ADS by Info seems somehow to have gotten onto my PC causing my PC to start running very slowly. I also notice that a program called Search Protect is installed which upon researching it, it seems like a program I do not want however could not find a way to remove it. I also add myPCBackup on but I believe I successfully removed it using SpyBot.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 17:11 - 2014-12-14 17:11 - 00030047 _____ () C:\Users\rober_000\Desktop\FRST.txt
2014-12-14 17:10 - 2014-12-14 17:10 - 00000000 ____D () C:\Users\rober_000\Desktop\FRST-OlderVersion
2014-12-14 17:05 - 2014-12-14 17:05 - 00001744 _____ () C:\Users\rober_000\Desktop\aswMBR.txt
2014-12-14 17:05 - 2014-12-14 17:05 - 00000512 _____ () C:\Users\rober_000\Desktop\MBR.dat
2014-12-14 06:53 - 2014-12-14 17:10 - 02119680 _____ (Farbar) C:\Users\rober_000\Desktop\FRST64.exe
2014-12-14 06:52 - 2014-12-14 06:52 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-ACERV3-531-Microsoft-Windows-8.1-(64-bit).dat
2014-12-14 06:46 - 2014-12-14 06:46 - 00000000 ____D () C:\RegBackup
2014-12-14 06:45 - 2014-12-14 06:45 - 05198336 _____ (AVAST Software) C:\Users\rober_000\Desktop\aswMBR.exe
2014-12-14 06:44 - 2014-12-14 06:44 - 05198336 _____ (AVAST Software) C:\Users\rober_000\Downloads\aswMBR.exe
2014-12-14 06:44 - 2014-12-14 06:44 - 00000347 _____ () C:\Users\rober_000\Desktop\tweaking.com_registry_backup_setup.exe.htm
2014-12-14 06:28 - 2014-12-14 17:11 - 00000000 ____D () C:\FRST
2014-12-14 06:28 - 2014-12-14 06:28 - 00002259 _____ () C:\Users\rober_000\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-14 06:28 - 2014-12-14 06:28 - 00000000 ____D () C:\Users\rober_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-14 06:27 - 2014-12-14 06:27 - 02119168 _____ (Farbar) C:\Users\rober_000\Downloads\FRST64.exe
2014-12-14 06:27 - 2014-12-14 06:27 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-14 06:25 - 2014-12-14 06:26 - 04215584 _____ () C:\Users\rober_000\Downloads\tweaking.com_registry_backup_setup.exe
2014-12-12 12:05 - 2014-12-12 12:05 - 00000879 _____ () C:\Users\rober_000\AppData\Local\recently-used.xbel
2014-12-12 05:33 - 2014-12-12 05:33 - 00000000 ____D () C:\Users\rober_000\.thumbnails
2014-12-12 05:32 - 2014-12-12 05:32 - 00000000 ____D () C:\Users\rober_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HFSExplorer
2014-12-12 05:32 - 2014-12-12 05:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HFSExplorer
2014-12-12 05:32 - 2014-12-12 05:32 - 00000000 ____D () C:\Program Files (x86)\HFSExplorer
2014-12-12 05:29 - 2014-12-12 05:29 - 01637431 _____ () C:\Users\rober_000\Downloads\hfsexplorer-0.22.1-setup.exe
2014-12-12 00:03 - 2014-12-12 00:30 - 00000000 ____D () C:\Users\rober_000\Documents\CW Investigation
2014-12-11 14:35 - 2014-12-11 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-10 22:31 - 2014-12-10 22:31 - 00000000 ____D () C:\Program Files (x86)\predm
2014-12-10 20:39 - 2014-12-10 20:39 - 00002242 _____ () C:\Users\rober_000\AppData\Roaming\Microsoft\Windows\Start Menu\Skype for desktop.lnk
2014-12-10 19:43 - 2014-12-10 19:43 - 01522656 _____ (Object Browser) C:\Users\rober_000\AppData\Roaming\HFMOH.exe
2014-12-10 19:41 - 2014-12-14 03:23 - 00001722 _____ () C:\WINDOWS\Tasks\OMLOJFA.job
2014-12-10 19:41 - 2014-12-11 01:46 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-10 19:41 - 2014-12-10 19:41 - 01997280 _____ (Object Browser) C:\Users\rober_000\AppData\Roaming\OMLOJFA.exe
2014-12-10 19:41 - 2014-12-10 19:41 - 00004740 _____ () C:\WINDOWS\System32\Tasks\OMLOJFA
2014-12-10 19:41 - 2014-12-10 19:41 - 00003594 _____ () C:\WINDOWS\System32\Tasks\YTDownloader
2014-12-10 19:41 - 2014-12-10 19:41 - 00000000 ____D () C:\Users\rober_000\AppData\Local\globalUpdate
2014-12-10 19:41 - 2014-12-10 19:41 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-12-10 19:37 - 2014-12-10 22:34 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-10 19:37 - 2014-12-10 19:37 - 00004026 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup
2014-12-10 19:37 - 2014-12-10 19:37 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-12-10 19:37 - 2014-12-10 19:37 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-12-10 19:34 - 2014-12-10 19:34 - 00605416 _____ () C:\Users\rober_000\Downloads\plist editor pro 2.1 windows__2789_i1421569593_il668064.exe
2014-12-10 17:29 - 2014-11-07 04:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 17:29 - 2014-11-07 03:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 17:29 - 2014-10-13 02:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 17:29 - 2014-10-13 02:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 17:29 - 2014-10-13 02:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 17:29 - 2014-10-13 02:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-10 17:28 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 17:28 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 17:28 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 17:28 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 17:28 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 17:27 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 17:27 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 17:27 - 2014-11-22 02:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 17:27 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 17:27 - 2014-11-22 02:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 17:27 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 17:27 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 17:27 - 2014-11-22 02:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 17:27 - 2014-11-22 02:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 17:27 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 17:27 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 17:27 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 17:27 - 2014-11-22 01:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 17:27 - 2014-11-22 01:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 17:27 - 2014-11-22 01:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 17:27 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 17:27 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 17:27 - 2014-11-22 01:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 17:27 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 17:27 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 17:27 - 2014-11-22 01:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 17:27 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 17:27 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 17:27 - 2014-11-22 01:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 17:27 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 17:27 - 2014-11-22 01:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 17:27 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 17:27 - 2014-11-22 01:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 17:27 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 17:27 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 17:27 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 17:27 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 17:27 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 17:27 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-09 00:13 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2014-12-09 00:13 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2014-12-09 00:13 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2014-12-08 17:46 - 2014-12-08 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-08 17:46 - 2014-12-08 17:46 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-08 16:27 - 2014-12-11 08:43 - 00000000 ____D () C:\Users\rober_000\AppData\Roaming\autopsy
2014-12-08 14:29 - 2014-12-08 14:29 - 00001907 _____ () C:\Users\Public\Desktop\Autopsy 3.1.1.lnk
2014-12-08 14:27 - 2014-12-08 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autopsy
2014-12-08 14:27 - 2014-12-08 14:29 - 00000000 ____D () C:\Program Files\Autopsy-3.1.1
2014-12-08 14:15 - 2014-12-08 14:16 - 298099712 _____ () C:\Users\rober_000\Downloads\autopsy-3.1.1-64bit.msi
2014-12-06 21:29 - 2014-12-06 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\North and South
2014-12-06 20:57 - 2014-12-06 21:25 - 671417444 _____ (Antietam Studios ) C:\Users\rober_000\Downloads\NaS_Setup.exe
2014-12-03 14:29 - 2014-12-03 14:29 - 00000000 ____D () C:\Users\rober_000\Documents\Klei
2014-12-03 14:29 - 2014-12-03 14:29 - 00000000 ____D () C:\Users\rober_000\AppData\Local\FLT
2014-12-03 09:46 - 2014-12-03 09:46 - 00014137 _____ () C:\Users\rober_000\Downloads\Test.cs
2014-12-03 04:30 - 2014-12-03 04:30 - 00002992 _____ () C:\Users\rober_000\Documents\code snippets.txt
2014-12-03 02:25 - 2014-12-03 03:03 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-03 02:25 - 2014-12-03 02:25 - 00001063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-03 02:25 - 2014-12-03 02:25 - 00001051 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-02 17:57 - 2014-12-02 17:59 - 00000000 ____D () C:\Users\rober_000\Downloads\The Hunger Games Mockingjay Pt. 1 (Original Soundtrack)
2014-12-02 11:12 - 2014-12-12 12:19 - 00000000 ____D () C:\Users\rober_000\.gimp-2.8
2014-12-02 11:12 - 2014-12-02 11:12 - 00000000 ____D () C:\Users\rober_000\AppData\Local\gegl-0.2
2014-12-02 11:03 - 2014-12-02 11:03 - 00000914 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-12-02 11:01 - 2014-12-02 11:03 - 00000000 ____D () C:\Program Files\GIMP 2
2014-12-01 20:32 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2014-12-01 20:32 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2014-12-01 20:32 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2014-12-01 20:32 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2014-12-01 20:32 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2014-12-01 20:32 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2014-12-01 20:32 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2014-12-01 20:32 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2014-12-01 20:32 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2014-12-01 19:04 - 2014-12-01 19:04 - 00002053 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2014-12-01 19:04 - 2014-12-01 19:04 - 00002044 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-12-01 19:04 - 2014-12-01 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-12-01 17:40 - 2014-12-01 17:40 - 00013235 _____ () C:\Users\rober_000\Documents\code2.txt
2014-12-01 17:35 - 2014-12-01 17:35 - 00000756 _____ () C:\Users\rober_000\Documents\272 to 286.txt
2014-12-01 16:40 - 2014-12-01 16:40 - 00013236 _____ () C:\Users\rober_000\Documents\code.txt
2014-12-01 15:51 - 2014-12-01 15:51 - 00045112 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2014-12-01 11:45 - 2014-12-01 11:46 - 00000000 ____D () C:\Users\rober_000\Downloads\Fury.2014.DVDSCR.X264.AC3-Blackjesus
2014-11-29 23:59 - 2014-11-29 23:59 - 03545091 _____ () C:\Users\rober_000\Downloads\Screen shots.pptx
2014-11-29 02:49 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2014-11-29 02:49 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2014-11-29 02:49 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2014-11-29 02:49 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2014-11-29 02:49 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2014-11-29 02:49 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2014-11-29 02:49 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2014-11-29 02:49 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2014-11-29 02:49 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2014-11-29 02:49 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2014-11-29 02:49 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2014-11-29 02:49 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2014-11-29 02:49 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2014-11-29 02:49 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2014-11-29 02:49 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2014-11-29 02:49 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2014-11-29 02:49 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2014-11-29 02:49 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2014-11-29 02:49 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2014-11-29 02:49 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2014-11-29 02:49 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2014-11-29 02:49 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2014-11-29 02:49 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2014-11-29 02:49 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2014-11-29 02:49 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2014-11-29 02:49 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2014-11-29 02:49 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2014-11-29 02:49 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2014-11-29 02:48 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2014-11-29 02:48 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2014-11-29 02:47 - 2014-12-01 20:32 - 00017993 _____ () C:\WINDOWS\DirectX.log
2014-11-27 02:15 - 2014-11-27 02:15 - 00008051 _____ () C:\Users\rober_000\Documents\code of doom.txt
2014-11-27 01:35 - 2014-11-27 01:35 - 00001834 _____ () C:\Users\rober_000\Documents\probably easier to read this.txt
2014-11-26 23:04 - 2014-11-26 23:04 - 00001945 _____ () C:\Users\rober_000\Desktop\Heroes of Newerth.lnk
2014-11-26 23:04 - 2014-11-26 23:04 - 00000000 ____D () C:\Users\rober_000\Documents\Heroes of Newerth
2014-11-26 23:04 - 2014-11-26 23:04 - 00000000 ____D () C:\Users\rober_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
2014-11-26 23:04 - 2014-11-26 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
2014-11-26 22:46 - 2014-11-29 20:38 - 00000000 ____D () C:\Program Files (x86)\Heroes of Newerth
2014-11-25 13:21 - 2014-11-25 13:21 - 00000000 ____D () C:\Users\rober_000\Documents\Mount&Blade Warband Savegames
2014-11-25 13:15 - 2014-11-25 13:24 - 00000000 ____D () C:\Users\rober_000\Documents\Mount&Blade Warband
2014-11-25 09:48 - 2014-11-25 09:50 - 00000000 ____D () C:\Users\rober_000\Documents\77y
2014-11-25 09:48 - 2014-11-25 09:49 - 00000000 ____D () C:\Users\rober_000\Documents\Placement Applications
2014-11-25 09:47 - 2014-11-25 09:47 - 00068929 _____ () C:\Users\rober_000\Downloads\Films-2014-11-25.zip
2014-11-21 23:27 - 2014-12-12 05:45 - 00000000 ____D () C:\Users\rober_000\Documents\MAC CW
2014-11-20 15:21 - 2014-11-20 15:21 - 00062219 _____ () C:\Users\rober_000\Downloads\Films-2014-11-20.zip
2014-11-20 03:38 - 2014-11-20 03:38 - 00000000 ____D () C:\Users\rober_000\Downloads\Gmad Extractor
2014-11-20 01:45 - 2014-12-03 11:28 - 00003970 _____ () C:\WINDOWS\setupact.log
2014-11-20 01:45 - 2014-11-20 01:45 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-11-19 07:37 - 2014-11-09 23:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 07:37 - 2014-11-09 23:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 07:37 - 2014-11-09 23:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 07:37 - 2014-11-09 23:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 17:13 - 2013-09-21 11:05 - 00000000 ____D () C:\Users\rober_000\AppData\Roaming\TS3Client
2014-12-14 17:07 - 2013-09-30 23:33 - 00000000 ____D () C:\Users\rober_000\AppData\Roaming\Skype
2014-12-14 17:05 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-14 07:36 - 2013-09-12 21:52 - 00000000 ____D () C:\Users\rober_000\Documents\Outlook Files
2014-12-14 07:28 - 2013-09-03 20:38 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 07:14 - 2014-04-23 17:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-14 06:40 - 2014-09-04 20:33 - 01722111 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-14 06:33 - 2013-09-03 20:06 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1955128273-2732070504-3654715919-1001
2014-12-14 06:28 - 2013-11-29 03:10 - 00000000 ____D () C:\Users\rober_000\AppData\Roaming\ClassicShell
2014-12-14 05:36 - 2014-06-06 15:20 - 00000000 ____D () C:\Users\rober_000\AppData\Local\Popcorn-Time
2014-12-14 04:11 - 2013-09-05 13:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-14 03:28 - 2013-09-03 20:38 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 01:47 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-13 18:01 - 2014-01-30 18:02 - 00000000 ___DO () C:\Users\rober_000\SkyDrive
2014-12-13 17:58 - 2013-09-20 13:10 - 00000000 ___RD () C:\Users\rober_000\Dropbox
2014-12-13 17:57 - 2013-09-20 13:07 - 00000000 ____D () C:\Users\rober_000\AppData\Roaming\Dropbox
2014-12-13 17:56 - 2014-09-05 18:57 - 00000000 ____D () C:\Users\rober_000\AppData\Local\LogMeIn Hamachi
2014-12-13 17:56 - 2014-02-03 17:44 - 00009034 _____ () C:\WINDOWS\wininit.ini
2014-12-13 17:53 - 2013-12-21 13:44 - 00000000 ____D () C:\pgData91
2014-12-13 17:53 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-13 17:52 - 2014-10-18 07:04 - 00040128 _____ () C:\WINDOWS\PFRO.log
2014-12-13 02:38 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-13 02:36 - 2014-01-30 17:31 - 00000000 ____D () C:\Users\rober_000
2014-12-13 02:36 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-12-13 02:36 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-13 02:36 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-13 02:36 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-12-13 02:36 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-12 18:04 - 2013-09-03 19:57 - 00000000 ____D () C:\Users\rober_000\AppData\Local\Packages
2014-12-12 16:09 - 2013-10-31 00:06 - 00000000 ____D () C:\Users\rober_000\AppData\Roaming\vlc
2014-12-12 14:30 - 2013-09-03 20:39 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 08:45 - 2014-01-19 03:00 - 00000000 ____D () C:\Users\rober_000\AppData\Roaming\Audacity
2014-12-12 06:07 - 2014-02-19 16:12 - 00000000 ____D () C:\Users\rober_000\AppData\Local\Microsoft Help
2014-12-11 14:51 - 2013-11-14 12:45 - 00913650 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-11 13:18 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-11 13:16 - 2013-09-19 18:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 13:08 - 2013-09-19 18:40 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 07:15 - 2013-09-05 14:02 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-10 22:37 - 2014-08-29 20:05 - 00000000 ____D () C:\Users\rober_000\AppData\Roaming\TeamViewer
2014-12-10 22:34 - 2013-12-03 15:23 - 00000000 ____D () C:\Program Files (x86)\AccessData
2014-12-10 22:32 - 2013-08-22 15:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-12-10 22:32 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-12-10 22:29 - 2014-01-30 17:56 - 00001450 _____ () C:\Users\rober_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-10 22:29 - 2014-01-10 11:39 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-10 22:29 - 2014-01-10 11:39 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-10 20:38 - 2013-11-27 22:05 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 20:25 - 2013-08-22 14:44 - 00485360 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-10 19:39 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-10 03:09 - 2014-11-10 23:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 03:09 - 2014-01-10 11:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 18:15 - 2014-04-23 17:30 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-06 05:31 - 2014-09-10 19:29 - 00000098 _____ () C:\Users\rober_000\.atl.properties
2014-12-06 02:39 - 2013-09-20 12:59 - 00000000 ____D () C:\Users\rober_000\Documents\My Games
2014-12-02 23:02 - 2013-09-26 19:46 - 00000000 ___RD () C:\Users\rober_000\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2014-12-02 22:18 - 2013-09-18 13:52 - 00000000 ____D () C:\Users\rober_000\AppData\Roaming\uTorrent
2014-12-01 19:04 - 2014-04-25 21:04 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-12-01 19:04 - 2014-04-25 21:03 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-12-01 19:03 - 2012-12-14 02:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-28 01:09 - 2014-02-25 13:25 - 00000000 ____D () C:\Users\rober_000\Documents\Visual Studio 2013
2014-11-26 21:10 - 2014-11-13 10:56 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 21:10 - 2014-11-13 10:56 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 18:51 - 2013-09-30 20:17 - 00000000 ____D () C:\Users\rober_000\AppData\Roaming\CodeBlocks
2014-11-24 14:12 - 2014-03-28 23:09 - 00000000 ____D () C:\Users\rober_000\Zomboid
2014-11-24 08:47 - 2013-09-12 21:05 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-16 03:43 - 2013-09-20 13:10 - 00001045 _____ () C:\Users\rober_000\Desktop\Dropbox.lnk
2014-11-16 03:43 - 2013-09-20 13:09 - 00000000 ____D () C:\Users\rober_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-15 03:23 - 2013-09-03 20:38 - 00003900 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 03:23 - 2013-09-03 20:38 - 00003664 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

CustomCLSID: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\rober_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rober_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rober_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rober_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rober_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rober_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rober_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rober_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rober_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

21-11-2014 08:26:18 Windows Update
26-11-2014 22:46:16 Installed DirectX
29-11-2014 02:44:39 Installed DirectX
01-12-2014 19:02:27 Installed Hi-Rez Studios Games
08-12-2014 14:17:07 Removed Autopsy

Task: {0B350D20-A675-41C5-85A9-D27862EBA789} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {0EB2A7C2-E949-466F-A2EE-A0190B2FE268} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {127588B8-C7C7-4F0D-925C-6114C13768AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-03] (Google Inc.)
Task: {2A051F7F-104E-44BD-800B-9C8AF8320C8A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {34BDCE3C-1461-4D0F-9016-BDA43ED3A1C1} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {36C56F62-2521-4BEF-89DC-F6D4DCB44C7E} - \MySearchDial No Task File <==== ATTENTION
Task: {4AC8B08D-B527-49D5-9DFF-AD3169366ABD} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
Task: {521FF5A1-FA4F-4838-AA7C-D083919EFFFE} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {5826151E-C18B-485B-BABB-D412351EC97F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {5A0A1550-DD65-4F71-9ABD-EF11A299C7AB} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-29] (Synaptics Incorporated)
Task: {610B3D20-EC1C-409E-968D-99CD75246523} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {6534163C-503F-4EE8-BCAC-58D4BA225B88} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {74073EB1-56FA-4F2C-BEA4-08A18323D836} - System32\Tasks\OMLOJFA => C:\Users\rober_000\AppData\Roaming\OMLOJFA.exe [2014-12-10] (Object Browser) <==== ATTENTION
Task: {7AAB3F75-2851-4AF4-A937-29323BD9A804} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {8D8D8DC8-12B5-42A1-9978-70747734D13A} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {AB407D31-3406-4419-B424-703A519A04E0} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {AC0C52FE-E66F-4F88-8609-87920F3D2582} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {B53085F5-A000-4727-AD35-864A5C4C89A4} - System32\Tasks\Outlook => C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [2014-10-14] (Microsoft Corporation)
Task: {BDB0AD9D-F6C4-496A-9704-F7FA985D8E50} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {C99E7333-27EB-4DB5-A964-B4BCE1164DCE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {CBA6741C-47AF-41DF-8870-C205FB0D8306} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {DACF6100-BD5B-46E6-BFF3-C619704175E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-03] (Google Inc.)
Task: {DCCEE7DB-4CB8-4616-8AA4-9909636F360E} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {E15B4CD7-0F0A-432E-8F78-96244B972DA1} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {EC30C43D-FF6F-4F32-BDC9-37DB37F086EB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {F8169CA1-D33B-41D2-9C1C-513E5D73525D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\OMLOJFA.job => C:\Users\rober_000\AppData\Roaming\OMLOJFA.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2014-03-12 12:14 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-05-02 13:09 - 2014-10-12 16:15 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-07-19 16:38 - 2013-07-19 16:38 - 00228864 _____ () C:\Program Files\AccessData\PostgreSQL\9.1\bin\LIBPQ.dll
2013-07-19 16:38 - 2013-07-19 16:38 - 02258432 _____ () C:\Program Files\AccessData\PostgreSQL\9.1\bin\libxml2.dll
2014-10-20 17:26 - 2014-12-10 19:37 - 00104928 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2014-09-20 11:06 - 2014-09-23 13:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2012-06-22 02:12 - 2012-06-22 02:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2014-10-20 17:26 - 2014-12-10 19:37 - 00732128 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2013-01-28 13:45 - 2013-01-28 13:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 13:42 - 2013-01-28 13:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 13:47 - 2013-01-28 13:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2013-12-21 00:02 - 2013-12-21 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-26 14:31 - 2013-07-17 13:02 - 00761856 _____ () C:\Program Files (x86)\Gaming Mouse\Monitor.exe
2012-08-22 23:04 - 2012-08-22 23:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-22 23:04 - 2012-08-22 23:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2014-09-20 10:54 - 2014-11-21 08:37 - 00393376 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream64.dll
2012-11-06 12:43 - 2012-11-06 12:43 - 03356816 _____ () C:\Program Files (x86)\Acer\Live Updater\updater.exe
2012-11-03 00:38 - 2012-11-03 00:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-03 00:37 - 2012-11-03 00:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-03 00:38 - 2012-11-03 00:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-03 00:37 - 2012-11-03 00:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-03 00:37 - 2012-11-03 00:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-03 00:37 - 2012-11-03 00:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-03 00:37 - 2012-11-03 00:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2014-02-25 15:17 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-25 15:17 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-25 15:17 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-25 15:17 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-25 15:17 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-20 17:26 - 2014-12-10 19:37 - 00022496 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2014-12-13 17:56 - 2014-12-13 17:56 - 00043008 _____ () c:\Users\rober_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqn5a1r.dll
2013-08-23 19:01 - 2013-08-23 19:01 - 25100288 _____ () C:\Users\rober_000\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-26 14:31 - 2013-05-21 09:40 - 00057344 _____ () C:\Program Files (x86)\Gaming Mouse\lan.dll
2014-09-26 14:31 - 2013-01-17 09:04 - 00061440 _____ () C:\Program Files (x86)\Gaming Mouse\hiddriver.dll
2013-03-31 00:46 - 2012-06-25 17:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-08-29 12:09 - 2014-12-01 21:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 12:09 - 2014-12-01 21:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 12:09 - 2014-12-01 21:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 12:09 - 2014-12-01 21:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-08-21 13:18 - 2014-11-11 18:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-12-11 13:35 - 2014-12-02 00:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-05-22 14:17 - 2014-12-12 22:27 - 02224832 _____ () C:\Program Files (x86)\Steam\video.dll
2014-12-11 13:35 - 2014-12-02 00:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2014-12-11 13:35 - 2014-12-02 00:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-08-29 12:09 - 2014-12-01 21:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-08-28 12:47 - 2014-12-12 22:27 - 00696000 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-08-07 10:31 - 2014-12-05 23:02 - 34636168 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-25 10:36 - 2014-12-05 23:02 - 01706376 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-11-10 23:43 - 2014-12-10 03:09 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-20 11:06 - 2014-09-23 11:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\rober_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\rober_000\Downloads\plist editor pro 2.1 windows__2789_i1421569593_il668064.exe:typelib

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\...\StartupApproved\Run: => "MKLOL"

========================= Accounts: ==========================

Administrator (S-1-5-21-1955128273-2732070504-3654715919-500 - Administrator - Disabled)
Guest (S-1-5-21-1955128273-2732070504-3654715919-501 - Limited - Disabled)
GuestUser (S-1-5-21-1955128273-2732070504-3654715919-1002 - Limited - Enabled)
rober_000 (S-1-5-21-1955128273-2732070504-3654715919-1001 - Administrator - Enabled) => C:\Users\rober_000

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
Error: (12/14/2014 05:04:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2340

Start Time: 01d017bfde787044

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 2b7120b4-83b3-11e4-bed6-2cd05ac1bea8

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/14/2014 05:03:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2038

Start Time: 01d017bfded29a00

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 225aa0cb-83b3-11e4-bed6-2cd05ac1bea8

Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (12/14/2014 06:43:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2494

Start Time: 01d01768839092d2

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 773f645e-835c-11e4-bed6-2cd05ac1bea8

Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (12/14/2014 05:42:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version:, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version:, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process ID: 0xeac
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report ID: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (12/13/2014 06:13:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14bc

Start Time: 01d016ffbd66d162

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: b0d6d0e6-82f3-11e4-bed6-2cd05ac1bea8

Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (12/12/2014 09:18:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4665.1000, time stamp: 0x5433990f
Faulting module name: wwlib.dll, version: 15.0.4667.1000, time stamp: 0x543d432e
Exception code: 0xc0000005
Fault offset: 0x0000000000d6be2c
Faulting process ID: 0x18d4
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Faulting package full name: WINWORD.EXE4
Faulting package-relative application ID: WINWORD.EXE5

Error: (12/10/2014 10:34:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version:, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version:, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process ID: 0xc48
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report ID: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (12/10/2014 10:32:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version:, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version:, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process ID: 0x1658
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report ID: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (12/10/2014 08:36:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f8

Start Time: 01d014b842906cac

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 34deccff-80ac-11e4-bed5-2cd05ac1bea8

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/10/2014 08:35:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ac0

Start Time: 01d014b86a5f2493

Termination Time: 47

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id: 036b06c1-80ac-11e4-bed5-2cd05ac1bea8

Faulting package full name:

Faulting package-relative application ID:

System errors:
Error: (12/13/2014 06:00:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/13/2014 06:00:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/13/2014 06:00:00 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/13/2014 05:59:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service did not respond on starting.

Error: (12/13/2014 05:58:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:

Error: (12/13/2014 05:58:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (12/13/2014 02:36:03 AM) (Source: DCOM) (EventID: 10010) (User: ACERV3-531)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (12/11/2014 06:21:48 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (12/11/2014 01:37:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:

Error: (12/11/2014 01:37:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Microsoft Office Sessions:
Error: (12/14/2014 05:04:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689234001d017bfde7870444294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe2b7120b4-83b3-11e4-bed6-2cd05ac1bea8microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/14/2014 05:03:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031203801d017bfded29a004294967295C:\WINDOWS\syswow64\wwahost.exe225aa0cb-83b3-11e4-bed6-2cd05ac1bea8Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp

Error: (12/14/2014 06:43:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031249401d01768839092d24294967295C:\WINDOWS\syswow64\wwahost.exe773f645e-835c-11e4-bed6-2cd05ac1bea8Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp

Error: (12/14/2014 05:42:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425eac01d016fec63c8a0fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllee8e0b43-8353-11e4-bed6-2cd05ac1bea8

Error: (12/13/2014 06:13:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1703114bc01d016ffbd66d1624294967295C:\WINDOWS\syswow64\wwahost.exeb0d6d0e6-82f3-11e4-bed6-2cd05ac1bea8Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp

Error: (12/12/2014 09:18:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE15.0.4665.10005433990fwwlib.dll15.0.4667.1000543d432ec00000050000000000d6be2c18d401d014cc9edd61daC:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXEC:\Program Files\Microsoft Office 15\Root\Office15\wwlib.dll62ca4425-8244-11e4-bed5-2cd05ac1bea8

Error: (12/10/2014 10:34:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425c4801d014c95522c43eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllaa8a9523-80bc-11e4-bed5-2cd05ac1bea8

Error: (12/10/2014 10:32:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425165801d014bbe887e215C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll5edd0abc-80bc-11e4-bed5-2cd05ac1bea8

Error: (12/10/2014 08:36:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891f801d014b842906cac4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe34deccff-80ac-11e4-bed5-2cd05ac1bea8microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/10/2014 08:35:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe6.21.0.104ac001d014b86a5f249347C:\Program Files (x86)\Skype\Phone\Skype.exe036b06c1-80ac-11e4-bed5-2cd05ac1bea8

CodeIntegrity Errors:
Date: 2014-12-11 08:11:08.148
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-11 08:11:07.704
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-11 08:11:07.315
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-11 08:10:50.748
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-11 08:10:50.483
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-11 08:10:50.265
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-11 08:10:50.086
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-11 08:10:49.789
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-11 08:10:49.255
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-11 08:10:48.949
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 59%
Total physical RAM: 8007.27 MB
Available physical RAM: 3222.41 MB
Total Pagefile: 13895.27 MB
Available Pagefile: 4622.92 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:678.85 GB) (Free:186.79 GB) NTFS

==================== MBR & Partition Table ==================

Disk: 0 (Size: 698.6 GB) (Disk ID: 66209EE1)

Partition: GPT Partition Type.

==================== End Of Log ============================

aswMBR version Copyright(c) 2014 AVAST Software
Run date: 2014-12-14 06:57:19
06:57:19.709 OS Version: Windows x64 6.2.9200
06:57:19.711 Number of processors: 2 586 0x3A09
06:57:19.712 ComputerName: ACERV3-531 UserName: rober_000
06:57:31.648 Initialize success
06:57:31.653 VM: initialized successfully
06:57:31.658 VM: Intel CPU supported
06:59:47.475 VM: disk I/O iaStorA.sys
07:00:51.323 AVAST engine defs: 14121301
07:15:23.414 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
07:15:23.418 Disk 0 Vendor: WDC_WD7500BPVT-22HXZT3 01.01A01 Size: 715404MB BusType: 11
07:15:23.613 Disk 0 MBR read successfully
07:15:23.618 Disk 0 MBR scan
07:15:23.638 Disk 0 unknown MBR code
07:15:23.680 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
07:15:23.838 Disk 0 scanning C:\WINDOWS\system32\drivers
07:16:11.441 Service scanning
07:18:02.854 Modules scanning
07:18:02.889 Disk 0 trace - called modules:
07:18:03.305 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
07:18:03.315 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000d77d4060]
07:18:03.319 3 CLASSPNP.SYS[fffff801c240227b] -> nt!IofCallDriver -> \Device\0000002c[0xffffe000d63351f0]
07:18:13.927 AVAST engine scan C:\WINDOWS
07:18:26.283 AVAST engine scan C:\WINDOWS\system32
07:36:35.745 AVAST engine scan C:\WINDOWS\system32\drivers
07:37:31.843 AVAST engine scan C:\Users\rober_000
17:05:05.793 Disk 0 MBR has been saved successfully to "C:\Users\rober_000\Desktop\MBR.dat"
17:05:05.804 The log file has been saved successfully to "C:\Users\rober_000\Desktop\aswMBR.txt"

[P2P Warning

Google Chrome and Firefox have a few bad extensions, what we can do from here is ave your bookmarks and set the browsers back to default.

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)
http://i.imgur.com/MMFS6Lg.png Backup Opera Bookmarks (http://www.howtogeek.com/136116/how-to-easily-back-up-and-migrate-your-browser-bookmarks/) (scroll down)

Proceed with the reset once done.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)
http://i.imgur.com/U5NwUGc.png Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)
http://i.imgur.com/MMFS6Lg.png Opera: How to perform a clean reinstall of Opera (http://my.opera.com/spadija/blog/2011/10/17/how-to-perform-a-really-clean-reinstall-of-opera)

Do you have any information an this item found in your startups list.
HKLM-x32\...\Run: [mbot_gb_270] => [X]


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=h...1A23M0873M0873
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=h...1A23M0873M0873
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=h...1A23M0873M0873
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=h...1A23M0873M0873
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=h...1A23M0873M0873
HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=h...1A23M0873M0873
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=s...1A23M0873M0873
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001 -> {2C5D0545-5D72-DD14-4A82-6E96EC33F8B9} URL =
SearchScopes: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001 -> {E79C3947-7844-4C56-BEFE-9E45D7202FFA} URL =
SearchScopes: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001 -> {E7A981DE-069B-48F4-95A3-9073D0BC0952} URL =
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
FF SelectedSearchEngine: mystartsearch
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSearchURL: Default -> http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
2014-12-10 19:41 - 2014-12-10 19:41 - 01997280 _____ (Object Browser) C:\Users\rober_000\AppData\Roaming\OMLOJFA.exe
2014-12-10 19:41 - 2014-12-10 19:41 - 00004740 _____ () C:\WINDOWS\System32\Tasks\OMLOJFA
2014-12-10 19:41 - 2014-12-10 19:41 - 00000000 ____D () C:\Users\rober_000\AppData\Local\globalUpdate
2014-12-10 19:41 - 2014-12-10 19:41 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-12-10 19:37 - 2014-12-10 22:34 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-10 19:37 - 2014-12-10 19:37 - 00000000 ____D () C:\Program Files (x86)\SupTab
Task: {34BDCE3C-1461-4D0F-9016-BDA43ED3A1C1} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {36C56F62-2521-4BEF-89DC-F6D4DCB44C7E} - \MySearchDial No Task File <==== ATTENTION
Task: {610B3D20-EC1C-409E-968D-99CD75246523} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {74073EB1-56FA-4F2C-BEA4-08A18323D836} - System32\Tasks\OMLOJFA => C:\Users\rober_000\AppData\Roaming\OMLOJFA.exe [2014-12-10] (Object Browser) <==== ATTENTION
Task: C:\WINDOWS\Tasks\OMLOJFA.job => C:\Users\rober_000\AppData\Roaming\OMLOJFA.exe <==== ATTENTION

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Please run a Threat Scan with Malwarebytes' Anti-Malware. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x (https://forums.malwarebytes.org/index.php?showtopic=146017)
When reinstalling the program please try the latest version (http://www.malwarebytes.org/mwb-download/).

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.


Please post:
Malwarebytes log
AdwCleaner log

As requested: (I also have no idea what HKLM-x32\...\Run: [mbot_gb_270] => [X] is so knowing my luck another virus)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by rober_000 at 2014-12-15 20:19:08 Run:1
Running from C:\Users\rober_000\Desktop
Loaded Profile: rober_000 (Available profiles: rober_000)
Boot Mode: Normal

Content of fixlist:
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=h...1A23M0873M0873
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=h...1A23M0873M0873
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=h...1A23M0873M0873
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=h...1A23M0873M0873
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=h...1A23M0873M0873
HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=h...1A23M0873M0873
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=s...1A23M0873M0873
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001 -> {2C5D0545-5D72-DD14-4A82-6E96EC33F8B9} URL =
SearchScopes: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001 -> {E79C3947-7844-4C56-BEFE-9E45D7202FFA} URL =
SearchScopes: HKU\S-1-5-21-1955128273-2732070504-3654715919-1001 -> {E7A981DE-069B-48F4-95A3-9073D0BC0952} URL =
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
FF SelectedSearchEngine: mystartsearch
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSearchURL: Default -> http://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
2014-12-10 19:41 - 2014-12-10 19:41 - 01997280 _____ (Object Browser) C:\Users\rober_000\AppData\Roaming\OMLOJFA.exe
2014-12-10 19:41 - 2014-12-10 19:41 - 00004740 _____ () C:\WINDOWS\System32\Tasks\OMLOJFA
2014-12-10 19:41 - 2014-12-10 19:41 - 00000000 ____D () C:\Users\rober_000\AppData\Local\globalUpdate
2014-12-10 19:41 - 2014-12-10 19:41 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-12-10 19:37 - 2014-12-10 22:34 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-10 19:37 - 2014-12-10 19:37 - 00000000 ____D () C:\Program Files (x86)\SupTab
Task: {34BDCE3C-1461-4D0F-9016-BDA43ED3A1C1} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {36C56F62-2521-4BEF-89DC-F6D4DCB44C7E} - \MySearchDial No Task File <==== ATTENTION
Task: {610B3D20-EC1C-409E-968D-99CD75246523} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {74073EB1-56FA-4F2C-BEA4-08A18323D836} - System32\Tasks\OMLOJFA => C:\Users\rober_000\AppData\Roaming\OMLOJFA.exe [2014-12-10] (Object Browser) <==== ATTENTION
Task: C:\WINDOWS\Tasks\OMLOJFA.job => C:\Users\rober_000\AppData\Roaming\OMLOJFA.exe <==== ATTENTION

Processes closed successfully.
C:\Program Files (x86)\SupTab\HpUI.exe => No running process found
C:\Program Files (x86)\SupTab\Loader64.exe => No running process found
C:\Program Files (x86)\SupTab\Loader32.exe => No running process found
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
"HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
"HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C5D0545-5D72-DD14-4A82-6E96EC33F8B9}" => Key deleted successfully.
"HKCR\CLSID\{2C5D0545-5D72-DD14-4A82-6E96EC33F8B9}" => Key not found.
"HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E79C3947-7844-4C56-BEFE-9E45D7202FFA}" => Key deleted successfully.
"HKCR\CLSID\{E79C3947-7844-4C56-BEFE-9E45D7202FFA}" => Key not found.
"HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E7A981DE-069B-48F4-95A3-9073D0BC0952}" => Key deleted successfully.
"HKCR\CLSID\{E7A981DE-069B-48F4-95A3-9073D0BC0952}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key not found.
"HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key not found.
"HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key not found.
Firefox SelectedSearchEngine deleted successfully.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml" => not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSearchURL not detected.
"C:\Users\rober_000\AppData\Roaming\OMLOJFA.exe" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\OMLOJFA" => File/Directory not found.
C:\Users\rober_000\AppData\Local\globalUpdate => Moved successfully.
C:\Users\Public\Documents\ShopperPro => Moved successfully.
"C:\ProgramData\WindowsMangerProtect" => File/Directory not found.
"C:\Program Files (x86)\SupTab" => File/Directory not found.
"C:\Users\rober_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqn5a1r.dll" => File/Directory not found.
C:\Users\rober_000\AppData\Local\Temp\libtsk_jni.dll => Moved successfully.
C:\Users\rober_000\AppData\Local\Temp\tu17p84.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{34BDCE3C-1461-4D0F-9016-BDA43ED3A1C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34BDCE3C-1461-4D0F-9016-BDA43ED3A1C1}" => Key deleted successfully.
C:\Windows\System32\Tasks\YTDownloader => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36C56F62-2521-4BEF-89DC-F6D4DCB44C7E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36C56F62-2521-4BEF-89DC-F6D4DCB44C7E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{610B3D20-EC1C-409E-968D-99CD75246523}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{610B3D20-EC1C-409E-968D-99CD75246523}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74073EB1-56FA-4F2C-BEA4-08A18323D836}" => Key not found.
C:\Windows\System32\Tasks\OMLOJFA not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OMLOJFA" => Key not found.
C:\WINDOWS\Tasks\OMLOJFA.job not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 290.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Malwarebytes Anti-Malware

Scan Date: 15/12/2014
Scan Time: 20:31:35
Administrator: Yes

Malware Database: v2014.12.15.05
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: rober_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376026
Time Elapsed: 41 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


# AdwCleaner v4.105 - Report created 15/12/2014 at 21:36:18
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : rober_000 - ACERV3-531
# Running from : C:\Users\rober_000\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Users\rober_000\AppData\Local\CrashRpt
File Deleted : C:\END

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

-\\ Google Chrome v39.0.2171.95

[C:\Users\rober_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\rober_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
[C:\Users\rober_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
[C:\Users\rober_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
[C:\Users\rober_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
[C:\Users\rober_000\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\rober_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\rober_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
[C:\Users\rober_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
[C:\Users\rober_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
[C:\Users\rober_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1418240177&from=amt&uid=WDCXWD7500BPVT-22HXZT3_WD-WX61A23M0873M0873&q={searchTerms}
[C:\Users\rober_000\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}


AdwCleaner[R2].txt - [2633 octets] - [15/12/2014 21:23:32]
AdwCleaner[S2].txt - [3726 octets] - [15/12/2014 21:36:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3786 octets] ##########


Open System Configuration by clicking the Start button, clicking Control Panel, clicking System and Security, clicking Administrative Tools, and then double-clicking System Configuration.* Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Click the General tab, and then select the Load startup items check box.

Click the Startup tab
scroll through the list of items displayed, look for mbot_gb_270
If found remove the check by this, at the bottom click apply, then OK....you may receive a message reboot now or later, reboot now.

If this item needs to be placed back at boot up you just reverse the routine.

Do the above and let me know how the computer is now.


I was unable to locate it in the area you mentioned. However, I located two programs 'YTDownloader' and 'WMI Provider Host'. I do not recognise either.

'WMI Provider Host <-- you need this

be be back soon.

Let's try a couple of things.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

HKLM-x32\...\Run: [mbot_gb_270] => [X]

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings[/*]
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.


please post
Eset log

still need help?

2014-12-20, 19:20
By looks of this ESET scan yes. Mind you its still not finished after 2 days, 62% done :). Will post the results when done.

SystemLook 30.07.11 by jpshortstuff
Log created at 16:41 on 19/12/2014 by rober_000
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "mbot_gb_270"
No files found.

========== folderfind ==========

Searching for "mbot_gb_270"
No folders found.

========== regfind ==========

Searching for "mbot_gb_270"
No data found.

-= EOF =-


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by rober_000 at 2014-12-17 20:20:08 Run:2
Running from C:\Users\rober_000\Desktop
Loaded Profile: rober_000 (Available profiles: rober_000)
Boot Mode: Normal

Content of fixlist:
HKLM-x32\...\Run: [mbot_gb_270] => [X]

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_gb_270 => Value not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 386.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

By looks of this ESET scan yes. Mind you its still not finished after 2 days, 62% done . Will post the results when done.
I expect to see quite a bit already in quarantine folders.

You must have had a ton of things to scan. After the scan, consider doing some cleaning in case of having to scan out your computer again.

2014-12-24, 17:10
After what seemed an lifetime here's the eset scan :)

I'll have to spend a day or two clearing out some space :D

C:\FRST\Quarantine\C\Users\rober_000\AppData\Local\Temp\tu17p84.exe.xBAD a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files\Common Files\System\SysMenu.dll a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files\Common Files\System\SysMenu64.dll a variant of Win32/SBWatchman.D potentially unwanted application
C:\Users\rober_000\Downloads\plist editor pro 2.1 windows__2789_i1421569593_il668064.exe Win32/Amonetize.CH potentially unwanted application

C:\Program Files\Common Files\System\SysMenu.dll a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files\Common Files\System\SysMenu64.dll a variant of Win32/SBWatchman.D potentially unwanted application

I'm trying to find what these might be hooked to....
So far and I can be wrong is
as an associated task
Task: {DCCEE7DB-4CB8-4616-8AA4-9909636F360E} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03]

I don't want to remove something thats going to throw out errors later.

Do you have any information on plist editor pro 2.1?

Do this next scan that should take no where near what Eset did.

1.Please download HitmanPro

For 32-bit Operating System - http://i.imgur.com/dEMD6.gif (http://dl.surfright.nl/HitmanPro.exe).
For 64-bit Operating System - http://i.imgur.com/dEMD6.gif (http://dl.surfright.nl/HitmanPro_x64.exe)

2.Launch the program by double clicking on the http://i.imgur.com/5vo5F.jpg icon.

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 5-10 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.

Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

http://forums.majorgeeks.com/chaslang/images/Hitman/6-scanfin-choose.jpg (http://forums.majorgeeks.com/chaslang/images/Hitman/6-scanfin-choose.jpg)

Navigate to C:\Documents and Settings\All Users\Application Data\HitmanPro\Logs (for Windows XP) or to C:\ProgramData\HitmanPro\Logs (for Windows Vista/7) open the report and copy and paste it to your next reply.

Computer name . . . . : ACERV3-531
Windows . . . . . . . :
User name . . . . . . : ACERV3-531\rober_000
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2014-12-24 18:04:39
Scan mode . . . . . . : Normal
Scan duration . . . . : 27m 30s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 39

Objects scanned . . . : 2,736,721
Files scanned . . . . : 135,322
Remnants scanned . . : 919,559 files / 1,681,840 keys

Suspicious files ____________________________________________________________

Size . . . . . . . : 2,119,168 bytes
Age . . . . . . . : 10.5 days (2014-12-14 06:53:50)
Entropy . . . . . : 7.5
SHA-256 . . . . . : C683141F2599011F45E0F0AC110AA0EBD7092B85B754F69344F570F635DA58FE
Needs elevation . : Yes
Fuzzy . . . . . . : 23.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.

Size . . . . . . . : 2,121,216 bytes
Age . . . . . . . : 6.9 days (2014-12-17 20:19:58)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 58F871144764E55A788C1B9092D2E517A271ABA9A09F53CB26BB110E90556696
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-2.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{28F4A78F-5E03-4A98-81CF-C50C0D5EC248}
0.0s C:\Users\rober_000\Desktop\FRST64.exe
13.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8001E0F0-49C8-4B27-AC38-F3FFC3506B78}
14.3s C:\Windows\Temp\lm\
14.3s C:\Windows\Temp\lm\dsiwmis.log
14.6s C:\Windows\Temp\lm\rober_000\
14.6s C:\Windows\Temp\lm\rober_000\LMutilps32.log
14.9s C:\Windows\Temp\lm\rober_000\aipflib.log
15.3s C:\Windows\Temp\ACERV3-531-20141217-2020.log
15.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{23A962B4-92DC-4D20-9FBA-C0BEEE7381D0}
15.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4310161E-9403-4C9F-A8D3-0A3E094529E5}
16.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2C1080F0-4DE5-40C5-B627-6603AF138D0F}
16.9s C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters.dat
17.0s C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\
17.0s C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\
18.1s C:\Users\rober_000\AppData\Local\Temp\MMDUtl.ini
19.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4C5A04CB-F287-4455-830F-D26B89DA7107}
19.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{64FAC64B-D24F-41A0-85D4-A948F3E833FD}
19.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BB37D0E2-AE1C-4465-A285-C108751E1C8C}
19.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{17D7B988-2A66-472E-9591-43F528D4F16F}
32.6s C:\Users\rober_000\AppData\Local\Temp\MpCmdRun.log
34.3s C:\FRST\Logs\Fixlog_17-12-2014_20-20-32.txt

Size . . . . . . . : 2,119,168 bytes
Age . . . . . . . : 10.5 days (2014-12-14 06:27:30)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 8E11298707098151A068B0B6288CFBD68CF161AB0FBFF025F7D449336EDB32A9
Needs elevation . : Yes
Fuzzy . . . . . . : 23.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.

Potential Unwanted Programs _________________________________________________

HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro)
HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro)
HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro)
HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro)
HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (ShopperPro)
HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (ShopperPro)

Cookies _____________________________________________________________________


Do you have any information on plist editor pro 2.1?

Open IE
Go to Tools -> Folder Options -> click on the VIEW TAB -> uncheck box "Hide protected operating system files (Recommended) and so you should see the cookies folder
From here you can delete the below list of cookies.



Delete cookies for Firefox (https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored)

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

Reg: reg delete HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Reg: reg delete HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Reg: reg delete HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Reg: reg delete HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Please tell me how your computer is now.

There was no folder options listed under the tools bar in IE for me. I have also deleted the plist editor.exe file as it wasn't needed anymore (I attempted to use it for coursework). My PC seems to also be running better than before and doesn't seem to be melting as much now :)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014
Ran by rober_000 at 2014-12-26 13:13:47 Run:4
Running from C:\Users\rober_000\Desktop
Loaded Profile: rober_000 (Available profiles: rober_000)
Boot Mode: Normal

Content of fixlist:
Reg: reg delete HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Reg: reg delete HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Reg: reg delete HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Reg: reg delete HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}

Processes closed successfully.

========= reg delete HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} (Yes/No)? ERROR: Access is denied.

========= End of Reg: =========

========= reg delete HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} (Yes/No)? ERROR: Access is denied.

========= End of Reg: =========

========= reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} (Yes/No)? ERROR: Access is denied.

========= End of Reg: =========

========= reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} (Yes/No)? ERROR: Access is denied.

========= End of Reg: =========

========= reg delete HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} =========

ERROR: Invalid syntax.
Type "REG DELETE /?" for usage.

========= End of Reg: =========

========= reg delete HKU\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-1955128273-2732070504-3654715919-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

The system needed a reboot.

==== End of Fixlog 13:14:03 ====

My PC seems to also be running better than before and doesn't seem to be melting as much now
Good deal!

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content inside the codebox into the main textfield:


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Sorry for the delayed response once again. Been a very busy bee :)

Here's the requested logo:

SystemLook 30.07.11 by jpshortstuff
Log created at 19:12 on 31/12/2014 by rober_000
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

========== folderfind ==========

Searching for "ShopperPro"
C:\FRST\Quarantine\C\Users\Public\Documents\ShopperPro d------ [19:41 10/12/2014]

========== filefind ==========

Searching for "ShopperPro"
No files found.

========== regfind ==========

Searching for "ShopperPro"
No data found.

-= EOF =-

That shows me it's held in FRST quarantine folder, we'll remove that shortly.

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools
Create registry backup
Reset system settings

Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


If there are no more malware issues your good to go, good job!

Ran DelFix. How would I go about clearing the FRST quarantine folder?

Thanks for your help so far!

Ran DelFix. How would I go about clearing the FRST quarantine folder?

Thanks for your help so far!

Should be gone by running Delfix.

C:\FRST\Quarantine <-- is still on your computer?

If FRST has been deleted the below wont work. If by some chance Farbar/FRST tool is still on there

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.


