Hi,thanks for your help. My computer is infected with the Barowwsoe2Save Virus.
I don't believe that I can run ERUNT because my operating system is Windows 7.
Also, Teatimer was turned off before I ran Spybot as Administrator.



DDS LOG

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.25.2
Run by Way at 13:28:56 on 2014-04-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.508 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
C:\Program Files\HP webOS\PDK\tcprelay.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Way\AppData\Local\TVersity\Media Server\MediaServer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Lexmark S410 Series\LMADGmon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Way\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Lexmark S410 Series\LMADGmon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\Program Files\VistaSwitcher\vswitch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CaptureIt Plus\CaptureItPlus.exe
C:\Users\Way\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
E:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Users\Way\AppData\Local\Programs\Houdah Software\ACTPrinter Win Client\ACTPrinter Win.exe
C:\Users\Way\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Way\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\calc.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: RebateRobot BHO: {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdcBase.exe
mRun: [LMADGmon] "c:\program files\lexmark s410 series\LMADGmon.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\way\appdata\roaming\micros~1\windows\startm~1\programs\startup\7stick~1.lnk - c:\program files\7 sticky notes\7StickyNotes.exe
StartupFolder: c:\users\way\appdata\roaming\micros~1\windows\startm~1\programs\startup\actpri~1.lnk - c:\users\way\appdata\local\programs\houdah software\actprinter win client\ACTPrinter Win.exe
StartupFolder: c:\users\way\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\way\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\way\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\way\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\way\appdata\roaming\micros~1\windows\startm~1\programs\startup\quickm~1.lnk - c:\program files\quickmenu\QuickMenu.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\actpri~1.lnk - c:\program files\houdah software\actprinter win client\ACTPrinter Win.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{849F4D15-2429-45CF-8BF7-002AEFD138C0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{849F4D15-2429-45CF-8BF7-002AEFD138C0}\131364850353133323837373 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{849F4D15-2429-45CF-8BF7-002AEFD138C0}\27F6574756 : DHCPNameServer = 192.168.1.1 192.168.1.1 192.168.0.1 192.168.1.1 192.168.1.1
TCP: Interfaces\{FA537B2D-EBA3-4F18-BD89-C96A61DB53EA} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\way\appdata\roaming\mozilla\firefox\profiles\1t8q293v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SLVTDF&PC=MSSL&q=
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\users\way\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\users\way\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\way\appdata\roaming\mozilla\firefox\profiles\1t8q293v.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\users\way\appdata\roaming\mozilla\firefox\profiles\1t8q293v.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2_x64.dll
FF - plugin: c:\users\way\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\way\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: e:\program files\foxit reader\plugins\npFoxitReaderPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.brc,
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-28 64288]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2013-1-26 401920]
R2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2009-7-13 44544]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 104264]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-3-20 98328]
R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.SYS [2008-3-20 134168]
R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.SYS [2008-3-20 309784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-8-6 273960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2010-3-31 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2010-3-31 20864]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2010-3-31 19968]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2010-3-31 24960]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [2010-7-21 25856]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [2010-3-31 25728]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2011-7-17 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-3-20 98328]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.SYS [2008-3-20 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-3-20 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-3-20 528920]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-3-20 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.SYS [2008-3-20 163352]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS [2008-3-20 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.SYS [2008-3-20 259096]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS [2008-3-20 259096]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS [2008-3-20 134168]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS [2008-3-20 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-3-20 99352]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-3-20 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-3-20 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-3-20 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.SYS [2008-3-20 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-3-20 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-3-20 534040]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-3-20 534040]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2010-10-1 52096]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [2011-2-11 728064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="c:\program files\notepad++\notepad++.exe" "%1" [UserChoice]
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-04-23 13:00:39 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{df42f470-b1fe-439a-9a9c-71f714db35d4}\mpengine.dll
2014-04-23 01:43:25 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-04-20 01:46:28 -------- d-----w- c:\users\way\appdata\roaming\OverDrive
2014-04-19 14:43:05 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d79664f4-5a6b-4f6d-b6e1-1460d1c50231}\gapaengine.dll
2014-04-18 22:48:33 -------- d-sh--w- c:\users\way\appdata\local\EmieUserList
2014-04-18 22:48:33 -------- d-sh--w- c:\users\way\appdata\local\EmieSiteList
2014-04-17 07:00:58 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-04-17 03:50:28 107736 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-04-12 21:59:51 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-12 21:56:10 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-12 21:56:10 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-12 19:33:43 -------- d-----w- c:\program files\SearchProtect
2014-04-12 19:30:29 -------- d-----w- c:\programdata\VisualBee
2014-04-12 19:29:51 -------- d-----w- c:\users\way\appdata\local\emaze
2014-04-12 19:29:43 1097384 ----a-w- c:\users\way\appdata\local\nsoE3E3.tmp
2014-04-12 19:28:58 -------- d-----w- C:\temp
2014-04-12 19:27:02 -------- d-----w- c:\program files\003
2014-04-12 19:25:50 -------- d-----w- c:\program files\Optimizer Pro
2014-04-12 18:22:20 -------- d-----w- c:\users\way\appdata\local\webinternetsecurity
2014-04-11 00:27:01 -------- d-----w- c:\users\way\appdata\local\Adobe_Systems_Incorporate
2014-04-09 12:23:53 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-09 12:23:53 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-09 12:23:53 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-09 12:23:53 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-09 12:23:48 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-02 21:52:13 -------- d-----w- c:\users\way\appdata\local\ABBYY
.
==================== Find3M ====================
.
2014-04-03 13:50:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-11 21:58:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 21:58:42 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 13:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 08:32:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-25 05:19:42 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-11-30 04:38:32 49940480 ----a-w- c:\program files\GUT9A67.tmp
.
============= FINISH: 13:31:05.75 ===============

aswMBR


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-23 13:47:46
-----------------------------
13:47:46.056 OS Version: Windows 6.1.7601 Service Pack 1
13:47:46.056 Number of processors: 2 586 0x170A
13:47:46.057 ComputerName: REBIRTH UserName: Way
13:47:47.983 Initialize success
13:48:12.248 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:48:12.249 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 3
13:48:12.389 Disk 0 MBR read successfully
13:48:12.391 Disk 0 MBR scan
13:48:12.393 Disk 0 Windows 7 default MBR code
13:48:12.396 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
13:48:12.401 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8318 MB offset 81920
13:48:12.412 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 50003 MB offset 17117184
13:48:12.415 Disk 0 Partition - 00 0F Extended LBA 246882 MB offset 119523600
13:48:12.434 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 185881 MB offset 119523663
13:48:12.437 Disk 0 Partition - 00 05 Extended 20999 MB offset 500213697
13:48:12.461 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 20999 MB offset 500213760
13:48:12.465 Disk 0 Partition - 00 05 Extended 39999 MB offset 923911794
13:48:12.484 Disk 0 Partition 6 00 07 HPFS/NTFS NTFS 39999 MB offset 543221760
13:48:12.489 Disk 0 scanning sectors +625139712
13:48:12.559 Disk 0 scanning C:\Windows\system32\drivers
13:48:18.873 Service scanning
13:48:24.919 Service MpKsla04e0c8c C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF42F470-B1FE-439A-9A9C-71F714DB35D4}\MpKsla04e0c8c.sys **LOCKED** 32
13:48:31.327 Modules scanning
13:48:36.191 Disk 0 trace - called modules:
13:48:36.199
13:48:36.204 Scan finished successfully
13:49:02.353 Disk 0 MBR has been saved successfully to "C:\Users\Way\Desktop\SPY BOT CLEANUP\MBR.dat"
13:49:02.359 The log file has been saved successfully to "C:\Users\Way\Desktop\SPY BOT CLEANUP\aswMBR.txt"


Spybot SEARCH AND DESTROY LOG

Barowwsoe2Save: [SBI $F5174E26] Program directory (Directory, nothing done)
C:\Program Files\Optimizer Pro\


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

Hi and welcome

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/



Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Here are the files :

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2014
Ran by Way (administrator) on REBIRTH on 25-04-2014 19:10:37
Running from C:\Users\Way\Desktop\__SPY BOT CLEANUP
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Amazon.com) C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Corporation) E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
() C:\Program Files\HP webOS\PDK\tcprelay.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Creative Technology Ltd) C:\Windows\System32\CTHELPER.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Amazon.com) C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
() C:\Program Files\Lexmark S410 Series\LMADGmon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(E-MU Systems) C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
(NTWind Software) C:\Program Files\VistaSwitcher\vswitch.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(dotnetthoughts.net) C:\Program Files\CaptureIt Plus\CaptureItPlus.exe
() C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) E:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) E:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
() C:\Users\Way\AppData\Local\Programs\Houdah Software\ACTPrinter Win Client\ACTPrinter Win.exe
(MagicISO, Inc.) C:\Program Files\MagicDisc\MagicDisc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Way\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Way\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CTxfiHlp] => C:\Windows\system32\CTXFIHLP.EXE [23552 2008-03-20] (Creative Technology Ltd)
HKLM\...\Run: [CTHelper] => C:\Windows\system32\CTHELPER.EXE [23040 2008-03-20] (Creative Technology Ltd)
HKLM\...\Run: [Adobe_ID0ENQBO] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AmazonGSDownloaderTray] => C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LMADGmon] => C:\Program Files\Lexmark S410 Series\LMADGmon.exe [952496 2012-09-07] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [VistaSwitcher] => C:\Program Files\VistaSwitcher\vswitch.exe [191440 2010-05-11] (NTWind Software)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [Google Update] => C:\Users\Way\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-06] (Google Inc.)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [ModemOnHold] => C:\Program Files\Netwaiting\netWaiting.exe [25856 2008-01-16] (BVRP)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [CaptureItPlus] => C:\Program Files\CaptureIt Plus\CaptureItPlus.exe [415744 2011-09-12] (dotnetthoughts.net)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Way\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\lmab1err.exe [645296 2012-08-07] ()
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [LMADGmon] => C:\Program Files\Lexmark S410 Series\LMADGmon.exe [952496 2012-09-07] ()
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [433F2230225CBFC9339AC380E9991C101237BA5C._service_run] => C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-01] (Google Inc.)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [iCloudServices] => E:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [ApplePhotoStreams] => E:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe [841096 2014-03-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1816093974-2989711645-1971761348-1000\...\MountPoints2: {fa1382dc-937a-11df-a67d-d4f02c81cb91} - H:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ACTPrinter Win.lnk
ShortcutTarget: ACTPrinter Win.lnk -> C:\Program Files\Houdah Software\ACTPrinter Win Client\ACTPrinter Win.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7 Sticky Notes.lnk
ShortcutTarget: 7 Sticky Notes.lnk -> C:\Program Files\7 Sticky Notes\7StickyNotes.exe (No File)
Startup: C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ACTPrinter Win.lnk
ShortcutTarget: ACTPrinter Win.lnk -> C:\Users\Way\AppData\Local\Programs\Houdah Software\ACTPrinter Win Client\ACTPrinter Win.exe ()
Startup: C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Way\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QuickMenu.lnk
ShortcutTarget: QuickMenu.lnk -> C:\Program Files\QuickMenu\QuickMenu.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7599A5713111CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
SearchScopes: HKCU - {2F3369E5-BDE0-4A5C-8BA7-6E822CA5B8FB} URL = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: RebateRobot BHO - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default
FF user.js: detected! => C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\user.js
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Way\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Way\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Way\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Way\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Way\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Way\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Way\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\searchplugins\s-amazon-byskipity.xml
FF SearchPlugin: C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\searchplugins\skipity-search.xml
FF SearchPlugin: C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\searchplugins\youtube.xml
FF Extension: Dropdo - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\09h200hasdf@0hasdf09h.av08h2 [2011-05-23]
FF Extension: FBSecure - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\FBSecure@liisp.edu [2011-08-28]
FF Extension: HTTPS-Everywhere - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\https-everywhere@eff.org [2014-01-27]
FF Extension: Pocket - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\isreaditlater@ideashower.com [2013-07-05]
FF Extension: Master Password+ - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\masterpasswordtimeoutplus@vano [2013-03-26]
FF Extension: Tab Kit - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\tabkit@jomel.me.uk [2010-10-22]
FF Extension: Download Youtube Videos + - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\video.downloader.plugin@ffpimp.com [2012-03-29]
FF Extension: VTzilla - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\vtzilla@virustotal.com [2011-07-17]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-01-18]
FF Extension: Evernote Web Clipper - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-01-18]
FF Extension: QuickDrag - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\quickdrag@mozilla.ktechcomputing.com.xpi [2012-03-24]
FF Extension: Uppity - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{16cbd87c-eb99-4f5c-9825-83cf13ab7ff8}.xpi [2012-01-06]
FF Extension: NoScript - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-01-06]
FF Extension: StumbleUpon - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2012-01-11]
FF Extension: Adblock Plus - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-05]
FF Extension: Download Statusbar - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012-01-06]
FF Extension: DownThemAll! - C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-01-25]

Chrome:
=======
CHR HomePage: hxxp://www.marthastewart.com/
CHR StartupUrls: "hxxp://marthastewart.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Way\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Way\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Extension: (Google Drive) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-09-18]
CHR Extension: (Language Immersion for Chrome) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2012-05-24]
CHR Extension: (Solitaire) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim [2012-06-28]
CHR Extension: (Facebook Colour Changer) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpllmoilcakpgbeodibeifcfnndoheam [2012-05-24]
CHR Extension: (Ge.tt) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdgghbbgmhcpidlmnepkbihehhkmjomc [2012-01-08]
CHR Extension: (Adblock Plus) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-01-11]
CHR Extension: (__MSG_buttonTitle__) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\clikkblliffbbkffahjehcdeknmedelg [2012-11-10]
CHR Extension: (Springpad Clipper) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\eclcnlepmfepnccogfjdafhhlgcfdmnj [2013-06-09]
CHR Extension: (Search All) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk [2014-01-14]
CHR Extension: (Springpad) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla [2012-01-08]
CHR Extension: (EasyDrop) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie [2012-05-17]
CHR Extension: (AdBlock) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-03]
CHR Extension: (Pin It Button) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-05-18]
CHR Extension: (Caroline Gardner) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlajhhigpcohfpjjmnbifacfbdoponci [2013-09-24]
CHR Extension: (Cloud Reader) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2012-07-18]
CHR Extension: (Dropbox) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2012-05-24]
CHR Extension: (Clearly) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2012-05-24]
CHR Extension: (Evernote Web) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-09-15]
CHR Extension: (Planner 5D) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2013-08-14]
CHR Extension: (Ge.tt) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflehelhgpjjhfiigceaplnmgiblnclo [2013-08-19]
CHR Extension: (Springpad Extension) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng [2012-01-08]
CHR Extension: (Google Wallet) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Origami Player) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2013-08-27]
CHR Extension: (Evernote Web Clipper) - C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2012-05-24]
CHR HKLM\...\Chrome\Extension: [pmfbdeonhcacfoakminfhhgllaelfhda] - C:\Program Files\RebateRobot\rrchrome_im-c1_2_1_2.crx [2012-05-24]
CHR StartMenuInternet: Google Chrome - C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)
R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [220800 2014-04-12] ()
R2 FoxitCloudUpdateService; E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
R2 HPSLPSVC; C:\Users\Way\AppData\Local\Temp\7zS36DF\hpslpsvc32.dll [701288 2011-11-14] (Hewlett-Packard Co.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe [61440 2011-03-15] (Palm)
R2 Palm_TCP_Relay; C:\Program Files\HP webOS\PDK\tcprelay.exe [11776 2011-10-07] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 TVersityMediaServer; C:\Users\Way\AppData\Local\TVersity\Media Server\MediaServer.exe [884736 2010-07-25] ()
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 vosr; C:\Users\Way\AppData\Roaming\VOPackage\VOsrv.exe [X]

==================== Drivers (Whitelisted) ====================

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-03-31] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20864 2010-03-31] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [19968 2010-03-31] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [24960 2010-03-31] (LG Electronics Inc.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2010-07-21] (Google Inc)
S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [25728 2010-03-31] (Google Inc)
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
S3 COMMONFX; C:\Windows\System32\drivers\COMMONFX.SYS [98328 2008-03-20] (Creative Technology Ltd)
R3 COMMONFX.SYS; C:\Windows\System32\drivers\COMMONFX.SYS [98328 2008-03-20] (Creative Technology Ltd)
S3 CTAUDFX; C:\Windows\System32\drivers\CTAUDFX.SYS [528920 2008-03-20] (Creative Technology Ltd)
S3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [528920 2008-03-20] (Creative Technology Ltd)
S3 CTEAPSFX; C:\Windows\System32\drivers\CTEAPSFX.SYS [163352 2008-03-20] (Creative Technology Ltd)
S3 CTEAPSFX.SYS; C:\Windows\System32\drivers\CTEAPSFX.SYS [163352 2008-03-20] (Creative Technology Ltd)
S3 CTEDSPFX; C:\Windows\System32\drivers\CTEDSPFX.SYS [259096 2008-03-20] (Creative Technology Ltd)
S3 CTEDSPFX.SYS; C:\Windows\System32\drivers\CTEDSPFX.SYS [259096 2008-03-20] (Creative Technology Ltd)
S3 CTEDSPIO; C:\Windows\System32\drivers\CTEDSPIO.SYS [134168 2008-03-20] (Creative Technology Ltd)
R3 CTEDSPIO.SYS; C:\Windows\System32\drivers\CTEDSPIO.SYS [134168 2008-03-20] (Creative Technology Ltd)
S3 CTEDSPSY; C:\Windows\System32\drivers\CTEDSPSY.SYS [309784 2008-03-20] (Creative Technology Ltd)
R3 CTEDSPSY.SYS; C:\Windows\System32\drivers\CTEDSPSY.SYS [309784 2008-03-20] (Creative Technology Ltd)
S3 CTERFXFX; C:\Windows\System32\drivers\CTERFXFX.SYS [99352 2008-03-20] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\Windows\System32\drivers\CTERFXFX.SYS [99352 2008-03-20] (Creative Technology Ltd)
S3 CTSBLFX; C:\Windows\System32\drivers\CTSBLFX.SYS [534040 2008-03-20] (Creative Technology Ltd)
S3 CTSBLFX.SYS; C:\Windows\System32\drivers\CTSBLFX.SYS [534040 2008-03-20] (Creative Technology Ltd)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [802840 2008-03-20] (Creative Technology Ltd)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-07-12] (Lavasoft AB)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [728064 2011-02-11] (Realtek Semiconductor Corporation )
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3486336 2009-08-20] ()
R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [79408 2007-09-05] (PACE Anti-Piracy, Inc.)
S1 MpKslbb21eba2; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{74688BB0-9750-45C4-8FAF-CA49AE678B2F}\MpKslbb21eba2.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-25 19:10 - 2014-04-25 19:10 - 00000000 ____D () C:\FRST
2014-04-24 23:20 - 2014-04-24 23:20 - 00078697 _____ () C:\Users\Way\Desktop\Bill_2014-04-13 (1).xls
2014-04-24 23:19 - 2014-04-24 23:19 - 00078697 _____ () C:\Users\Way\Desktop\Bill_2014-04-13.xls
2014-04-23 14:30 - 2014-04-23 14:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Notepad++
2014-04-23 13:31 - 2014-04-23 13:31 - 00022798 _____ () C:\Users\Way\Desktop\dds.txt
2014-04-23 13:31 - 2014-04-23 13:31 - 00011422 _____ () C:\Users\Way\Desktop\attach.txt
2014-04-22 20:39 - 2014-04-25 19:10 - 00000000 ____D () C:\Users\Way\Desktop\__SPY BOT CLEANUP
2014-04-21 16:49 - 2014-04-21 16:49 - 00149840 _____ () C:\Windows\Minidump\042114-17518-01.dmp
2014-04-21 14:52 - 2014-04-21 15:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\EmuPatchMixDSP
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\Documents\My Sessions
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-21 14:51 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-21 14:51 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator
2014-04-21 14:51 - 2014-04-21 14:51 - 00001413 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-21 14:51 - 2014-04-21 14:51 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-04-21 14:51 - 2011-09-27 03:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-04-21 14:51 - 2010-07-29 03:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-04-21 14:51 - 2009-07-14 00:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-21 14:51 - 2009-07-14 00:37 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-19 21:46 - 2014-04-19 21:46 - 00000000 ____D () C:\Users\Way\Documents\My Media
2014-04-19 21:46 - 2014-04-19 21:46 - 00000000 ____D () C:\Users\Way\AppData\Roaming\OverDrive
2014-04-19 21:45 - 2014-04-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive Media Console
2014-04-18 18:48 - 2014-04-18 18:48 - 00000000 __SHD () C:\Users\Way\AppData\Local\EmieUserList
2014-04-18 18:48 - 2014-04-18 18:48 - 00000000 __SHD () C:\Users\Way\AppData\Local\EmieSiteList
2014-04-17 03:01 - 2014-03-06 05:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-17 03:01 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-17 03:01 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-17 03:01 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-17 03:01 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-17 03:01 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-17 03:01 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-17 03:01 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-17 03:01 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-17 03:01 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-17 03:01 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-17 03:01 - 2014-03-06 03:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-17 03:01 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-17 03:01 - 2014-03-06 03:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-17 03:01 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-17 03:01 - 2014-03-06 03:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-17 03:01 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-17 03:01 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-17 03:01 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-17 03:01 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-17 03:01 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-17 03:01 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-17 03:01 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-17 03:01 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-17 03:01 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-17 03:00 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-16 23:50 - 2014-04-16 23:50 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-04-12 17:59 - 2014-04-22 10:09 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-12 17:56 - 2014-04-12 19:43 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-12 17:56 - 2014-04-12 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-12 17:56 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-12 16:13 - 2014-04-12 16:14 - 00004060 _____ () C:\Windows\wininit.ini
2014-04-12 15:33 - 2014-04-15 15:33 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-12 15:33 - 2014-04-13 15:33 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-12 15:33 - 2014-04-12 17:24 - 00000000 ____D () C:\Program Files\SearchProtect
2014-04-12 15:33 - 2014-04-12 15:56 - 00000368 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-12 15:33 - 2014-04-12 15:33 - 00000318 _____ () C:\Users\Way\AppData\Roaming\aps.uninstall.scan.results
2014-04-12 15:30 - 2014-04-12 15:36 - 00000000 ____D () C:\ProgramData\VisualBee
2014-04-12 15:29 - 2014-04-12 15:29 - 01097384 _____ (AnyProtect.com) C:\Users\Way\AppData\Local\nsoE3E3.tmp
2014-04-12 15:29 - 2014-04-12 15:29 - 00001236 _____ () C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2014-04-12 15:29 - 2014-04-12 15:29 - 00000000 ____D () C:\Users\Way\AppData\Local\emaze
2014-04-12 15:28 - 2014-04-12 15:28 - 00000000 ____D () C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-04-12 15:27 - 2014-04-12 19:40 - 00000000 ____D () C:\Program Files\003
2014-04-12 15:26 - 2014-04-12 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-04-12 15:25 - 2014-04-12 16:13 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-04-12 14:22 - 2014-04-12 14:22 - 00000000 ____D () C:\Users\Way\AppData\Local\webinternetsecurity
2014-04-10 20:27 - 2014-04-10 20:27 - 00000000 ____D () C:\Users\Way\AppData\Local\Adobe_Systems_Incorporate
2014-04-10 20:26 - 2014-04-10 20:26 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2014-04-09 08:23 - 2014-02-03 22:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 08:23 - 2014-02-03 22:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 08:23 - 2014-02-03 22:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 08:23 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 08:23 - 2014-01-23 22:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 08:22 - 2014-03-04 05:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-04 20:34 - 2014-04-04 20:34 - 00000916 _____ () C:\Users\Way\.recently-used.xbel
2014-04-02 17:52 - 2014-04-02 17:52 - 00000000 ____D () C:\Users\Way\AppData\Local\ABBYY
2014-03-30 12:32 - 2014-03-30 12:32 - 00000000 ____D () C:\Users\Way\Desktop\__OCR_LEXMARK

==================== One Month Modified Files and Folders =======

2014-04-25 19:10 - 2014-04-25 19:10 - 00000000 ____D () C:\FRST
2014-04-25 19:10 - 2014-04-22 20:39 - 00000000 ____D () C:\Users\Way\Desktop\__SPY BOT CLEANUP
2014-04-25 19:02 - 2010-07-19 16:37 - 01966640 _____ () C:\Windows\WindowsUpdate.log
2014-04-25 18:58 - 2012-04-23 11:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-25 18:55 - 2010-08-06 02:50 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816093974-2989711645-1971761348-1000UA.job
2014-04-25 18:40 - 2012-04-09 16:57 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-25 18:03 - 2012-05-11 11:19 - 00000000 ____D () C:\Users\Way\AppData\Local\Akamai
2014-04-25 18:00 - 2010-07-22 03:59 - 00000370 _____ () C:\Windows\Tasks\At3.job
2014-04-25 18:00 - 2010-07-22 03:59 - 00000370 _____ () C:\Windows\Tasks\At2.job
2014-04-25 18:00 - 2010-07-22 03:59 - 00000370 _____ () C:\Windows\Tasks\At1.job
2014-04-25 14:55 - 2010-08-06 02:50 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816093974-2989711645-1971761348-1000Core.job
2014-04-25 14:40 - 2012-04-09 16:57 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-25 14:07 - 2009-07-14 00:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-25 14:07 - 2009-07-14 00:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-25 14:02 - 2012-02-20 22:19 - 00000000 ____D () C:\Users\Way\AppData\Local\CUSTPDF Writer
2014-04-25 14:02 - 2012-02-20 16:50 - 00000000 ____D () C:\Users\Way\Documents\ACT Printer Drop Folder
2014-04-25 14:02 - 2010-09-30 22:13 - 00000000 ____D () C:\Users\Way\AppData\Roaming\Dropbox
2014-04-25 14:01 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-25 13:59 - 2014-01-23 18:01 - 00007472 _____ () C:\Windows\setupact.log
2014-04-25 13:59 - 2010-07-29 02:09 - 00491452 _____ () C:\aaw7boot.log
2014-04-25 13:59 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-24 23:23 - 2014-01-26 14:02 - 00000000 ____D () C:\Users\Way\AppData\Local\8F0F0093-273B-42BA-90EA-4B4D27092AB9.aplzod
2014-04-24 23:20 - 2014-04-24 23:20 - 00078697 _____ () C:\Users\Way\Desktop\Bill_2014-04-13 (1).xls
2014-04-24 23:19 - 2014-04-24 23:19 - 00078697 _____ () C:\Users\Way\Desktop\Bill_2014-04-13.xls
2014-04-23 14:30 - 2014-04-23 14:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Notepad++
2014-04-23 13:31 - 2014-04-23 13:31 - 00022798 _____ () C:\Users\Way\Desktop\dds.txt
2014-04-23 13:31 - 2014-04-23 13:31 - 00011422 _____ () C:\Users\Way\Desktop\attach.txt
2014-04-22 19:57 - 2010-07-19 17:24 - 00000000 ____D () C:\Users\Way\AppData\Roaming\Mozilla
2014-04-22 11:49 - 2012-01-24 17:19 - 00000000 ____D () C:\Users\Way\.gimp-2.6
2014-04-22 11:48 - 2012-01-13 09:39 - 00004596 _____ () C:\Users\Way\Desktop\PW (1).txt
2014-04-22 10:09 - 2014-04-12 17:59 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 16:49 - 2014-04-21 16:49 - 00149840 _____ () C:\Windows\Minidump\042114-17518-01.dmp
2014-04-21 16:49 - 2010-10-27 04:24 - 00000000 ____D () C:\Windows\Minidump
2014-04-21 15:41 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\EmuPatchMixDSP
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\Documents\My Sessions
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-04-21 14:52 - 2014-04-21 14:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-04-21 14:52 - 2014-04-21 14:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-21 14:52 - 2014-04-21 14:51 - 00000000 ____D () C:\Users\Administrator
2014-04-21 14:52 - 2009-07-14 00:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-21 14:51 - 2014-04-21 14:51 - 00001413 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-21 14:51 - 2014-04-21 14:51 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-04-19 21:46 - 2014-04-19 21:46 - 00000000 ____D () C:\Users\Way\Documents\My Media
2014-04-19 21:46 - 2014-04-19 21:46 - 00000000 ____D () C:\Users\Way\AppData\Roaming\OverDrive
2014-04-19 21:45 - 2014-04-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive Media Console
2014-04-19 21:23 - 2010-07-19 16:46 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 18:48 - 2014-04-18 18:48 - 00000000 __SHD () C:\Users\Way\AppData\Local\EmieUserList
2014-04-18 18:48 - 2014-04-18 18:48 - 00000000 __SHD () C:\Users\Way\AppData\Local\EmieSiteList
2014-04-17 09:43 - 2013-03-27 21:25 - 00000000 ____D () C:\Users\Way\Documents\My Digital Editions
2014-04-17 09:24 - 2013-04-05 14:40 - 00000000 ____D () C:\Users\Way\Desktop\OCR
2014-04-17 03:55 - 2013-11-13 05:02 - 00000000 ____D () C:\Windows\rescache
2014-04-17 03:19 - 2010-07-19 16:53 - 00132048 _____ () C:\Users\Way\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 03:18 - 2014-03-06 08:53 - 00037324 _____ () C:\Windows\PFRO.log
2014-04-17 03:18 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\SchCache
2014-04-17 01:16 - 2009-07-13 22:37 - 00000000 _SHDC () C:\Windows\$NtUninstallKB17194$
2014-04-16 23:50 - 2014-04-16 23:50 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-04-15 15:33 - 2014-04-12 15:33 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-15 12:50 - 2012-12-10 14:07 - 00000000 ____D () C:\Users\Way\Desktop\___GIFT SHOP SALES Forms
2014-04-13 15:33 - 2014-04-12 15:33 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-12 19:43 - 2014-04-12 17:56 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-12 19:40 - 2014-04-12 15:27 - 00000000 ____D () C:\Program Files\003
2014-04-12 19:40 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\tracing
2014-04-12 18:00 - 2011-11-27 15:56 - 00000000 ____D () C:\Users\Way\AppData\Roaming\Malwarebytes
2014-04-12 17:56 - 2014-04-12 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-12 17:56 - 2011-11-27 15:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 17:49 - 2014-04-12 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-04-12 17:24 - 2014-04-12 15:33 - 00000000 ____D () C:\Program Files\SearchProtect
2014-04-12 16:14 - 2014-04-12 16:13 - 00004060 _____ () C:\Windows\wininit.ini
2014-04-12 16:13 - 2014-04-12 15:25 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-04-12 15:56 - 2014-04-12 15:33 - 00000368 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-12 15:36 - 2014-04-12 15:30 - 00000000 ____D () C:\ProgramData\VisualBee
2014-04-12 15:33 - 2014-04-12 15:33 - 00000318 _____ () C:\Users\Way\AppData\Roaming\aps.uninstall.scan.results
2014-04-12 15:29 - 2014-04-12 15:29 - 01097384 _____ (AnyProtect.com) C:\Users\Way\AppData\Local\nsoE3E3.tmp
2014-04-12 15:29 - 2014-04-12 15:29 - 00001236 _____ () C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2014-04-12 15:29 - 2014-04-12 15:29 - 00000000 ____D () C:\Users\Way\AppData\Local\emaze
2014-04-12 15:28 - 2014-04-12 15:28 - 00000000 ____D () C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-04-12 14:22 - 2014-04-12 14:22 - 00000000 ____D () C:\Users\Way\AppData\Local\webinternetsecurity
2014-04-10 20:27 - 2014-04-10 20:27 - 00000000 ____D () C:\Users\Way\AppData\Local\Adobe_Systems_Incorporate
2014-04-10 20:26 - 2014-04-10 20:26 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2014-04-10 20:26 - 2010-08-14 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-04-09 23:20 - 2010-12-12 14:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 23:18 - 2013-07-14 23:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 23:16 - 2010-08-06 09:36 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-04 20:34 - 2014-04-04 20:34 - 00000916 _____ () C:\Users\Way\.recently-used.xbel
2014-04-04 20:34 - 2012-01-24 17:23 - 00000000 ____D () C:\Users\Way\AppData\Roaming\gtk-2.0
2014-04-04 20:34 - 2010-07-19 16:43 - 00000000 ____D () C:\Users\Way
2014-04-03 09:51 - 2014-04-12 17:56 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2011-11-27 15:56 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 18:14 - 2013-04-05 15:16 - 00023100 _____ () C:\ProgramData\LMADGscan.log
2014-04-02 18:14 - 2013-04-05 15:16 - 00000230 _____ () C:\Windows\system32\LexFiles.usr
2014-04-02 17:52 - 2014-04-02 17:52 - 00000000 ____D () C:\Users\Way\AppData\Local\ABBYY
2014-03-31 17:10 - 2012-09-06 21:04 - 00000000 ____D () C:\Users\Way\Desktop\CCCONA MAILINGS_AND BROCHURES
2014-03-30 12:32 - 2014-03-30 12:32 - 00000000 ____D () C:\Users\Way\Desktop\__OCR_LEXMARK
2014-03-27 23:37 - 2012-04-27 01:16 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-03-27 23:37 - 2011-12-14 09:27 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-27 23:37 - 2011-09-25 21:25 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-26 10:28 - 2014-01-23 14:53 - 00000000 ____D () C:\Users\Way\Desktop\___JOB SEARCH

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 00:25

==================== End Of Log ==========================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-04-2014
Ran by Way at 2014-04-25 19:12:05
Running from C:\Users\Way\Desktop\__SPY BOT CLEANUP
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
3MCloudLibrary PC (QML) 1.33 (HKLM\...\3MCloudLibrary PC (QML)) (Version: 1.33 - 3M)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
A Flipping Good Time Version 2.1 (HKLM\...\{575EFF03-44F9-46f4-A229-F245DA972CD2}_is1) (Version: - DigiPen Institute of Technology)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
ACID Pro 7.0 (HKLM\...\{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}) (Version: 7.0.536 - Sony)
Act Printer (HKLM\...\Act Printer) (Version: - )
ACTPrinter Win Client (HKLM\...\{2AC40764-904F-4138-8EA2-C1E435005A32}) (Version: 5.0 - Houdah Software)
ACTPrinter Win Client (HKLM\...\{8D9A351E-C708-4293-B135-1C8F880278F3}) (Version: 5.1 - Houdah Software)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.0.0 - Adobe Systems) Hidden
Adobe After Effects CS4 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Audition 3.0 (HKLM\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Master Collection (HKLM\...\{FBB02B04-C034-4382-A3F6-57416E2752C4}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe CS4 American English Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Dynamiclink Support (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Functional Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS4 Server (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.1.0.332 - Amazon Services LLC)
Amazon Games & Software Downloader (HKLM\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.10 (HKLM\...\Amazon MP3 Downloader) (Version: - )
Amazon MP3 Uploader (HKLM\...\com.amazon.music.uploader) (Version: 1.0.1 - Amazon Services LLC)
Amazon MP3 Uploader (Version: 1.0.1 - Amazon Services LLC) Hidden
Any Video Converter Professional 2.7.6 (HKLM\...\Any Video Converter Professional_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art Explosion Greeting Card Factory Express (HKLM\...\{AE15D0F7-8C2E-4419-97B4-995ED16FBB4E}) (Version: 1.04.3600 - Nova Development)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
calibre (HKLM\...\{D0940326-79BF-4D05-98CA-ED208661D34B}) (Version: 1.19.0 - Kovid Goyal)
CaptureIt Plus version 1.0 (HKLM\...\{18F651DA-E472-441A-A7CD-88C7DFBBFFA3}_is1) (Version: 1.0 - dotnetthoughts.net)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CopyFilenames 3.1 (HKLM\...\CopyFilenames_is1) (Version: 3.1 - ExtraBit Software)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
eFax Messenger (HKLM\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.1.528 - j2 Global)
E-muPatchMix DSP (HKLM\...\EMU PatchMix DSP) (Version: - )
eMusic Download Manager 4.1.4 (HKLM\...\eMusic Download Manager) (Version: 4.1.4 - eMusic, Inc.)
eVoice Player 1.0 (HKLM\...\{DBAC1413-D5AE-4c89-AE9A-B330B02DBAB0}) (Version: 1.0 - j2 Global Communications)
FileMaker Pro 11 Advanced (HKLM\...\{C53BECC0-C579-44F8-A995-E97FACB04DFC}_FileMaker) (Version: 11.0.2.0 - FileMaker, Inc.)
FileMaker Pro 11 Advanced (Version: 11.0.2.0 - FileMaker, Inc.) Hidden
FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Talk Plugin (HKLM\...\{6080787C-8D8A-3334-B79E-FFDC020FA0A1}) (Version: 5.3.0.18358 - Google)
Google Update Helper (Version: 1.3.21.153 - Google Inc.) Hidden
Hong Kong Mahjong 800x600 demo (HKLM\...\Hong Kong Mahjong 800x600 demo) (Version: - )
HP webOS SDK (HKLM\...\{7BAC15E1-52CB-4529-B678-9EEDADE55E79}) (Version: 3.0.669 - HP)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.7.2.2923 - PACE Anti-Piracy)
Internet TV for Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java(TM) SE Development Kit 6 Update 24 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160240}) (Version: 1.6.0.240 - Oracle)
Karen's Directory Printer (HKLM\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
K-Lite Codec Pack 7.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.8.0 - )
Lexmark S410 Series Uninstaller (HKLM\...\Lexmark S410 Series) (Version: - Lexmark International, Inc.)
LG United Mobile Drivers (HKLM\...\{0B03443D-8E0B-453e-8EFC-4490D0D24E6A}) (Version: 1.0 - LG Electronics)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Magic ISO Maker v5.5 (build 0273) (HKLM\...\Magic ISO Maker v5.5 (build 0273)) (Version: - )
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mavis Beacon Teaches Typing Platinum 20 (HKLM\...\{58F9D852-9443-4955-A1ED-12C9E0504DD0}) (Version: 20.00.0000 - Broderbund)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.28.0 - Dell)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
mysms version 2.0.0 (HKLM\...\{48F31003-B5A3-4E17-917A-5DDFF60B9FA2}_is1) (Version: 2.0.0 - Up to Eleven Digital Solutions GmbH)
Name Dropper (HKLM\...\{D2D0FBAD-1736-4B36-A46C-58EAAEDC0546}) (Version: 1.0.0 - Rapid Streams Software Factory)
Netflix in Windows Media Center (HKLM\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
Netwaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
Nora Roberts Vision in White (HKLM\...\Nora Roberts Vision in White_is1) (Version: - )
Notepad++ (HKLM\...\Notepad++) (Version: 5.9.2 - )
NotesHolder 2.2 (HKLM\...\NotesHolder_is1) (Version: 2.2 - A!K Research Labs)
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.73 - Palm, Inc.)
OmmWriter (HKLM\...\{61356085-6C51-4DC9-99E6-33ED72304690}) (Version: 0.1.0.8 - Herraiz & Soto)
Oracle VM VirtualBox 4.1.6 (HKLM\...\{650E4124-292E-4638-944C-99A880C9D0F0}) (Version: 4.1.6 - Oracle Corporation)
Orbit Downloader (HKLM\...\Orbit_is1) (Version: - www.orbitdownloader.com)
OverDrive Media Console (HKLM\...\{7326DA0C-C09B-491C-81FF-6DA12B2256BB}) (Version: 3.3.0 - OverDrive, Inc.)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
PoiZone (HKLM\...\PoiZone) (Version: - Image-Line)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0174 - REALTEK Semiconductor Corp.)
Sawer (HKLM\...\Sawer) (Version: - Image-Line)
Semper Driver Backup (HKLM\...\Semper Driver Backup_is1) (Version: 4.0 - Semper Software)
SKTools Lite (HKLM\...\SKTools Lite) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SugarSync Manager (HKLM\...\SugarSync) (Version: 1.9.96.111090 - SugarSync, Inc.)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeraCopy 2.2 (HKLM\...\TeraCopy_is1) (Version: - Code Sector Inc.)
TL Space Native 7.4 (HKLM\...\{A09ABB28-33D6-4662-8282-C46D480BE863}) (Version: 7.4 - Digidesign, A Division of Avid Technology, Inc.)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
TreeSize Free V2.5 (HKLM\...\TreeSize Free_is1) (Version: 2.5 - JAM Software)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation)
TVersity Codec Pack 1.4 (HKLM\...\TVersity Codec Pack) (Version: 1.4 - TVersity Inc.)
TVersity Media Server 1.9.2 (HKLM\...\TVersity Media Server) (Version: 1.9.2 - TVersity)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
USB Video Device (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.54000.0 - Sonix)
VDownloader 2.9.443 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
VistaSwitcher (HKLM\...\VistaSwitcher) (Version: 1.1.3 - NTWind Software)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC (HKLM\...\{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}) (Version: 1.0.0.0 - VLC)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
Windows Media Center Add-in for Flash (HKLM\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

==================== Restore Points =========================


==================== Hosts content: ==========================

2011-12-03 15:11 - 2014-04-21 15:12 - 00450753 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {025BFA3D-273C-45C1-9942-1C644D96BE83} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1DAF1A63-900B-428F-A614-240523BEC0FD} - System32\Tasks\At3 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: {29C80397-D1CA-4C60-B84F-DD19B539D0D4} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {38799036-37F9-4DB5-84A9-82D71EDB73AC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {45A1EC23-AE9E-4FC7-9486-8CC7A3CE9E8C} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe [2012-09-11] ()
Task: {6090CAD5-694A-4CF7-8850-7FD18F422566} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1816093974-2989711645-1971761348-1000Core => C:\Users\Way\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-06] (Google Inc.)
Task: {612B2E03-7EBA-4F91-AD34-16526525F6A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {74D200E7-26FE-4F42-B0E2-0908FC1DBE25} - System32\Tasks\{1C9F9671-7CE0-41F7-BFC1-EC14D37C4235} => C:\Program Files\REALTEK\11n USB Wireless LAN Utility\ReStart.exe [2009-04-20] (Realtek)
Task: {7D62CFAC-A5DE-44EC-8B3C-3CC35D91E9C3} - System32\Tasks\{410425B6-70EB-455F-BE5F-32FCCAB52D02} => C:\Program Files\Skype\Phone\Skype.exe
Task: {7DED9114-7E8C-4CA9-9D35-F76E1A95DF5A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {82BA4169-32AE-4090-BD2D-403CBDFB31D8} - System32\Tasks\AdobeAAMUpdater-1.0-Rebirth-Way => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {95151BDB-61A3-4E7E-9D49-88B5C3B5A548} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {9CB64F41-6AE1-4B85-B9D8-D1AF9039A6DA} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9F233CA0-F7A2-4EFD-89C7-022F9B2D2968} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {9F8A70C5-AF21-4972-89FF-4DDFFDA400E9} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B28DEA05-56E4-4183-831F-51B896E4FD4B} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {C64EB799-E245-4893-BD1A-39C5392C21DD} - System32\Tasks\Amazon Music Helper => C:\Users\Way\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2013-06-21] ()
Task: {CCBC01C7-57C0-4D2A-B9AE-7337EB7171F4} - System32\Tasks\At2 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: {E8DCFC4B-9945-455A-953D-BA6AA6BCEE3F} - System32\Tasks\At1 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: {FF83D9C7-5498-40B5-BB95-CBEB24CF2C58} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1816093974-2989711645-1971761348-1000UA => C:\Users\Way\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\At1.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
Task: C:\Windows\Tasks\At2.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
Task: C:\Windows\Tasks\At3.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816093974-2989711645-1971761348-1000Core.job => C:\Users\Way\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816093974-2989711645-1971761348-1000UA.job => C:\Users\Way\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 16:50 - 2008-07-19 17:02 - 00086016 _____ () C:\Windows\System32\custmon32.dll
2013-01-26 23:06 - 2009-10-23 13:31 - 00038912 _____ () C:\Program Files\Amazon\Amazon Games & Software Downloader\utility.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-12 15:26 - 2014-04-12 15:26 - 00220800 ____N () C:\Program Files\Optimizer Pro\OptProCrashSvc.dll
2014-04-12 15:26 - 2014-04-12 15:26 - 04110808 ____N () C:\Program Files\Optimizer Pro\OptProCrash.dll
2011-10-07 17:07 - 2011-10-07 17:07 - 00011776 _____ () C:\Program Files\HP webOS\PDK\tcprelay.exe
2012-11-14 22:12 - 2012-11-14 22:12 - 00217600 _____ () C:\Program Files\Lexmark\LMADG\LMabmini.dll
2010-07-21 00:21 - 2010-03-15 14:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2011-10-16 17:08 - 2009-06-22 02:26 - 00305664 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll
2011-02-08 20:56 - 2011-02-08 20:56 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll
2011-10-16 17:08 - 2009-07-13 23:50 - 00325120 _____ () C:\Program Files\TeraCopy\TeraCopy.dll
2013-04-05 14:27 - 2012-09-07 02:40 - 00952496 _____ () C:\Program Files\Lexmark S410 Series\LMADGmon.exe
2013-04-05 14:27 - 2012-08-22 06:05 - 01490944 _____ () C:\Program Files\Lexmark S410 Series\lmabdrs.dll
2013-04-05 14:27 - 2012-08-07 07:40 - 00645296 _____ () C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
2013-04-05 14:27 - 2012-08-07 07:37 - 00217088 _____ () C:\Program Files\Lexmark\ErrorApp\lmab1err.dll
2014-04-09 09:16 - 2014-04-01 21:57 - 00065352 _____ () C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2012-11-14 22:12 - 2012-11-14 22:12 - 00888832 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\LMADGQ4Z.DLL
2012-11-14 22:12 - 2012-11-14 22:12 - 01805312 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\LMADGQUE.DLL
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () E:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () E:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-06-24 13:20 - 2013-06-24 13:20 - 01956800 _____ () C:\Users\Way\AppData\Local\Programs\Houdah Software\ACTPrinter Win Client\ACTPrinter Win.exe
2012-02-20 16:50 - 2004-09-26 17:35 - 02768896 _____ () C:\Program Files\GPLGS\gsdll32.dll
2014-04-09 09:16 - 2014-04-01 21:57 - 00674632 _____ () C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-09 09:16 - 2014-04-01 21:57 - 00093000 _____ () C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-09 09:16 - 2014-04-01 21:57 - 04081480 _____ () C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 09:16 - 2014-04-01 21:58 - 00390472 _____ () C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 09:16 - 2014-04-01 21:57 - 01647432 _____ () C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-09 09:16 - 2014-04-01 21:58 - 13691720 _____ () C:\Users\Way\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\$NtUninstallKB17194$:SummaryInformation
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\35048670.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\35048670.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Way^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: 433F2230225CBFC9339AC380E9991C101237BA5C._service_run => "C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Amazon Cloud Player => C:\Users\Way\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_TRAY => C:\Program Files\AVG\AVG10\avgtray.exe
MSCONFIG\startupreg: eFax 4.4 => "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe
MSCONFIG\startupreg: tsnp2uvc => C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe

==================== Faulty Device Manager Devices =============

Name: MpKslbb21eba2
Description: MpKslbb21eba2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslbb21eba2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2014 06:03:08 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/25/2014 06:02:44 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/25/2014 02:02:45 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/25/2014 02:02:18 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/24/2014 08:45:30 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/24/2014 08:44:57 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/24/2014 03:49:58 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/24/2014 03:49:20 PM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/24/2014 11:46:54 AM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (04/24/2014 11:46:30 AM) (Source: MsiInstaller) (User: Rebirth)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Way\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.


System errors:
=============
Error: (04/25/2014 06:14:14 PM) (Source: Service Control Manager) (User: )
Description: The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).

Error: (04/25/2014 02:02:13 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (04/25/2014 01:59:54 PM) (Source: Service Control Manager) (User: )
Description: The Service Component of VO service failed to start due to the following error:
%%2

Error: (04/24/2014 11:24:21 PM) (Source: Service Control Manager) (User: )
Description: The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).

Error: (04/24/2014 09:07:10 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.173.549.0

Update Source: %NT AUTHORITY59

Update Stage: 4.5.0216.00

Source Path: 4.5.0216.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (04/24/2014 07:25:04 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/23/2014 02:58:17 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/21/2014 05:17:09 PM) (Source: Service Control Manager) (User: )
Description: The Foxit Cloud Safe Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/21/2014 04:51:46 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (04/21/2014 04:49:36 PM) (Source: Service Control Manager) (User: )
Description: The Service Component of VO service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (01/05/2014 11:25:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/25/2013 01:04:35 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 31886 seconds with 300 seconds of active time. This session ended with a crash.

Error: (09/15/2013 10:46:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/03/2013 03:19:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1937 seconds with 840 seconds of active time. This session ended with a crash.

Error: (03/02/2013 08:46:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37639 seconds with 14760 seconds of active time. This session ended with a crash.

Error: (10/30/2012 11:56:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27177 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/27/2012 03:45:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3748 seconds with 1920 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 72%
Total physical RAM: 2012.8 MB
Available physical RAM: 560.06 MB
Total Pagefile: 4025.61 MB
Available Pagefile: 1397.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:7.39 GB) NTFS
Drive d: (Files) (Fixed) (Total:181.53 GB) (Free:158.81 GB) NTFS
Drive e: (Downloads) (Fixed) (Total:20.51 GB) (Free:14.63 GB) NTFS
Drive f: (Scratch Disk) (Fixed) (Total:39.06 GB) (Free:20.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8A427EA7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=241 GB) - (Type=OF Extended)

==================== End Of Log ============================

What is AnyProtect?
AnyProtect by ClickMeIn Limited is a potentially unwanted program run by ironSource, a known distributor of web browser extensions and toolbars.
It is advised you uninstall/remove AnyProtect

The below script I have created will also reboot your computer, please don't be alarmed.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
BHO: RebateRobot BHO - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
FF user.js: detected! => C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\user.js
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF SearchPlugin: C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\searchplugins\safeguard-secure-search.xml
CHR HKLM\...\Chrome\Extension: [pmfbdeonhcacfoakminfhhgllaelfhda] - C:\Program Files\RebateRobot\rrchrome_im-c1_2_1_2.crx [2012-05-24]
R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [220800 2014-04-12] ()
C:\Program Files\SearchProtect
C:\Program Files\Optimizer Pro
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
Task: {1DAF1A63-900B-428F-A614-240523BEC0FD} - System32\Tasks\At3 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: {29C80397-D1CA-4C60-B84F-DD19B539D0D4} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9CB64F41-6AE1-4B85-B9D8-D1AF9039A6DA} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9F8A70C5-AF21-4972-89FF-4DDFFDA400E9} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CCBC01C7-57C0-4D2A-B9AE-7337EB7171F4} - System32\Tasks\At2 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: {E8DCFC4B-9945-455A-953D-BA6AA6BCEE3F} - System32\Tasks\At1 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
Task: C:\Windows\Tasks\At2.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
Task: C:\Windows\Tasks\At3.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
C:\Program Files\Optimizer Pro\OptProCrashSvc.dll
C:\Program Files\Optimizer Pro\OptProCrash.dll
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~~~~~~~~~`

AdwCleaner by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open windows and browsers.



Right click the AdwCleaner icon http://i1059.photobucket.com/albums/t432/cinjo23/RightClickonAdwCleanerIcon.jpg on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

*****
https://dl.dropbox.com/u/73555776/AdwCleaner.GIF


Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
Click the Report button to get the log
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.
~~~~~~~~~~~~~~~~~~~~~~~~~~

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.


Please post:
Fixlog.txt
AdwCleaner[R0].txt
JRT.txt

Thank you Juliet,

I will run this tomorrow afternoon.
One question - how do I disable my protective software?
I have never done so before

Thank you

You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)

Thanks Juliet,
I am going to turn computer protection back on. Please let me know if I need to turn it off again for any upcoming steps.

FIXLOG.TXT


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2014
Ran by Way at 2014-04-27 18:05:34 Run:1
Running from C:\Users\Way\Desktop\__SPY BOT CLEANUP\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
BHO: RebateRobot BHO - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
FF user.js: detected! => C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\user.js
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF SearchPlugin: C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\searchplugins\safeguard-secure-search.xml
CHR HKLM\...\Chrome\Extension: [pmfbdeonhcacfoakminfhhgllaelfhda] - C:\Program Files\RebateRobot\rrchrome_im-c1_2_1_2.crx [2012-05-24]
R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [220800 2014-04-12] ()
C:\Program Files\SearchProtect
C:\Program Files\Optimizer Pro
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
Task: {1DAF1A63-900B-428F-A614-240523BEC0FD} - System32\Tasks\At3 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: {29C80397-D1CA-4C60-B84F-DD19B539D0D4} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9CB64F41-6AE1-4B85-B9D8-D1AF9039A6DA} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9F8A70C5-AF21-4972-89FF-4DDFFDA400E9} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CCBC01C7-57C0-4D2A-B9AE-7337EB7171F4} - System32\Tasks\At2 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: {E8DCFC4B-9945-455A-953D-BA6AA6BCEE3F} - System32\Tasks\At1 => C:\Users\Way\AppData\Local\Temp\e2inst.exe <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
Task: C:\Windows\Tasks\At2.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
Task: C:\Windows\Tasks\At3.job => C:\Users\Way\AppData\Local\Temp\e2inst.exe
C:\Program Files\Optimizer Pro\OptProCrashSvc.dll
C:\Program Files\Optimizer Pro\OptProCrash.dll
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Reboot:
end
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} => Key deleted successfully.
HKCR\CLSID\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\user.js => Moved successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\searchplugins\safeguard-secure-search.xml => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda => Key deleted successfully.
"C:\Program Files\RebateRobot\rrchrome_im-c1_2_1_2.crx" => File/Directory not found.
ca82e1a5 => Service stopped successfully.
ca82e1a5 => Service deleted successfully.
C:\Program Files\SearchProtect => Moved successfully.
C:\Program Files\Optimizer Pro => Moved successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At3.job => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DAF1A63-900B-428F-A614-240523BEC0FD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DAF1A63-900B-428F-A614-240523BEC0FD} => Key deleted successfully.
C:\Windows\System32\Tasks\At3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29C80397-D1CA-4C60-B84F-DD19B539D0D4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29C80397-D1CA-4C60-B84F-DD19B539D0D4} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CB64F41-6AE1-4B85-B9D8-D1AF9039A6DA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CB64F41-6AE1-4B85-B9D8-D1AF9039A6DA} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F8A70C5-AF21-4972-89FF-4DDFFDA400E9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F8A70C5-AF21-4972-89FF-4DDFFDA400E9} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCBC01C7-57C0-4D2A-B9AE-7337EB7171F4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCBC01C7-57C0-4D2A-B9AE-7337EB7171F4} => Key deleted successfully.
C:\Windows\System32\Tasks\At2 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8DCFC4B-9945-455A-953D-BA6AA6BCEE3F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8DCFC4B-9945-455A-953D-BA6AA6BCEE3F} => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1 => Key deleted successfully.
C:\Windows\Tasks\At1.job not found.
C:\Windows\Tasks\At2.job not found.
C:\Windows\Tasks\At3.job not found.
"C:\Program Files\Optimizer Pro\OptProCrashSvc.dll" => File/Directory not found.
"C:\Program Files\Optimizer Pro\OptProCrash.dll" => File/Directory not found.
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog ====

ADWCLEANER.TXT


# AdwCleaner v3.204 - Report created 27/04/2014 at 18:20:41
# Updated 26/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Way - REBIRTH
# Running from : C:\Users\Way\Desktop\__SPY BOT CLEANUP\ADWCLEANER\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Way\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Windows\Tasks\APSnotifierPP1.job
File Found : C:\Windows\Tasks\APSnotifierPP2.job
File Found : C:\Windows\Tasks\APSnotifierPP3.job
Folder Found : C:\Program Files\003
Folder Found : C:\Program Files\GamesBar
Folder Found : C:\Program Files\orbitdownloader
Folder Found : C:\Users\Way\.android
Folder Found : C:\Users\Way\AppData\Local\emaze
Folder Found : C:\Users\Way\AppData\Local\Webinternetsecurity
Folder Found : C:\Users\Way\AppData\Roaming\digitalsite
Folder Found : C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Found : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\isreaditlater@ideashower.com
Folder Found : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\FoxTab
Folder Found : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\StumbleUpon

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\Orbit
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\visualbee
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\Software\LevelQualityWatcher
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_free-video-cutter_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_free-video-cutter_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Key Found : HKLM\Software\Orbit
Key Found : HKLM\Software\visualbee
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitdm.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitnet.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://movies.netflix.com/WiSearch?oq=once+upon+a+time&ac_posn=-1&ac_rec=true&ac_count=-1&ac_match=false&v1={searchTerms}&search_submit=
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3317822&octid=EB_ORIGINAL_CTID&ISID=M785A6931-084E-460B-9F5E-4A1647B6C37F&SearchSource=58&CUI=&UM=5&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
Found [Search Provider] : hxxp://s8int.com/search.htm?mact=Search%2Ccntnt01%2Cdosearch%2C0&cntnt01returnid=32&cntnt01searchinput={searchTerms}&cntnt01origreturnid=43&cntnt01modules=CGBlog
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [6376 octets] - [27/04/2014 18:20:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6436 octets] ##########


JRT.TXT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Way on Sun 04/27/2014 at 18:40:41.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&download by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&grab video by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\do&wnload selected by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\down&load all by orbit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\orbit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\orbit_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_free-video-cutter_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_free-video-cutter_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2F3369E5-BDE0-4A5C-8BA7-6E822CA5B8FB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\Users\Way\AppData\Roaming\digitalsite"
Successfully deleted: [Folder] "C:\Users\Way\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Program Files\gamesbar"
Successfully deleted: [Folder] "C:\Program Files\orbitdownloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2"



~~~ FireFox

Successfully deleted the following from C:\Users\Way\AppData\Roaming\mozilla\firefox\profiles\1t8q293v.default\prefs.js

user_pref("browser.bdtoolbar.search_searchbar", false);
user_pref("extensions.vidbar.search_searchbox_welcomeshown", true);
Emptied folder: C:\Users\Way\AppData\Roaming\mozilla\firefox\profiles\1t8q293v.default\minidumps [24 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/27/2014 at 18:42:21.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

That located a good deal of bad files.

Yes, please remember to turn your computer security back on after running the scans.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete this time click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes AntiMalware recently had a program update.
You can download the newest version over the top of the one you have or download and install again.

http://www.malwarebytes.org/update/

Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/update/)to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits
https://dl.dropboxusercontent.com/u/73555776/MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

https://dl.dropboxusercontent.com/u/73555776/MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

https://dl.dropboxusercontent.com/u/73555776/MBAMReboot.JPG

https://dl.dropboxusercontent.com/u/73555776/MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log


Please post these 2 logs.

Also, can you give me an update on how the computer is now.

That located a good deal of bad files.
Yes, please remember to turn your computer security back on after running the scans.

Thanks Juliet...my computer seems to be running more quickly now! :thanks:

Here are the logs below:

ADWCLEANER[S1].TXT


# AdwCleaner v3.204 - Report created 28/04/2014 at 14:52:47
# Updated 26/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Way - REBIRTH
# Running from : C:\Users\Way\Desktop\__SPY BOT CLEANUP\ADWCLEANER\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Users\Way\.android
Folder Deleted : C:\Users\Way\AppData\Local\emaze
Folder Deleted : C:\Users\Way\AppData\Local\Webinternetsecurity
Folder Deleted : C:\Users\Way\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\FoxTab
Folder Deleted : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\StumbleUpon
Folder Deleted : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\Extensions\isreaditlater@ideashower.com
File Deleted : C:\Users\Way\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Windows\Tasks\APSnotifierPP1.job
File Deleted : C:\Windows\Tasks\APSnotifierPP2.job
File Deleted : C:\Windows\Tasks\APSnotifierPP3.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitdm.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitnet.exe]
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\LevelQualityWatcher

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Way\AppData\Roaming\Mozilla\Firefox\Profiles\1t8q293v.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?oq=once+upon+a+time&ac_posn=-1&ac_rec=true&ac_count=-1&ac_match=false&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3317822&octid=EB_ORIGINAL_CTID&ISID=M785A6931-084E-460B-9F5E-4A1647B6C37F&SearchSource=58&CUI=&UM=5&UP=SP327F139D-46F8-41E7-9C73-DB0910C4D992&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://s8int.com/search.htm?mact=Search%2Ccntnt01%2Cdosearch%2C0&cntnt01returnid=32&cntnt01searchinput={searchTerms}&cntnt01origreturnid=43&cntnt01modules=CGBlog
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [6516 octets] - [27/04/2014 18:20:41]
AdwCleaner[R1].txt - [4426 octets] - [28/04/2014 14:47:47]
AdwCleaner[S0].txt - [4423 octets] - [28/04/2014 14:52:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4483 octets] ##########

MalBytesware Scan Log 4-28-2014.txt

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/28/2014
Scan Time: 5:11:26 PM
Logfile: MalBytesware Scan Log 4-28-2014.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.28.09
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Way

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 285577
Time Elapsed: 11 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Thanks Juliet...my computer seems to be running more quickly now! Good deal!

We'll check for remnants now.

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

~~~~~~~~~~~~~~~~~~~~~~~~~

The below online scanner can take quite a while to run, depending on how full your computer is, please have patience.

Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

Hi...I noticed a message that said 'Checkpoint antivirus program was detected' before the
ESET program began to run.

ESETSCAN.TXT

C:\FRST\Quarantine\C\Program Files\Optimizer Pro\OptProCrash.dll probably a variant of Win32/SProtector.E potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Optimizer Pro\OptProCrashSvc.dll a variant of Win32/SProtector.D potentially unwanted application
C:\Users\Way\AppData\Local\nsoE3E3.tmp Win32/AnyProtect.D potentially unwanted application
C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\File System\011\t\00\00000002 a variant of Win32/DomaIQ.BB potentially unwanted application
D:\Docs\Documents\Downloads\ARO2011_tbt.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
E:\DOWNLOADS\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\DOWNLOADS\OrbitDownloaderSetup.exe Win32/OpenCandy potentially unsafe application
E:\DOWNLOADS\Player-Chrome.exe a variant of Win32/AdWare.iBryte.W application
E:\DOWNLOADS\Player.exe a variant of Win32/DomaIQ.BB potentially unwanted application
E:\notesholder\cbsidlm-tr1_11-NotesHolder-SEO-34179.exe Win32/DownloadAdmin.G potentially unwanted application
F:\Mom_CopiedFromOmnitron\Docs\Downloads\ARO2011_tbt.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

Hi...I noticed a message that said 'Checkpoint antivirus program was detected' before the
ESET program began to run. From what I can find it installs with ZoneAlarm?, ever had that on the computer?
I can't see any reference to it in your logs.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
C:\Users\Way\AppData\Local\nsoE3E3.tmp
C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\File System\011\t\00\00000002
D:\Docs\Documents\Downloads\ARO2011_tbt.exe
E:\DOWNLOADS\ccsetup410.exe
E:\DOWNLOADS\OrbitDownloaderSetup.exe
E:\DOWNLOADS\Player-Chrome.exe
E:\DOWNLOADS\Player.exe
E:\notesholder\cbsidlm-tr1_11-NotesHolder-SEO-34179.exe
F:\Mom_CopiedFromOmnitron\Docs\Downloads\ARO2011_tbt.exe
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~`

Please run this security check for my review.

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe).

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


~~~~~~~~~~~~~~~~~`

Download HijackThis

Go Here (http://www.bleepingcomputer.com/download/hijackthis/dl/90/) to download HijackThis program
Save HijackThis to your desktop.
Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
copy and paste hijackthis report into the topic

"information and logs"



In your next post I need the following
Fixlog.txt
checkup.txt
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Hi Julia. I've never seen Checkpoint or Zone Alarm pgms before. I've never downloaded them. I first was aware of Checkpoint yesterday when beginning to run the ESET program.

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:30-04-2014 03
Ran by Way at 2014-04-30 15:06:18 Run:2
Running from C:\Users\Way\Desktop\__SPY BOT CLEANUP\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Users\Way\AppData\Local\nsoE3E3.tmp
C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\File System\011\t\00\00000002
D:\Docs\Documents\Downloads\ARO2011_tbt.exe
E:\DOWNLOADS\ccsetup410.exe
E:\DOWNLOADS\OrbitDownloaderSetup.exe
E:\DOWNLOADS\Player-Chrome.exe
E:\DOWNLOADS\Player.exe
E:\notesholder\cbsidlm-tr1_11-NotesHolder-SEO-34179.exe
F:\Mom_CopiedFromOmnitron\Docs\Downloads\ARO2011_tbt.exe
Reboot:
end
*****************

C:\Users\Way\AppData\Local\nsoE3E3.tmp => Moved successfully.
C:\Users\Way\AppData\Local\Google\Chrome\User Data\Default\File System\011\t\00\00000002 => Moved successfully.
D:\Docs\Documents\Downloads\ARO2011_tbt.exe => Moved successfully.
E:\DOWNLOADS\ccsetup410.exe => Moved successfully.
E:\DOWNLOADS\OrbitDownloaderSetup.exe => Moved successfully.
E:\DOWNLOADS\Player-Chrome.exe => Moved successfully.
E:\DOWNLOADS\Player.exe => Moved successfully.
E:\notesholder\cbsidlm-tr1_11-NotesHolder-SEO-34179.exe => Moved successfully.
F:\Mom_CopiedFromOmnitron\Docs\Downloads\ARO2011_tbt.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

CHECKUP


Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
CCleaner
Java(TM) 6 Update 31
Java 7 Update 25
Java(TM) SE Development Kit 6 Update 24
Java DB 10.6.2.1
Java version out of Date!
Adobe Flash Player 13.0.0.206
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (28.0)
Google Chrome 34.0.1847.116
Google Chrome 34.0.1847.131
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


HIJACK THIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:56:57 PM, on 4/30/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Way\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Lexmark S410 Series\LMADGmon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VistaSwitcher\vswitch.exe
C:\Program Files\CaptureIt Plus\CaptureItPlus.exe
C:\Users\Way\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Akamai\netsession_win.exe
E:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
E:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Users\Way\AppData\Local\Programs\Houdah Software\ACTPrinter Win Client\ACTPrinter Win.exe
C:\Users\Way\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Way\Desktop\__SPY BOT CLEANUP\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: (no name) - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [LMADGmon] "C:\Program Files\Lexmark S410 Series\LMADGmon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [VistaSwitcher] "C:\Program Files\VistaSwitcher\vswitch.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\Way\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] "C:\Program Files\Netwaiting\netWaiting.exe"
O4 - HKCU\..\Run: [CaptureItPlus] C:\Program Files\CaptureIt Plus\CaptureItPlus.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Way\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
O4 - HKCU\..\Run: [LMADGmon] "C:\Program Files\Lexmark S410 Series\LMADGmon.exe"
O4 - HKCU\..\Run: [433F2230225CBFC9339AC380E9991C101237BA5C._service_run] "C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [iCloudServices] E:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] E:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 7 Sticky Notes.lnk = C:\Program Files\7 Sticky Notes\7StickyNotes.exe
O4 - Startup: ACTPrinter Win.lnk = Way\AppData\Local\Programs\Houdah Software\ACTPrinter Win Client\ACTPrinter Win.exe
O4 - Startup: Dropbox.lnk = Way\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: QuickMenu.lnk = C:\Program Files\QuickMenu\QuickMenu.exe
O4 - Global Startup: ACTPrinter Win.lnk = C:\Program Files\Houdah Software\ACTPrinter Win Client\ACTPrinter Win.exe
O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
O23 - Service: Palm TCP Relay (Palm_TCP_Relay) - Unknown owner - C:\Program Files\HP webOS\PDK\tcprelay.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\Way\AppData\Local\TVersity\Media Server\MediaServer.exe
O23 - Service: Service Component of VO (vosr) - Unknown owner - C:\Users\Way\AppData\Roaming\VOPackage\VOsrv.exe (file missing)

--
End of file - 13532 bytes

Check Windows Update and see if there was a recent update for Microsoft Security Essentials.


We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.
We can reenable it when we're done.


Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
If prompted with a legal dialog, accept the warning.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/mode.png and then on "Advanced Mode"
http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/advanced%20mode.png
You may be presented with a warning dialog. If so, press http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/btnYes.png
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/tools.png
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/resident.png
Uncheck this checkbox:
http://billy-oneal.com/Canned%20Speeches/speechimages/teatimer/teatimercheck.png
Close/Exit Spybot Search and Destroy


~~~~~~~~~~~~~


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 10.1.9
Java(TM) 6 Update 31
Java 7 Update 25



Please download and install Revo Uninstaller Free (http://www.revouninstaller.com/)

Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.


~~~~~~~~~~~~~~~~

Update Adobe reader
Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
Please uncheck McAfee Security scan

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here (http://www.foxitsoftware.com/pdf/reader/addons.php). It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.


************

Update Java

http://java.com/en/download/index.jsp
----------

See this page (http://www.java.com/en/download/help/5000020300.xml) for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked


Downloaded Applets
Downloaded Applications
Installed Applications and Applets


Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

----------

C:\Users\Way\Desktop\__SPY BOT CLEANUP\HIJACKTHIS\HijackThis.exe
This wont work. HJT needs to be in it's own folder to create backups.

Right click desktop> choose "new"> then New folder.
Call that folder Hijack or similar.
Right click C:\Users\Way\Desktop\__SPY BOT CLEANUP\HIJACKTHIS\HijackThis.exe - choose "cut".
Open your new Hijack folder, right click in blank spot then click "paste"

What we can do below is to disable a few startup entries to spped loading at startup.
All information can be found here http://www.bleepingcomputer.com/startups/




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: (no name) - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Way\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [433F2230225CBFC9339AC380E9991C101237BA5C._service_run] "C:\Users\Way\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 7 Sticky Notes.lnk = C:\Program Files\7 Sticky Notes\7StickyNotes.exe
O4 - Startup: Dropbox.lnk = Way\AppData\Roaming\Dropbox\bin\Dropbox.exe


reboot the computer to set the registry.

Please post back and give me an update on how the computer is now.

Hi Juliet..I got to the Update Adobe Reader section , I got the message below and couldn't continue.
(However, my son already has the Foxit Reader installed on the Computer)

Msg:

An error has occurred in the script....
Line 883
char 37217
Error: File name or class not found during Automation operation
Code 0
URL http//177.0.0.153653/app/_js/main-merge.js

Do you want to continue ?

Y or N

Yes or No do not work, process halts - can't click Next

Try this adobe troubleshooting link.
http://helpx.adobe.com/acrobat/kb/troubleshoot-errors-freezes-reader-windows.html

can you do the other instructions?

Try this adobe troubleshooting link.
http://helpx.adobe.com/acrobat/kb/troubleshoot-errors-freezes-reader-windows.html

can you do the other instructions?

Hi..this didn't go well. Besides problem with Adobe, the Java update gave an error message (javea download failed): http// havadl.oracle.com\webapps\download\getfile\1.7.0-ss-b14..............
I can paste a screen print pf msg if you like. Also, following instructions for Java Control panel for Windows 7 - did not work. I could not get Java Control panel to show up.

Also, did not run Hijacker because I am confused about program on Bleeping Computer s Start-up entries page - am I supposed to run that program before Hijack?

I am also confused about the entries below 'HijackThis, Click Do a system can only' . So the items listed appear on the screen after Hijack runs and are they to be checked off on ther screen somehow?

OK, the uninstalls did not complete.


download JavaRa (http://raproducts.org/click/click.php?id=1)


Next
Right click the JavaRa.zip and select Extract All
Once extracted, open and run JavaRa.exe
When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
Exit the tool when complete.


download the latest version of the Java Runtime Environment from here (http://java.com/en/),

Restart the computer then install the new Java package.

~~~~~~~~~~~~~~~~

Please read over the troubleshooting link for Adobe
http://helpx.adobe.com/x-productkb/global/troubleshoot-download-problems.html

~~~~~~~~~~~~~~~~~~~~~~~~~

Also, did not run Hijacker because I am confused about program on Bleeping Computer s Start-up entries page - am I supposed to run that program before Hijack?

I am also confused about the entries below 'HijackThis, Click Do a system can only' . So the items listed appear on the screen after Hijack runs and are they to be checked off on ther screen somehow?
I've already checked the start up entries, they are safe to disable at startup, the BleepingComputer site is a check resource for individuals who want to double check to see if it's safe to disable. I provided the link in case you wanted to check it for yourself.

Open HJT and click run a system scan, a log will appear with check boxes at each entry, if you check against the list I provided you can allow HJT disable those or....you can just leave them as they are. It was done to boost startup times.

I was on the download page for Java Runtime Environment . but did not see an options for Windows 7/ 32 bit
link to page - http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html


OK, the uninstalls did not complete.


download JavaRa (http://raproducts.org/click/click.php?id=1)


Next
Right click the JavaRa.zip and select Extract All
Once extracted, open and run JavaRa.exe
When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
Exit the tool when complete.


download the latest version of the Java Runtime Environment from here (http://java.com/en/),

Restart the computer then install the new Java package.

~~~~~~~~~~~~~~~~

Please read over the troubleshooting link for Adobe
http://helpx.adobe.com/x-productkb/global/troubleshoot-download-problems.html

~~~~~~~~~~~~~~~~~~~~~~~~~

I've already checked the start up entries, they are safe to disable at startup, the BleepingComputer site is a check resource for individuals who want to double check to see if it's safe to disable. I provided the link in case you wanted to check it for yourself.

Open HJT and click run a system scan, a log will appear with check boxes at each entry, if you check against the list I provided you can allow HJT disable those or....you can just leave them as they are. It was done to boost startup times.

Try this link
https://www.java.com/en/download/

Try this link
https://www.java.com/en/download/


I ran the Java download from the link above , it completed normally.

Ran JavaRa.exe - logfile was created (should I send copy? )
Removed useless JRE files

Ran HijackThis - System Scan Only
Check off files on list and ran Fix Checked option

Restarted Computer, seems fine



Adobe lets me view files, but I get a msg saying that the 'licensing for the product has stopped working'
I have been using the Foxit program instead of Adobe reader, but it's not on computer now.
Should I download it again? I haven't used Adobe reader for ages.

Yes, Foxit is a very good alternative.

Let's remove tools and quarantine folders now.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.




start
DeleteQuarantine:
end

~~~~~~~~~~~~~~~~~~~~

Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg

Click Run




Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

~~~~~~~~~~~~~~~~~~`

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)

CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.


Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop



~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)


WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null))


Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)


Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)

Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.



It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
You can check these by visiting Secunia Software Inspector (http://secunia.com/software_inspector) or you can use the following application for this purpose PatchMyPC (http://www.patchmypc.net/)

Thank you for your help Juliet

I am downloading your recommendations and reading the material you sent.

Should I use the Firefox browser only and not use Google Chrome?

Should I disable Jave>

Thank you for your help Juliet

I am downloading your recommendations and reading the material you sent.

Should I use the Firefox browser only and not use Google Chrome?

Should I disable Jave>

Your welcome

I prefer Firefox, but many prefer Google Chrome, it becomes your choice.

I use NoScript (Firefox addon and MyWot) as described here, https://addons.mozilla.org/en-US/firefox/addon/noscript/
it's an added measure of protection.