTerms}&cntnt01origreturnid=43&cntnt01modules=CGBlog
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [6516 octets] - [27/04/2014 18:20:41]
AdwCleaner[R1].txt - [4426 octets] - [28/04/2014 14:47:47]
AdwCleaner[S0].txt - [4423 octets] - [28/04/2014 14:52:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4483 octets] ##########

MalBytesware Scan Log 4-28-2014.txt

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/28/2014
Scan Time: 5:11:26 PM
Logfile: MalBytesware Scan Log 4-28-2014.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.28.09
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Way

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 285577
Time Elapsed: 11 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)