Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

WebProtect Infection on Windows 7 [Solved]


  • This topic is locked This topic is locked
20 replies to this topic

#1 ambrown2

ambrown2

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 13 October 2014 - 09:38 AM

A couple of days ago, I realized that I had a PUP called "Web Protect for Windows" when my McAfee Antivirus kept popping up alerts (every 30 seconds) that it was blocking the PUP. I ran a scan and McAfee identified WebProtect for Windows as the problem program, but could not get rid of it. I tried to uninstall using the Programs and Features application from Windows Control Panel, but that didn't work. I did a search on this piece of malware and learned that the uninstaller doesn't work and so installed Revo Uninstaller to get rid of the program. Needless to say, that also did not completely take care of the problem. I also saw advice to download MalwareBytes AntiMalware and did so. The scan came up with many problems, but did not take care of this particular one. Where we are now is that Web Protect doesn't show up in the list of programs from the Control Panel-> Programs and Features, but I still have a folder on my hard drive called C:/Program Files/Web Protect and have mixed opinions on whether or not simply deleting the folder will give me the results I want. I still get McAfee pop-ups (this time indicating MyOSProtect as the problem - seems to be a part of the Web Protect folder) and I keep getting popups and ads in my browser that indicate they are from Web Protect, as well as interference with my browser use, such as popping up pages when I try to scroll and click on links. When I try to "remove" the program from McAfee, my internet connection is disrupted. So, I'm coming to you for help.

 

I've downloaded Avast and FRST as instructed in your Malware Removal Guide. I will post the results below.

 

Thank you in advance for your help! Though I see from the forums you don't get many "Thank You"s, I am very grateful for this service, as I cannot afford to take my computer in to a commercial firm for help. 

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------Avast:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-13 11:01:48
-----------------------------
11:01:48.935    OS Version: Windows 6.1.7601 Service Pack 1
11:01:48.935    Number of processors: 2 586 0x170A
11:01:48.938    ComputerName: ANGIE-PC  UserName: Angie
11:04:16.804    Initialize success
11:04:16.957    VM: initialized successfully
11:04:17.066    VM: Intel CPU virtualization not supported 
11:04:22.933    AVAST engine download error: 0
11:04:30.870    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:04:30.875    Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 238475MB BusType: 3
11:04:31.327    Disk 0 MBR read successfully
11:04:31.334    Disk 0 MBR scan
11:04:31.340    Disk 0 Windows 7 default MBR code
11:04:31.358    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
11:04:31.363    Disk 0 default boot code
11:04:31.379    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       192191 MB offset 411648
11:04:31.384    Disk 0 Partition - 00     0F Extended LBA             30973 MB offset 394021568
11:04:31.415    Disk 0 Partition 3 00     12  Compaq diag NTFS        15108 MB offset 457454272
11:04:31.510    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        30972 MB offset 394023616
11:04:31.535    Disk 0 scanning sectors +488397168
11:04:31.834    Disk 0 scanning C:\windows\system32\drivers
11:04:55.135    Service scanning
11:05:25.452    Modules scanning
11:05:55.744    Disk 0 trace - called modules:
11:05:55.759    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
11:05:55.765    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870be030]
11:05:55.772    3 CLASSPNP.SYS[8bdb559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86268028]
11:05:55.779    Scan finished successfully
11:06:12.960    Disk 0 MBR has been saved successfully to "C:\Users\Angie\Desktop\MBR.dat"
11:06:12.985    The log file has been saved successfully to "C:\Users\Angie\Desktop\aswMBR.txt"
 
___________________________________________________________________________________________________
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01
Ran by Angie (administrator) on ANGIE-PC on 13-10-2014 11:13:06
Running from C:\Users\Angie\Desktop
Loaded Profile: Angie (Available profiles: Angie)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
() C:\Program Files\Web Protect\MyOSProtect.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
(Lenovo) C:\Program Files\Lenovo\VeriFace\PManage.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(StrikeForce Technologies Inc.) C:\Program Files\SFT\GuardedID\GIDD.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AT&T Inc.) C:\Users\Angie\AppData\Local\ATT Connect\Participant\pull.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(White Sky, Inc.) C:\Program Files\ID Vault\IDVault.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\DIBS\DDNIService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsMap.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [163840 2008-03-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IdeaNotesUser] => C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe [221872 2009-08-24] (Digital Delivery Networks, Inc.)
HKLM\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe
HKLM\...\Run: [PLFSetL] => C:\windows\PLFSetL.exe
HKLM\...\Run: [VeriFaceManager] => C:\Program Files\Lenovo\VeriFace\PManage.exe [3122440 2009-10-22] (Lenovo)
HKLM\...\Run: [UpdateP2GShortCut] => C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4081480 2009-07-15] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064520 2009-06-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [GIDDesktop] => C:\Program Files\SFT\GuardedID\gidd.exe [391944 2010-09-20] (StrikeForce Technologies Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\Run: [Push Client] => C:\Users\Angie\AppData\Local\ATT Connect\Participant\pull.exe [966944 2011-04-27] (AT&T Inc.)
HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\Run: [Google Update] => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-10] (Google Inc.)
HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\MountPoints2: {0a8be379-9c51-11e2-a999-002622cd26d2} - F:\DT4000_Launcher.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
AppInit_DLLs:  C:\PROGRA~1\WI34CE~1\Datamngr\IEBHO.dll => C:\PROGRA~1\WI34CE~1\Datamngr\IEBHO.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ID Vault.lnk
ShortcutTarget: ID Vault.lnk -> C:\Program Files\ID Vault\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...rms}&FORM=LENIE
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {E1C1E76D-CDBC-49A0-8873-A7B3A2FB54CB} URL = https://search.yahoo...p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: GuardId.MSIEBrowser.BHO -> {5b0a01d2-b8a0-4e56-9e6b-cba0ef4b4eb5} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...nt/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 02 C:\windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 03 C:\windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 04 C:\windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 34 C:\windows\system32\MyOSProtect.dll [304776] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\Angie\AppData\Local\Roblox\Versions\version-a730860d440c4e6c\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @nsroblox.roblox.com/launcher64 -> C:\Users\Angie\AppData\Local\Roblox\Versions\version-a730860d440c4e6c\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: google.com/WidevineMediaOptimizer -> C:\Users\Angie\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2009-08-25]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-20]
CHR Extension: (Google Drive) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-20]
CHR Extension: (Google Search) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-20]
CHR Extension: (SiteAdvisor) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-09-20]
CHR Extension: (Google Wallet) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
CHR Extension: (Gmail) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DDNIMSGService; C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [171872 2010-07-20] (Digital Delivery Networks, Inc.) [File not signed]
R2 DDNIService; C:\Program Files\DDNI\DIBS\DDNIService.exe [163680 2010-07-23] (Digital Delivery Networks, Inc.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 IDVaultSvc; C:\Program Files\ID Vault\IDVaultSvc.exe [42312 2010-12-04] (White Sky, Inc.)
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [414984 2009-07-28] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [472328 2009-07-28] (Lenovo Group Limited)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-09-23] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [1317096 2014-09-01] () [File not signed]
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)
S2 UpdaterSvcKlipPal; "C:\Program Files\Klip Pal\updater.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
S3 acsock; C:\windows\System32\DRIVERS\acsock.sys [92528 2013-10-10] (Cisco Systems, Inc.)
S3 Bridge0; C:\windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R3 cfwids; C:\windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [54800 2009-10-22] ()
R1 GIDv2; C:\windows\system32\Drivers\GIDv2.sys [25360 2010-09-20] (StrikeForce Technologies, Inc.)
S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
R1 pcwatch; C:\windows\system32\Drivers\pcwatch.sys [20480 2014-09-01] () [File not signed] <==== ATTENTION
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1759616 2009-03-13] ()
S3 vpnva; C:\windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.)
R3 wdmirror; C:\windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows ® Codename Longhorn DDK provider)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
R1 {be5bf058-a067-4076-8c2e-22b9345a0260}Gw; C:\windows\System32\drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw.sys [39056 2014-09-12] (StdLib)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
U3 aswMBR; \??\C:\Users\Angie\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Angie\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-13 11:13 - 2014-10-13 11:13 - 00023607 _____ () C:\Users\Angie\Desktop\FRST.txt
2014-10-13 11:11 - 2014-10-13 11:13 - 00000000 ____D () C:\FRST
2014-10-13 11:09 - 2014-10-13 11:10 - 01101824 _____ (Farbar) C:\Users\Angie\Desktop\FRST.exe
2014-10-13 11:06 - 2014-10-13 11:06 - 00002014 _____ () C:\Users\Angie\Desktop\aswMBR.txt
2014-10-13 11:06 - 2014-10-13 11:06 - 00000512 _____ () C:\Users\Angie\Desktop\MBR.dat
2014-10-13 10:58 - 2014-10-13 10:58 - 00149912 _____ () C:\windows\Minidump\101314-23197-01.dmp
2014-10-13 10:45 - 2014-10-13 10:53 - 05185536 _____ (AVAST Software) C:\Users\Angie\Desktop\aswMBR.exe
2014-10-12 18:28 - 2014-10-12 18:28 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\LookThisUp
2014-10-12 18:22 - 2014-10-12 18:22 - 00000000 ____D () C:\Users\Angie\AppData\Local\VS Revo Group
2014-10-12 18:21 - 2014-10-12 18:21 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-10-12 18:21 - 2014-10-12 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-10-12 18:21 - 2014-10-12 18:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-12 18:21 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2014-10-12 18:17 - 2014-10-12 18:20 - 10691640 _____ (VS Revo Group ) C:\Users\Angie\Downloads\RevoUninProSetup.exe
2014-10-12 17:15 - 2014-10-12 18:42 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 17:15 - 2014-10-12 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-12 17:15 - 2014-10-12 17:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-12 17:15 - 2014-10-12 17:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-12 17:15 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-12 17:15 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-12 17:15 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-12 17:10 - 2014-10-12 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-10-12 17:05 - 2014-10-12 17:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-12 08:53 - 2014-10-12 08:53 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-10-12 08:53 - 2014-10-12 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-12 08:53 - 2014-10-12 08:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-12 08:53 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-10-12 08:53 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-10-12 08:53 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-10-12 08:52 - 2014-10-12 08:53 - 00004477 _____ () C:\windows\system32\jupdate-1.7.0_67-b01.log
2014-10-12 00:06 - 2014-10-12 00:21 - 30856384 _____ (Microsoft Corporation) C:\Users\Angie\Downloads\Windows-KB890830-V5.16 (1).exe
2014-10-11 23:34 - 2014-10-11 23:42 - 30856384 _____ (Microsoft Corporation) C:\Users\Angie\Downloads\Windows-KB890830-V5.16.exe
2014-09-30 19:57 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-09-24 21:23 - 2014-09-24 21:23 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-24 16:55 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-19 22:02 - 2014-09-19 22:02 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-09-13 12:10 - 2014-09-12 20:21 - 00039056 _____ (StdLib) C:\windows\system32\Drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw.sys
2014-09-13 12:02 - 2014-09-13 12:03 - 00009744 _____ () C:\windows\system32\MyOSProtect.ini
2014-09-13 12:02 - 2014-09-13 12:03 - 00002312 _____ () C:\windows\system32\MyOSProtectOff.ini
2014-09-13 12:02 - 2014-09-01 14:29 - 00020480 _____ () C:\windows\system32\Drivers\pcwatch.sys
2014-09-13 12:02 - 2014-09-01 14:28 - 00304776 _____ () C:\windows\system32\MyOSProtect.dll
2014-09-13 12:01 - 2014-10-12 18:29 - 00000000 ____D () C:\Program Files\Web Protect
2014-09-13 11:58 - 2014-09-13 11:58 - 00000000 ____D () C:\Users\Angie\AppData\Local\SearchProtect
2014-09-13 03:01 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-13 03:01 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-13 03:01 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-13 03:01 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-13 03:01 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-13 03:01 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-13 03:01 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-13 03:01 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-13 03:01 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-13 03:01 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-13 03:01 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-13 03:01 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-13 03:01 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-13 03:01 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-13 03:01 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-13 03:01 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-13 03:01 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-13 03:01 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-13 03:01 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 03:01 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-13 03:01 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-13 03:01 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-13 03:01 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-13 03:01 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-13 03:01 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-13 03:01 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-13 03:01 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-13 03:01 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-13 03:01 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-13 03:01 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-13 11:10 - 2012-04-12 07:19 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 11:08 - 2009-07-14 00:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 11:08 - 2009-07-14 00:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 11:05 - 2014-04-16 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-10-13 11:05 - 2010-08-15 18:59 - 00001844 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2014-10-13 11:04 - 2009-10-22 04:48 - 10743456 _____ () C:\FaceProv.log
2014-10-13 11:04 - 2009-10-22 04:37 - 01619064 _____ () C:\windows\WindowsUpdate.log
2014-10-13 11:00 - 2009-10-22 04:46 - 00000000 ____D () C:\ProgramData\VeriFace
2014-10-13 10:59 - 2012-02-02 20:34 - 00000880 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-13 10:58 - 2013-12-11 19:20 - 326823133 _____ () C:\windows\MEMORY.DMP
2014-10-13 10:58 - 2013-12-11 19:20 - 00000000 ____D () C:\windows\Minidump
2014-10-13 10:58 - 2009-08-25 04:17 - 00900162 _____ () C:\windows\PFRO.log
2014-10-13 10:58 - 2009-07-14 00:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-13 10:58 - 2009-07-14 00:39 - 00213812 _____ () C:\windows\setupact.log
2014-10-13 10:36 - 2014-05-09 18:47 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004UA1cf6bd8b226d12a.job
2014-10-13 10:36 - 2014-04-03 20:42 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4f9ebbfa075c.job
2014-10-13 10:29 - 2009-08-25 04:19 - 00000270 _____ () C:\windows\Tasks\Check Updates for Windows Live Toolbar.job
2014-10-12 19:36 - 2014-02-17 21:38 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004Core1cf2c4a16b9c432.job
2014-10-12 08:53 - 2013-11-02 13:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-12 08:53 - 2010-08-31 15:39 - 00000000 ____D () C:\Program Files\Java
2014-10-12 04:51 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\rescache
2014-09-27 08:13 - 2012-04-12 07:19 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-09-27 08:13 - 2011-06-29 09:00 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 17:32 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\GroupPolicy
2014-09-24 15:18 - 2009-07-13 22:04 - 00000612 _____ () C:\windows\win.ini
2014-09-19 21:56 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\NDF
2014-09-19 21:40 - 2014-08-30 17:44 - 00001348 _____ () C:\Users\Angie\Desktop\ROBLOX Player.lnk
2014-09-19 21:40 - 2014-08-30 17:33 - 00001167 _____ () C:\Users\Angie\Desktop\ROBLOX Studio 2013.lnk
2014-09-19 21:40 - 2014-08-30 17:33 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-09-16 19:09 - 2011-09-07 11:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-16 19:09 - 2011-09-07 11:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-15 09:06 - 2013-03-14 18:39 - 00231568 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-13 03:02 - 2009-08-25 04:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
 
Some content of TEMP:
====================
C:\Users\Angie\AppData\Local\Temp\20130227082026762jniverify.dll
C:\Users\Angie\AppData\Local\Temp\contentDATs.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Angie\AppData\Local\Temp\FreeConverter_stub.exe
C:\Users\Angie\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Angie\AppData\Local\Temp\installhelper.dll
C:\Users\Angie\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Angie\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Angie\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
C:\Users\Angie\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Angie\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Angie\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Angie\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Angie\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Angie\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Angie\AppData\Local\Temp\SpOrder.dll
C:\Users\Angie\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Angie\AppData\Local\Temp\{01A2BC51-FC48-43A7-BB95-EE2B18358669}-35.0.1916.114_34.0.1847.137_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-11 13:14
 
==================== End Of Log ============================

FRST Additional: 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-10-2014 01
Ran by Angie at 2014-10-13 11:14:37
Running from C:\Users\Angie\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,2,385,0 - Adobe Systems Incorporated)
Adobe Connect Add-in (HKCU\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Connect Participant Application v9.0.82 (HKLM\...\{1F3A6960-8470-4C84-820C-EBFFAF4DA580}) (Version: 9.0.82 - AT&T Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.01 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.4.0 - Conexant)
DIBS (Version: 1.7.0 - DDNI) Hidden
EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo)
Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.3.1.1 - Lenovo)
Git version 1.9.2-preview20140411 (HKLM\...\Git_is1) (Version: 1.9.2-preview20140411 - The Git Development Community)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 5.9.0.1207 (HKCU\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
GuardedID (HKLM\...\{9191979D-821C-4EA8-B021-2DA1D859A7C5}) (Version: 0.03.1026 - StrikeForce Technologies, Inc)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
ID Vault (HKLM\...\ID Vault) (Version: 5.8.1111.0 - White Sky, Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{C8EBB0DE-5655-4D32-99E1-9447E702A89F}) (Version: 11.1.2.32 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Lenovo EasyCamera (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50.6 - Suyin Optronics Corp.)
Lenovo First Boot (HKLM\...\{F2602F16-02D1-4F1C-99A5-E246C522A59D}) (Version: 1.7.2.2 - DDNI)
Lenovo Idea Central (HKLM\...\Lenovo Idea Central) (Version: 1.7.2.3 - DDNI)
Lenovo Idea Notes (HKLM\...\{A06E1854-1580-4157-AD70-72734D324DEA}) (Version: 1.5.1 - DDNI)
Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.17 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lights Out (HKLM\...\Lights Out) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Meeting 2007 (HKLM\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Store Download Manager (HKLM\...\{A3D88A98-506E-4CFC-B294-E256C679B0EE}) (Version: 2.5.2219.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)
My Photo Adventure (HKLM\...\My Photo Adventure) (Version: 4.0 - Inter-State Studio)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OverDrive Media Console (HKLM\...\{7A9AB748-A66C-46C2-84CA-D3185727C9B0}) (Version: 3.3.1 - OverDrive, Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d1 - CyberLink Corp.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
ROBLOX Player for Angie (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RStudio (HKLM\...\RStudio) (Version: 0.98.507 - RStudio)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Symantec Enterprise Vault Outlook Add-In (HKLM\...\{F8E222C8-A19E-4E77-BA75-38815A39B999}) (Version: 10.0.1316 - Symantec Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VeriFace (HKLM\...\VeriFace) (Version: 3.6.0.0730 - Lenovo)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Widevine Media Optimizer IE 6.0.0 (HKCU\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)
Windows Live Toolbar (HKLM\...\Windows Live Toolbar) (Version: 03.01.0130 - Microsoft Corporation)
Windows Live Toolbar (Version: 03.01.0130 - Microsoft Corporation) Hidden
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{01E0A80A-97FD-4FC2-B75D-C754396CD255}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{156B30E4-2D3D-4257-A340-9BDD2E972E2E}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\Video2ActiveXWnd.OCX ()
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{2087C2F4-2CEF-4953-A8AB-66779B670495}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Utilities\winhttp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{2115F58A-CE09-47CC-A0B1-A8A2EC0C5423}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\webex\1226\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{48A60FE8-C446-4371-95EB-258B14DCC5AC}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{5A31DC2C-BC50-4F71-93B8-2EC648404AF3}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\Video2ActiveXWnd.OCX ()
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Angie\AppData\Local\Roblox\Versions\version-a730860d440c4e6c\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{7949C823-54C6-40F0-8D85-2348247E6820}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Utilities\IWMaterials.OCX (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{795B06EA-58E8-482C-AF11-A7E4E34DA16F}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{7A162288-DE78-473C-A6BA-23FF17F768E9}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{83730EE4-6C46-11CF-A524-0080C77A7786}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\MSMASK32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1207\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{88BE9158-3A40-4907-B2F0-7E72496A9596}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{8A3C5585-D1ED-4EC0-B3C4-94998094E5BB}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{8CC82228-2200-4D22-9859-B762582F6D31}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{C932BA85-4374-101B-A56C-00AA003668DC}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\MSMASK32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files\Git\git-cheetah\git_shell_ext.dll ()
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{CC9F903E-1C4B-4596-B410-982107EC4899}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\windows\system32\MSVBVM60.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{DE471660-5535-47A8-949A-9DA95A72951F}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Utilities\IWMaterials.OCX (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Angie\AppData\Local\Roblox\Versions\version-a730860d440c4e6c\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{defa762b-ebc6-4ce2-a48c-32b232aac64d}\InprocServer32 -> C:\Users\Angie\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{E169D2B5-9411-47B9-A473-345A3FB57090}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{F4A2332C-B453-4424-A142-AB9C51BAE2AF}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{F8ACB9F2-2A7D-4261-AA37-A39448C23CAE}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\dsoframer.ocx (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
24-09-2014 20:55:11 Windows Update
25-09-2014 01:11:26 Windows Backup
25-09-2014 07:00:15 Windows Update
29-09-2014 12:15:10 Windows Backup
30-09-2014 23:57:48 Windows Update
02-10-2014 00:01:57 Windows Update
06-10-2014 21:14:57 Windows Backup
08-10-2014 01:23:16 Windows Update
12-10-2014 12:51:02 Installed Java 7 Update 67
12-10-2014 22:25:03 Revo Uninstaller Pro's restore point - Web Protect for Windows
12-10-2014 23:02:44 Windows Backup
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2013-12-19 10:49 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {229F8523-B27B-4BC3-84D5-B0EB3D406E57} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004Core1cf2c4a16b9c432 => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
Task: {23D2B41E-22AF-4C5A-B248-D8463F4A89F0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {46C23D4D-DAEB-462C-A0CE-A4042D9D5CB2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27] (Adobe Systems Incorporated)
Task: {4E76C36C-97F0-430A-ADB7-EB1CAB5CA9D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6FA06986-0883-40A8-86CD-1C18A05BC695} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4f9ebbfa075c => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-02] (Google Inc.)
Task: {A0906B02-D0E8-485C-BBF1-679FDF255A1D} - System32\Tasks\Check Updates for Windows Live Toolbar => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12] (Microsoft Corporation)
Task: {A58FA3DB-B21A-4A56-AF02-A02CD0365B91} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-02] (Google Inc.)
Task: {B04D33F7-D032-4780-A262-94A1EF9F7700} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004UA1cf6bd8b226d12a => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Check Updates for Windows Live Toolbar.job => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4f9ebbfa075c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004Core1cf2c4a16b9c432.job => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004UA1cf6bd8b226d12a.job => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-13 12:02 - 2014-09-01 14:28 - 00304776 _____ () C:\windows\system32\MyOSProtect.dll
2013-10-10 17:48 - 2013-10-10 17:48 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2011-02-11 21:29 - 2009-12-20 21:42 - 00176235 _____ () C:\windows\System32\Primomonnt.dll
2009-06-12 16:32 - 2009-06-12 16:32 - 00104456 _____ () C:\windows\system32\EasyHook32.dll
2009-10-22 04:46 - 2009-10-22 04:45 - 01410312 _____ () C:\windows\system32\IcnOvrly.dll
2009-10-22 04:46 - 2009-10-22 04:45 - 00513288 _____ () C:\windows\system32\SimpleExt.dll
2014-05-23 20:27 - 2014-04-11 14:40 - 00334464 _____ () C:\Program Files\Git\git-cheetah\git_shell_ext.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-08-25 04:14 - 2009-01-29 08:26 - 00117264 _____ () c:\Program Files\McAfee\SiteAdvisor\apengine.dll
2009-08-25 04:14 - 2009-01-29 08:27 - 00071696 _____ () c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
2009-08-25 04:14 - 2009-01-29 08:27 - 00207376 _____ () c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
2014-09-01 14:26 - 2014-09-01 14:26 - 01317096 _____ () C:\Program Files\Web Protect\MyOSProtect.exe
2014-09-01 14:29 - 2014-09-01 14:29 - 00184216 _____ () C:\Program Files\Web Protect\WDCertInstaller.dll
2014-09-03 19:26 - 2014-09-03 19:26 - 00823296 _____ () C:\Program Files\web protect\pcproxydll.dll
2009-10-22 04:45 - 2009-10-22 04:45 - 00492808 _____ () C:\Program Files\Lenovo\VeriFace\ChooseLang.dll
2009-10-22 04:46 - 2008-12-19 23:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2009-10-22 04:46 - 2008-12-19 23:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2011-04-27 13:22 - 2011-04-27 13:22 - 00031744 _____ () C:\Users\Angie\AppData\Local\ATT Connect\Participant\IwRegVC90.dll
2011-04-21 11:10 - 2011-04-21 11:10 - 00418304 _____ () C:\Users\Angie\AppData\Local\ATT Connect\Participant\exchndl.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2010-12-04 15:00 - 2010-12-04 15:00 - 00067400 _____ () C:\Program Files\ID Vault\IdVaultCore.XmlSerializers.dll
2014-09-12 11:42 - 2014-09-03 23:01 - 01098056 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-12 11:42 - 2014-09-03 23:01 - 00174408 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-12 11:42 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-12 11:42 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-12 11:42 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-12 11:42 - 2014-09-03 23:01 - 14891848 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:6017A808
AlternateDataStreams: C:\ProgramData\Temp:E51234A9
AlternateDataStreams: C:\Users\Angie\Documents\3rd party auth.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Angie\Documents\3rd party auth.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3861706144-2676772620-90763643-500 - Administrator - Disabled)
Angie (S-1-5-21-3861706144-2676772620-90763643-1004 - Administrator - Enabled) => C:\Users\Angie
Guest (S-1-5-21-3861706144-2676772620-90763643-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3861706144-2676772620-90763643-1005 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/13/2014 10:10:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 51757825
 
Error: (10/13/2014 10:10:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 51757825
 
Error: (10/13/2014 10:10:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/13/2014 10:10:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 51756811
 
Error: (10/13/2014 10:10:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 51756811
 
Error: (10/13/2014 10:10:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/13/2014 10:10:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 51755812
 
Error: (10/13/2014 10:10:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 51755812
 
Error: (10/13/2014 10:10:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/13/2014 10:10:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 51754814
 
 
System errors:
=============
Error: (10/13/2014 10:59:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (10/13/2014 10:59:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IDVault Service service failed to start due to the following error: 
%%1053
 
Error: (10/13/2014 10:59:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IDVault Service service to connect.
 
Error: (10/13/2014 10:58:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UpdaterSvcKlipPal service failed to start due to the following error: 
%%2
 
Error: (10/13/2014 10:58:44 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000d1 (0x0000d480, 0x000000ff, 0x00000008, 0x00000000)C:\windows\MEMORY.DMP101314-23197-01
 
Error: (10/13/2014 10:58:31 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:57:20 AM on ‎10/‎13/‎2014 was unexpected.
 
Error: (10/13/2014 10:10:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
 
Error: (10/12/2014 07:01:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053
 
Error: (10/12/2014 07:01:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Error: (10/12/2014 07:00:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (12/11/2013 07:17:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 7376 seconds with 3420 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-06 20:49:34.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-06 20:49:33.899
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-06 20:49:33.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-06 20:49:33.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-06 20:49:32.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-06 20:49:32.940
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-06 20:49:32.597
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-06 20:49:32.193
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-06 20:49:31.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-06 20:49:31.223
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 59%
Total physical RAM: 3032.6 MB
Available physical RAM: 1236.83 MB
Total Pagefile: 6063.49 MB
Available Pagefile: 3925.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.34 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:187.67 GB) (Free:79.26 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:0.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 3FC4B4DF)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=187.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
==================== End Of Log ============================

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 October 2014 - 08:26 PM

:welcome:

 

You have a lot of bad things going on, bogus toolbars and search engines to start , you also have MyOSProtect embedded into your LSP stack, lets clean you up some and then we can run a tool to remove that bad file out of the LSP stack

 

 

-AdwCleaner-by Xplode

 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
 
===============================================================================
 
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  •  
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
 
===============================================================================
 
Download Malwarebytes' Anti-Malware  to your desktop. 
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
 
 
MBAMDashboard_zpsddef9b5f.gif
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 
 
 


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 ambrown2

ambrown2

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 14 October 2014 - 07:30 PM

Again, thank you for your help. I followed the instructions you provided. I had trouble with MalwareBytes - it wouldn't upload the database (said it couldn't connect to the server, even though I had an internet connection), so I ran the scan without updating the database. Logs for Adware Cleaner, Junkware Removal Tool, and MalwareBytes are below, respectively. My antivirus is still popping up an alert that Adware-WebProtect was blocked. 

 

# AdwCleaner v4.000 - Report created 14/10/2014 at 18:49:42
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Angie - ANGIE-PC
# Running from : C:\Users\Angie\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : MyOSProtect
Service Deleted : pcwatch
[#] Service Deleted : SPPD
Service Deleted : {be5bf058-a067-4076-8c2e-22b9345a0260}Gw
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Angie\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Angie\AppData\Roaming\LookThisUp
Folder Deleted : C:\Users\Angie\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Angie\AppData\Local\PackageAware
Folder Deleted : C:\Users\Angie\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Angie\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Angie\AppData\LocalLow\Searchqutoolbar
[!] Folder Deleted : C:\Program Files\Web Protect
File Deleted : C:\windows\system32\drivers\pcwatch.sys
File Deleted : C:\windows\system32\MyOSProtect.dll
File Deleted : C:\windows\system32\MyOSProtect.ini
File Deleted : C:\windows\system32\MyOSProtectOff.ini
File Deleted : C:\Users\Angie\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\windows\system32\\drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw.sys
File Deleted : C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Deleted : C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
File Deleted : C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKCU\Software\WebProtect
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKLM\SOFTWARE\PrimoPDF\OpenCandy
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SearchquMediabarTb
Key Deleted : HKLM\SOFTWARE\WebProtect
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\WI34CE~1\Datamngr\IEBHO.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v37.0.2062.120
 
 
*************************
 
AdwCleaner[R0].txt - [6333 octets] - [14/10/2014 18:42:49]
AdwCleaner[S0].txt - [6325 octets] - [14/10/2014 18:49:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6385 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Home Premium x86
Ran by Angie on Tue 10/14/2014 at 19:41:50.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/14/2014 at 19:45:50.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/14/2014
Scan Time: 8:47:03 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Angie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 228718
Time Elapsed: 19 min, 1 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 15 October 2014 - 05:53 AM

It looks like a lot of garbage was removed, before we go any further there is a new version of Malwarebytes, lets uninstall the old version and install the new

 

Use this procedure to remove Malwarebytes from your computer
 
  • Download and run their removal utility HERE
  • It will ask to restart your computer (please allow it to).
  • Then download Malwarebytes' Anti-Malware Version 2.0.3  from HERE
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 ambrown2

    ambrown2

      New Member

    • Authentic Member
    • Pip
    • 10 posts

    Posted 15 October 2014 - 06:03 PM

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 10/15/2014
    Scan Time: 7:48:06 PM
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.3.1025
    Malware Database: v2014.09.19.05
    Rootkit Database: v2014.09.18.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Angie
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 294841
    Time Elapsed: 13 min, 25 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 1
    PUP.Optional.OSProtect.A, C:\Program Files\Web Protect\MyOSProtect.exe, 3336, , [e9980ae56a11a78f0053724bad54e719]
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 4
    PUP.Optional.OSProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MyOSProtect, , [e9980ae56a11a78f0053724bad54e719], 
    PUP.Optional.OSProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pcwatch, , [3b465e91c6b5cf67dd758a330cf5dd23], 
    PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [364bb43bb1ca88ae14452e45bb49ee12], 
    PUP.Optional.LookThisUp.A, HKU\S-1-5-21-3861706144-2676772620-90763643-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LOOKTHISUP, , [8cf56b84b4c7a5919210a263946f50b0], 
     
    Registry Values: 2
    PUP.Optional.MyOSProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MYOSPROTECT|ImagePath, C:\Program Files\Web Protect\MyOSProtect.exe, , [f78a2bc49edd42f43f7af2135fa4f010]
    PUP.Optional.LookThisUp.A, HKU\S-1-5-21-3861706144-2676772620-90763643-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LOOKTHISUP|Cohort, 20141012, , [8cf56b84b4c7a5919210a263946f50b0]
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 2
    PUP.Optional.Extutil.A, C:\Users\Angie\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [9de41dd2c3b851e529c700edb54d8779], 
    PUP.Optional.Managera.A, C:\Users\Angie\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [c5bc1ad504774beb37ba10dd788a817f], 
     
    Files: 11
    PUP.Optional.OSProtect.A, C:\Program Files\Web Protect\MyOSProtect.exe, , [e9980ae56a11a78f0053724bad54e719], 
    PUP.Optional.OSProtect.A, C:\Windows\System32\drivers\pcwatch.sys, , [3b465e91c6b5cf67dd758a330cf5dd23], 
    PUP.Optional.OptimunInstaller, C:\Users\Angie\Downloads\Java_Updater_Setup.exe, , [2d54d51a601b20168a4e35145fa1ca36], 
    PUP.Optional.MyOSProtect.A, C:\Windows\Temp\MyOSProtect.log, , [91f08a65097206304e31917304ff54ac], 
    PUP.Optional.MyOSProtect.A, C:\Windows\System32\MyOSProtectOff.ini, , [1c65e40be19afa3c199d996cfe05f40c], 
    PUP.Optional.MyOSProtect.A, C:\Windows\System32\MyOSProtect.ini, , [3a4787680e6dde5822950ef7679cea16], 
    PUP.Optional.Extutil.A, C:\Users\Angie\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [9de41dd2c3b851e529c700edb54d8779], 
    PUP.Optional.Extutil.A, C:\Users\Angie\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [9de41dd2c3b851e529c700edb54d8779], 
    PUP.Optional.Extutil.A, C:\Users\Angie\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [9de41dd2c3b851e529c700edb54d8779], 
    PUP.Optional.Managera.A, C:\Users\Angie\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [c5bc1ad504774beb37ba10dd788a817f], 
    PUP.Optional.Managera.A, C:\Users\Angie\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [c5bc1ad504774beb37ba10dd788a817f], 
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)


    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 15 October 2014 - 06:26 PM

    Good, did you have Malwarebytes remove those threats, there all bad and need to go, normally it will show in a log if those where Quarantined and your log does not. Those are very dangerous files and registry entries , run Malwarebytes again and make sure there gone

     

    My instructions

     

    Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 ambrown2

    ambrown2

      New Member

    • Authentic Member
    • Pip
    • 10 posts

    Posted 16 October 2014 - 05:42 PM

    Yes - after I posted the log, I had to click something to have it remove the software. However, I'm still getting a pop-up from McAfee that the file is still a problem. I reran Malwarebytes as directed. It did not detect anything. I'll post the log below. However, my McAfee is still popping up that MyOSProtect is a problem. I tried posting a screenshot that includes the McAfee alert, but for some reason I cannot seem to paste an image into this window, so just the log is below. Thanks again for your help!

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 10/16/2014
    Scan Time: 7:10:03 PM
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.3.1025
    Malware Database: v2014.10.16.08
    Rootkit Database: v2014.10.15.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Angie
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 297573
    Time Elapsed: 13 min, 16 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 0
    (No malicious items detected)
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)


    #8 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 16 October 2014 - 05:55 PM

    Run a new scan with FRST, be sure to checkmark Additions and post both logs, I am sure we are going to have to run another tool to remove MyOSProtect but I need to see the new logs so I know where we stand



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 ambrown2

    ambrown2

      New Member

    • Authentic Member
    • Pip
    • 10 posts

    Posted 16 October 2014 - 07:21 PM

    I ran FRST again as instructed. Both logs are below. I think this shows up in the logs, but just in case it doesn't, I still have a folder on my hard drive called C:\Program Files\Web Protect - I haven't deleted it b/c I don't know if that would help or do more damage. 

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01
    Ran by Angie (administrator) on ANGIE-PC on 16-10-2014 21:14:50
    Running from C:\Users\Angie\Desktop
    Loaded Profile: Angie (Available profiles: Angie)
    Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
    (Malwarebytes Corporation) C:\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Malwarebytes Anti-Malware\mbamservice.exe
    (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    (Malwarebytes Corporation) C:\Malwarebytes Anti-Malware\mbam.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (Digital Delivery Networks, Inc.) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
    (Lenovo) C:\Program Files\Lenovo\VeriFace\PManage.exe
    (Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
    (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (StrikeForce Technologies Inc.) C:\Program Files\SFT\GuardedID\GIDD.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (White Sky, Inc.) C:\Program Files\ID Vault\IDVaultSvc.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (AT&T Inc.) C:\Users\Angie\AppData\Local\ATT Connect\Participant\pull.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    (White Sky, Inc.) C:\Program Files\ID Vault\IDVault.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (Digital Delivery Networks, Inc.) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
    (Digital Delivery Networks, Inc.) C:\Program Files\DDNI\DIBS\DDNIService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
    (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
    (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsMap.exe
    (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe
    (McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [163840 2008-03-26] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [IdeaNotesUser] => C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe [221872 2009-08-24] (Digital Delivery Networks, Inc.)
    HKLM\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe
    HKLM\...\Run: [PLFSetL] => C:\windows\PLFSetL.exe
    HKLM\...\Run: [VeriFaceManager] => C:\Program Files\Lenovo\VeriFace\PManage.exe [3122440 2009-10-22] (Lenovo)
    HKLM\...\Run: [UpdateP2GShortCut] => C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
    HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4081480 2009-07-15] (Lenovo(beijing) Limited)
    HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064520 2009-06-25] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [GIDDesktop] => C:\Program Files\SFT\GuardedID\gidd.exe [391944 2010-09-20] (StrikeForce Technologies Inc.)
    HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
    HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
    HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
    HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\Run: [Push Client] => C:\Users\Angie\AppData\Local\ATT Connect\Participant\pull.exe [966944 2011-04-27] (AT&T Inc.)
    HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\Run: [Google Update] => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-10] (Google Inc.)
    HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\MountPoints2: {0a8be379-9c51-11e2-a999-002622cd26d2} - F:\DT4000_Launcher.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ID Vault.lnk
    ShortcutTarget: ID Vault.lnk -> C:\Program Files\ID Vault\IDVault.exe (White Sky, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
    URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    SearchScopes: HKCU - {E1C1E76D-CDBC-49A0-8873-A7B3A2FB54CB} URL = https://search.yahoo...p={SearchTerms}
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: GuardId.MSIEBrowser.BHO -> {5b0a01d2-b8a0-4e56-9e6b-cba0ef4b4eb5} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...nt/ieatgpc1.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Winsock: Catalog9 01 C:\windows\system32\MyOSProtect.dll [304776] ()
    Winsock: Catalog9 02 C:\windows\system32\MyOSProtect.dll [304776] ()
    Winsock: Catalog9 03 C:\windows\system32\MyOSProtect.dll [304776] ()
    Winsock: Catalog9 04 C:\windows\system32\MyOSProtect.dll [304776] ()
    Winsock: Catalog9 34 C:\windows\system32\MyOSProtect.dll [304776] ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\Angie\AppData\Local\Roblox\Versions\version-a730860d440c4e6c\\NPRobloxProxy.dll ( ROBLOX Corporation)
    FF Plugin HKCU: @nsroblox.roblox.com/launcher64 -> C:\Users\Angie\AppData\Local\Roblox\Versions\version-a730860d440c4e6c\\NPRobloxProxy64.dll ( ROBLOX Corporation)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: google.com/WidevineMediaOptimizer -> C:\Users\Angie\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2009-08-25]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-20]
    CHR Extension: (Google Drive) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-20]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (YouTube) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-20]
    CHR Extension: (Google Search) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-20]
    CHR Extension: (SiteAdvisor) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-09-20]
    CHR Extension: (Google Wallet) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
    CHR Extension: (Gmail) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-20]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 DDNIMSGService; C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [171872 2010-07-20] (Digital Delivery Networks, Inc.) [File not signed]
    R2 DDNIService; C:\Program Files\DDNI\DIBS\DDNIService.exe [163680 2010-07-23] (Digital Delivery Networks, Inc.) [File not signed]
    R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 IDVaultSvc; C:\Program Files\ID Vault\IDVaultSvc.exe [42312 2010-12-04] (White Sky, Inc.)
    R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
    S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [414984 2009-07-28] (Lenovo Group Limited)
    S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [472328 2009-07-28] (Lenovo Group Limited)
    R2 MBAMScheduler; C:\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-09-23] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
    S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
    S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
    R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
    R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)
    S2 UpdaterSvcKlipPal; "C:\Program Files\Klip Pal\updater.exe" [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
    S3 acsock; C:\windows\System32\DRIVERS\acsock.sys [92528 2013-10-10] (Cisco Systems, Inc.)
    S3 Bridge0; C:\windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
    R3 cfwids; C:\windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
    R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [54800 2009-10-22] ()
    R1 GIDv2; C:\windows\system32\Drivers\GIDv2.sys [25360 2010-09-20] (StrikeForce Technologies, Inc.)
    S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-16] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
    R3 mfeapfk; C:\windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
    S3 mfebopk; C:\windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
    R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
    R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)
    S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)
    R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
    R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1759616 2009-03-13] ()
    S3 vpnva; C:\windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.)
    R3 wdmirror; C:\windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows ® Codename Longhorn DDK provider)
    S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-10-15 19:46 - 2014-10-16 20:05 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-15 19:46 - 2014-10-15 19:46 - 00000701 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-15 19:46 - 2014-10-15 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-15 19:46 - 2014-10-15 19:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-15 19:46 - 2014-10-15 19:46 - 00000000 ____D () C:\Malwarebytes Anti-Malware
    2014-10-15 19:46 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-10-15 19:46 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-10-15 19:46 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-10-15 19:41 - 2014-10-15 19:43 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Angie\Desktop\mbam-setup-2.0.3.1025.exe
    2014-10-15 18:17 - 2014-10-15 18:19 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Angie\Desktop\mbam-clean-2.1.1.1001.exe
    2014-10-14 21:16 - 2014-10-14 21:16 - 00001057 _____ () C:\Users\Angie\Desktop\mbam.txt
    2014-10-14 20:53 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-10-14 20:53 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-10-14 20:53 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-10-14 20:53 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-10-14 20:53 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-10-14 20:53 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-10-14 20:53 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-10-14 20:53 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-10-14 20:53 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-10-14 20:53 - 2014-09-18 21:14 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-10-14 20:53 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-10-14 20:53 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-10-14 20:53 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-10-14 20:53 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-10-14 20:53 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-10-14 20:53 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-10-14 20:53 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-10-14 20:53 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-10-14 20:53 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-10-14 20:53 - 2014-09-18 20:50 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-10-14 20:53 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-10-14 20:53 - 2014-09-18 20:44 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-10-14 20:53 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-10-14 20:53 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-10-14 20:53 - 2014-09-18 20:20 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-10-14 20:53 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-10-14 20:53 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-10-14 20:53 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-10-14 20:53 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-10-14 20:53 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-10-14 20:43 - 2014-10-09 21:44 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-10-14 20:42 - 2014-10-09 21:44 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-10-14 20:42 - 2014-10-09 21:39 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-10-14 20:42 - 2014-09-28 20:41 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-10-14 20:41 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
    2014-10-14 19:49 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
    2014-10-14 19:49 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
    2014-10-14 19:49 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
    2014-10-14 19:45 - 2014-10-14 19:45 - 00000755 _____ () C:\Users\Angie\Desktop\JRT.txt
    2014-10-14 19:41 - 2014-10-14 19:41 - 00000000 ____D () C:\windows\ERUNT
    2014-10-14 19:04 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-10-14 19:04 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
    2014-10-14 19:04 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
    2014-10-14 19:04 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
    2014-10-14 19:04 - 2014-07-16 21:39 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
    2014-10-14 19:04 - 2014-07-16 21:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
    2014-10-14 19:04 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
    2014-10-14 19:04 - 2014-07-16 21:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
    2014-10-14 19:04 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2014-10-14 19:04 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2014-10-14 19:04 - 2014-07-16 21:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
    2014-10-14 19:04 - 2014-07-16 21:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
    2014-10-14 19:03 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-10-14 19:03 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
    2014-10-14 19:03 - 2014-08-18 22:41 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
    2014-10-14 19:03 - 2014-08-18 22:41 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
    2014-10-14 19:03 - 2014-08-18 22:40 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
    2014-10-14 19:03 - 2014-08-18 22:40 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
    2014-10-14 19:03 - 2014-08-18 21:48 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
    2014-10-14 19:03 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00473600 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
    2014-10-14 19:03 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
    2014-10-14 19:03 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
    2014-10-14 19:03 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
    2014-10-14 19:03 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2014-10-14 19:03 - 2014-07-06 21:39 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
    2014-10-14 19:03 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
    2014-10-14 19:03 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
    2014-10-14 19:03 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
    2014-10-14 19:03 - 2014-07-06 21:28 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
    2014-10-14 19:03 - 2014-06-27 20:21 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
    2014-10-14 19:03 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
    2014-10-14 19:03 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
    2014-10-14 18:53 - 2014-10-14 18:53 - 00006465 _____ () C:\Users\Angie\Desktop\AdwCleaner[S0].txt
    2014-10-14 18:42 - 2014-10-14 18:49 - 00000000 ____D () C:\AdwCleaner
    2014-10-14 18:39 - 2014-10-14 18:41 - 01705698 _____ (Thisisu) C:\Users\Angie\Desktop\JRT.exe
    2014-10-14 18:37 - 2014-10-14 18:39 - 01976320 _____ () C:\Users\Angie\Desktop\AdwCleaner.exe
    2014-10-13 11:14 - 2014-10-13 11:16 - 00045287 _____ () C:\Users\Angie\Desktop\Addition.txt
    2014-10-13 11:13 - 2014-10-16 21:15 - 00022350 _____ () C:\Users\Angie\Desktop\FRST.txt
    2014-10-13 11:11 - 2014-10-16 21:14 - 00000000 ____D () C:\FRST
    2014-10-13 11:09 - 2014-10-13 11:10 - 01101824 _____ (Farbar) C:\Users\Angie\Desktop\FRST.exe
    2014-10-13 11:06 - 2014-10-13 11:06 - 00002014 _____ () C:\Users\Angie\Desktop\aswMBR.txt
    2014-10-13 11:06 - 2014-10-13 11:06 - 00000512 _____ () C:\Users\Angie\Desktop\MBR.dat
    2014-10-13 10:58 - 2014-10-13 10:58 - 00149912 _____ () C:\windows\Minidump\101314-23197-01.dmp
    2014-10-13 10:45 - 2014-10-13 10:53 - 05185536 _____ (AVAST Software) C:\Users\Angie\Desktop\aswMBR.exe
    2014-10-12 18:22 - 2014-10-12 18:22 - 00000000 ____D () C:\Users\Angie\AppData\Local\VS Revo Group
    2014-10-12 18:21 - 2014-10-12 18:21 - 00000000 ____D () C:\ProgramData\VS Revo Group
    2014-10-12 18:21 - 2014-10-12 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    2014-10-12 18:21 - 2014-10-12 18:21 - 00000000 ____D () C:\Program Files\VS Revo Group
    2014-10-12 18:21 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
    2014-10-12 18:17 - 2014-10-12 18:20 - 10691640 _____ (VS Revo Group ) C:\Users\Angie\Downloads\RevoUninProSetup.exe
    2014-10-12 17:15 - 2014-10-12 17:15 - 00000000 ____D () C:\Users\Angie\Desktop\Malwarebytes Anti-Malware
    2014-10-12 17:10 - 2014-10-12 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012 (1).exe
    2014-10-12 08:53 - 2014-10-12 08:53 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
    2014-10-12 08:53 - 2014-10-12 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-10-12 08:53 - 2014-10-12 08:53 - 00000000 ____D () C:\Program Files\Common Files\Java
    2014-10-12 08:53 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
    2014-10-12 08:53 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
    2014-10-12 08:53 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\system32\java.exe
    2014-10-12 08:52 - 2014-10-12 08:53 - 00004477 _____ () C:\windows\system32\jupdate-1.7.0_67-b01.log
    2014-10-12 00:06 - 2014-10-12 00:21 - 30856384 _____ (Microsoft Corporation) C:\Users\Angie\Downloads\Windows-KB890830-V5.16 (1).exe
    2014-10-11 23:34 - 2014-10-11 23:42 - 30856384 _____ (Microsoft Corporation) C:\Users\Angie\Downloads\Windows-KB890830-V5.16.exe
    2014-09-30 19:57 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
    2014-09-24 21:23 - 2014-10-16 20:04 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-09-24 16:55 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
    2014-09-19 22:02 - 2014-09-19 22:02 - 00000000 ____D () C:\ProgramData\boost_interprocess
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-10-16 21:10 - 2012-04-12 07:19 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-10-16 21:09 - 2014-05-09 18:47 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004UA1cf6bd8b226d12a.job
    2014-10-16 21:09 - 2014-04-03 20:42 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4f9ebbfa075c.job
    2014-10-16 21:09 - 2009-10-22 04:37 - 01246242 _____ () C:\windows\WindowsUpdate.log
    2014-10-16 21:09 - 2009-07-14 00:39 - 00214820 _____ () C:\windows\setupact.log
    2014-10-16 21:08 - 2009-10-22 04:48 - 10821467 _____ () C:\FaceProv.log
    2014-10-16 21:08 - 2009-10-22 04:46 - 00000000 ____D () C:\ProgramData\VeriFace
    2014-10-16 21:08 - 2009-08-25 04:19 - 00000270 _____ () C:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    2014-10-16 20:13 - 2014-04-16 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2014-10-16 20:13 - 2010-08-15 18:59 - 00001844 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
    2014-10-16 20:13 - 2009-07-14 00:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-16 20:13 - 2009-07-14 00:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-16 20:04 - 2012-02-02 20:34 - 00000880 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-16 20:04 - 2009-07-14 00:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-10-16 19:36 - 2014-02-17 21:38 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004Core1cf2c4a16b9c432.job
    2014-10-16 19:04 - 2009-08-25 04:17 - 00922074 _____ () C:\windows\PFRO.log
    2014-10-15 20:19 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\Microsoft.NET
    2014-10-15 20:07 - 2014-09-13 12:01 - 00000000 ____D () C:\Program Files\Web Protect
    2014-10-15 20:07 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\registration
    2014-10-15 18:44 - 2009-07-14 00:33 - 00406136 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-10-15 18:42 - 2014-05-09 17:54 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-10-15 18:26 - 2009-08-25 04:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-10-14 21:37 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\NDF
    2014-10-14 20:02 - 2013-07-18 08:12 - 00000000 ____D () C:\windows\system32\MRT
    2014-10-14 19:53 - 2010-07-08 08:35 - 100290944 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-10-13 10:58 - 2013-12-11 19:20 - 326823133 _____ () C:\windows\MEMORY.DMP
    2014-10-13 10:58 - 2013-12-11 19:20 - 00000000 ____D () C:\windows\Minidump
    2014-10-12 08:53 - 2013-11-02 13:11 - 00000000 ____D () C:\ProgramData\Oracle
    2014-10-12 08:53 - 2010-08-31 15:39 - 00000000 ____D () C:\Program Files\Java
    2014-10-12 04:51 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\rescache
    2014-09-27 08:13 - 2012-04-12 07:19 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
    2014-09-27 08:13 - 2011-06-29 09:00 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
    2014-09-24 17:32 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\GroupPolicy
    2014-09-24 15:18 - 2009-07-13 22:04 - 00000612 _____ () C:\windows\win.ini
    2014-09-19 21:40 - 2014-08-30 17:44 - 00001348 _____ () C:\Users\Angie\Desktop\ROBLOX Player.lnk
    2014-09-19 21:40 - 2014-08-30 17:33 - 00001167 _____ () C:\Users\Angie\Desktop\ROBLOX Studio 2013.lnk
    2014-09-19 21:40 - 2014-08-30 17:33 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
    2014-09-16 19:09 - 2011-09-07 11:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2014-09-16 19:09 - 2011-09-07 11:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe
     
    Some content of TEMP:
    ====================
    C:\Users\Angie\AppData\Local\Temp\20130227082026762jniverify.dll
    C:\Users\Angie\AppData\Local\Temp\contentDATs.exe
    C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate.exe
    C:\Users\Angie\AppData\Local\Temp\FreeConverter_stub.exe
    C:\Users\Angie\AppData\Local\Temp\G2MInstallerExtractor.exe
    C:\Users\Angie\AppData\Local\Temp\installhelper.dll
    C:\Users\Angie\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
    C:\Users\Angie\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
    C:\Users\Angie\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
    C:\Users\Angie\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
    C:\Users\Angie\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\Angie\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Angie\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\Angie\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Angie\AppData\Local\Temp\Quarantine.exe
    C:\Users\Angie\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\Angie\AppData\Local\Temp\SpOrder.dll
    C:\Users\Angie\AppData\Local\Temp\sqlite3.dll
    C:\Users\Angie\AppData\Local\Temp\SRAssetsHelper.dll
    C:\Users\Angie\AppData\Local\Temp\{01A2BC51-FC48-43A7-BB95-EE2B18358669}-35.0.1916.114_34.0.1847.137_chrome_updater.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-10-11 13:14
     
    ==================== End Of Log ============================
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-10-2014 01
    Ran by Angie at 2014-10-16 21:16:00
    Running from C:\Users\Angie\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
     Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
     Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
    2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
    Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
    Adobe AIR (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
    Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,2,385,0 - Adobe Systems Incorporated)
    Adobe Connect Add-in (HKCU\...\Adobe Connect Add-in) (Version:  - )
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
    AT&T Connect Participant Application v9.0.82 (HKLM\...\{1F3A6960-8470-4C84-820C-EBFFAF4DA580}) (Version: 9.0.82 - AT&T Inc.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
    Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.01 - Broadcom Corporation)
    Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
    Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
    Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.4.0 - Conexant)
    DIBS (Version: 1.7.0 - DDNI) Hidden
    EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo)
    Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.3.1.1 - Lenovo)
    Git version 1.9.2-preview20140411 (HKLM\...\Git_is1) (Version: 1.9.2-preview20140411 - The Git Development Community)
    Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
    Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
    GoToMeeting 5.9.0.1207 (HKCU\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
    GuardedID (HKLM\...\{9191979D-821C-4EA8-B021-2DA1D859A7C5}) (Version: 0.03.1026 - StrikeForce Technologies, Inc)
    iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
    ID Vault (HKLM\...\ID Vault) (Version: 5.8.1111.0 - White Sky, Inc.)
    Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
    Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
    iTunes (HKLM\...\{C8EBB0DE-5655-4D32-99E1-9447E702A89F}) (Version: 11.1.2.32 - Apple Inc.)
    Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
    Lenovo EasyCamera (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50.6 - Suyin Optronics Corp.)
    Lenovo First Boot (HKLM\...\{F2602F16-02D1-4F1C-99A5-E246C522A59D}) (Version: 1.7.2.2 - DDNI)
    Lenovo Idea Central (HKLM\...\Lenovo Idea Central) (Version: 1.7.2.3 - DDNI)
    Lenovo Idea Notes (HKLM\...\{A06E1854-1580-4157-AD70-72734D324DEA}) (Version: 1.5.1 - DDNI)
    Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden
    Lenovo ReadyComm 5 (HKLM\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.17 - Lenovo)
    Lenovo ReadyComm 5.0 Service (HKLM\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
    Lights Out (HKLM\...\Lights Out) (Version:  - )
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    McAfee AntiVirus Plus (HKLM\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
    McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Live Meeting 2007 (HKLM\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
    Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
    Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Store Download Manager (HKLM\...\{A3D88A98-506E-4CFC-B294-E256C679B0EE}) (Version: 2.5.2219.1 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)
    My Photo Adventure (HKLM\...\My Photo Adventure) (Version: 4.0 - Inter-State Studio)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    OverDrive Media Console (HKLM\...\{7A9AB748-A66C-46C2-84CA-D3185727C9B0}) (Version: 3.3.1 - OverDrive, Inc.)
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d1 - CyberLink Corp.)
    PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
    Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
    Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
    ROBLOX Player for Angie (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
    RStudio (HKLM\...\RStudio) (Version: 0.98.507 - RStudio)
    Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
    Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Symantec Enterprise Vault Outlook Add-In (HKLM\...\{F8E222C8-A19E-4E77-BA75-38815A39B999}) (Version: 10.0.1316 - Symantec Corporation)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
    Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{23AE87D8-AB2F-4539-935C-442BC976F469}) (Version:  - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
    VeriFace (HKLM\...\VeriFace) (Version: 3.6.0.0730 - Lenovo)
    WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
    Widevine Media Optimizer IE 6.0.0 (HKCU\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)
    Windows Live Toolbar (HKLM\...\Windows Live Toolbar) (Version: 03.01.0130 - Microsoft Corporation)
    Windows Live Toolbar (Version: 03.01.0130 - Microsoft Corporation) Hidden
    Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{01E0A80A-97FD-4FC2-B75D-C754396CD255}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{156B30E4-2D3D-4257-A340-9BDD2E972E2E}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\Video2ActiveXWnd.OCX ()
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{2087C2F4-2CEF-4953-A8AB-66779B670495}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Utilities\winhttp.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{2115F58A-CE09-47CC-A0B1-A8A2EC0C5423}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\webex\1226\atucfobj.dll (Cisco WebEx LLC)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{48A60FE8-C446-4371-95EB-258B14DCC5AC}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{5A31DC2C-BC50-4F71-93B8-2EC648404AF3}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\Video2ActiveXWnd.OCX ()
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Angie\AppData\Local\Roblox\Versions\version-a730860d440c4e6c\RobloxProxy.dll (ROBLOX Corporation)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{7949C823-54C6-40F0-8D85-2348247E6820}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Utilities\IWMaterials.OCX (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{795B06EA-58E8-482C-AF11-A7E4E34DA16F}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{7A162288-DE78-473C-A6BA-23FF17F768E9}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{83730EE4-6C46-11CF-A524-0080C77A7786}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\MSMASK32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1207\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{88BE9158-3A40-4907-B2F0-7E72496A9596}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{8A3C5585-D1ED-4EC0-B3C4-94998094E5BB}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{8CC82228-2200-4D22-9859-B762582F6D31}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{C932BA85-4374-101B-A56C-00AA003668DC}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\MSMASK32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files\Git\git-cheetah\git_shell_ext.dll ()
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{CC9F903E-1C4B-4596-B410-982107EC4899}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\windows\system32\MSVBVM60.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{DE471660-5535-47A8-949A-9DA95A72951F}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Utilities\IWMaterials.OCX (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Angie\AppData\Local\Roblox\Versions\version-a730860d440c4e6c\RobloxProxy64.dll (ROBLOX Corporation)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{defa762b-ebc6-4ce2-a48c-32b232aac64d}\InprocServer32 -> C:\Users\Angie\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{E169D2B5-9411-47B9-A473-345A3FB57090}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{F4A2332C-B453-4424-A142-AB9C51BAE2AF}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{F8ACB9F2-2A7D-4261-AA37-A39448C23CAE}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\dsoframer.ocx (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
     
    ==================== Restore Points  =========================
     
    24-09-2014 20:55:11 Windows Update
    25-09-2014 01:11:26 Windows Backup
    25-09-2014 07:00:15 Windows Update
    29-09-2014 12:15:10 Windows Backup
    30-09-2014 23:57:48 Windows Update
    02-10-2014 00:01:57 Windows Update
    06-10-2014 21:14:57 Windows Backup
    08-10-2014 01:23:16 Windows Update
    12-10-2014 12:51:02 Installed Java 7 Update 67
    12-10-2014 22:25:03 Revo Uninstaller Pro's restore point - Web Protect for Windows
    12-10-2014 23:02:44 Windows Backup
    14-10-2014 23:01:50 Windows Update
    14-10-2014 23:49:44 Windows Update
    15-10-2014 22:18:46 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 22:04 - 2013-12-19 10:49 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {229F8523-B27B-4BC3-84D5-B0EB3D406E57} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004Core1cf2c4a16b9c432 => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
    Task: {23D2B41E-22AF-4C5A-B248-D8463F4A89F0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {46C23D4D-DAEB-462C-A0CE-A4042D9D5CB2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27] (Adobe Systems Incorporated)
    Task: {4E76C36C-97F0-430A-ADB7-EB1CAB5CA9D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {6FA06986-0883-40A8-86CD-1C18A05BC695} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4f9ebbfa075c => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-02] (Google Inc.)
    Task: {A0906B02-D0E8-485C-BBF1-679FDF255A1D} - System32\Tasks\Check Updates for Windows Live Toolbar => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12] (Microsoft Corporation)
    Task: {A58FA3DB-B21A-4A56-AF02-A02CD0365B91} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-02] (Google Inc.)
    Task: {B04D33F7-D032-4780-A262-94A1EF9F7700} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004UA1cf6bd8b226d12a => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\Check Updates for Windows Live Toolbar.job => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4f9ebbfa075c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004Core1cf2c4a16b9c432.job => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004UA1cf6bd8b226d12a.job => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-09-13 12:02 - 2014-09-01 14:28 - 00304776 _____ () C:\windows\system32\MyOSProtect.dll
    2013-10-10 17:48 - 2013-10-10 17:48 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
    2011-02-11 21:29 - 2009-12-20 21:42 - 00176235 _____ () C:\windows\System32\Primomonnt.dll
    2009-06-12 16:32 - 2009-06-12 16:32 - 00104456 _____ () C:\windows\system32\EasyHook32.dll
    2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2009-10-22 04:46 - 2009-10-22 04:45 - 01410312 _____ () C:\windows\system32\IcnOvrly.dll
    2009-10-22 04:46 - 2009-10-22 04:45 - 00513288 _____ () C:\windows\system32\SimpleExt.dll
    2014-05-23 20:27 - 2014-04-11 14:40 - 00334464 _____ () C:\Program Files\Git\git-cheetah\git_shell_ext.dll
    2009-08-25 04:14 - 2009-01-29 08:26 - 00117264 _____ () c:\Program Files\McAfee\SiteAdvisor\apengine.dll
    2009-08-25 04:14 - 2009-01-29 08:27 - 00071696 _____ () c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
    2009-08-25 04:14 - 2009-01-29 08:27 - 00207376 _____ () c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
    2009-10-22 04:45 - 2009-10-22 04:45 - 00492808 _____ () C:\Program Files\Lenovo\VeriFace\ChooseLang.dll
    2009-10-22 04:46 - 2008-12-19 23:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
    2009-10-22 04:46 - 2008-12-19 23:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
    2011-04-27 13:22 - 2011-04-27 13:22 - 00031744 _____ () C:\Users\Angie\AppData\Local\ATT Connect\Participant\IwRegVC90.dll
    2011-04-21 11:10 - 2011-04-21 11:10 - 00418304 _____ () C:\Users\Angie\AppData\Local\ATT Connect\Participant\exchndl.dll
    2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
    2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
    2010-12-04 15:00 - 2010-12-04 15:00 - 00067400 _____ () C:\Program Files\ID Vault\IdVaultCore.XmlSerializers.dll
    2014-09-12 11:42 - 2014-09-03 23:01 - 01098056 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
    2014-09-12 11:42 - 2014-09-03 23:01 - 00174408 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\libegl.dll
    2014-09-12 11:42 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll
    2014-09-12 11:42 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
    2014-09-12 11:42 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\ProgramData\Temp:6017A808
    AlternateDataStreams: C:\ProgramData\Temp:E51234A9
    AlternateDataStreams: C:\Users\Angie\Documents\3rd party auth.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\Angie\Documents\3rd party auth.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-3861706144-2676772620-90763643-500 - Administrator - Disabled)
    Angie (S-1-5-21-3861706144-2676772620-90763643-1004 - Administrator - Enabled) => C:\Users\Angie
    Guest (S-1-5-21-3861706144-2676772620-90763643-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3861706144-2676772620-90763643-1005 - Limited - Enabled)
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (10/16/2014 09:08:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3102501
     
    Error: (10/16/2014 09:08:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3102501
     
    Error: (10/16/2014 09:08:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (10/16/2014 09:08:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3097197
     
    Error: (10/16/2014 09:08:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3097197
     
    Error: (10/16/2014 09:08:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (10/16/2014 07:00:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 78263642
     
    Error: (10/16/2014 07:00:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 78263642
     
    Error: (10/16/2014 07:00:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (10/15/2014 09:16:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9828
     
     
    System errors:
    =============
    Error: (10/16/2014 08:05:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
     
    Error: (10/16/2014 08:04:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The UpdaterSvcKlipPal service failed to start due to the following error: 
    %%2
     
    Error: (10/16/2014 07:05:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
     
    Error: (10/16/2014 07:04:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The UpdaterSvcKlipPal service failed to start due to the following error: 
    %%2
     
    Error: (10/16/2014 07:00:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: 
    %%1053
     
    Error: (10/16/2014 07:00:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: 
    %%1053
     
    Error: (10/16/2014 07:00:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Peer Networking Identity Manager service failed to start due to the following error: 
    %%1053
     
    Error: (10/16/2014 07:00:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
     
    Error: (10/15/2014 08:09:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
     
    Error: (10/15/2014 08:08:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The UpdaterSvcKlipPal service failed to start due to the following error: 
    %%2
     
     
    Microsoft Office Sessions:
    =========================
    Error: (12/11/2013 07:17:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 7376 seconds with 3420 seconds of active time.  This session ended with a crash.
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2013-09-06 20:49:34.219
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:33.899
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:33.559
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:33.249
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:32.955
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:32.940
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:32.597
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:32.193
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:31.543
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:31.223
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
     
    ==================== Memory info =========================== 
     
    Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
    Percentage of memory in use: 48%
    Total physical RAM: 3032.6 MB
    Available physical RAM: 1555.43 MB
    Total Pagefile: 6063.49 MB
    Available Pagefile: 4129.61 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1927.53 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:187.67 GB) (Free:77.41 GB) NTFS
    Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:0.01 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 3FC4B4DF)
    Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=187.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=30.2 GB) - (Type=OF Extended)
    Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
     
    ==================== End Of Log ============================


    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 17 October 2014 - 04:50 AM

    Good Morning,

     

    We need to remove MyOSProtect.dll from your LSP Stack, its a group of legitimate files that are basically like a stepping stone to the internet, sometimes a  good file is added for example a Parental Control Program that monitors traffic coming in and out of your computer, in your case MyOSProtect.dll    is a bad file and needs to be removed, you need to read and reread the instructions very carefully, if you can print them out and have them next to you, all the files in the stack are legit except for MyOSProtect.dll , we want to remove the bad one and leave all the others alone, if you remove a legit one by accident you will lose your intenet

     

    You wont get a log after this fix so dont knock yourself out looking for it but you should get a box stating that the removing the file was successful, I need to know that please

     

     
    •  
    • Please download LSPFix to your Desktop
    • Disconnect from the internet.
    • Go to where you downloaded LSPFix and run the LSPFix.exe by right clicking on it and selecting RUN AS ADMINISTATOR
    • Check the I know what I'm doing box.
    • In the Keep box you should see one or more instances of MyOSProtect.dll
    • Select every instance of MyOSProtect.dll and move each one to the Remove box by clicking the >> button.
    • When you are done click Finish.
     
    LSP Tutorial <-- If you need it.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #11 ambrown2

    ambrown2

      New Member

    • Authentic Member
    • Pip
    • 10 posts

    Posted 17 October 2014 - 05:16 PM

    I ran the LSP tool as instructed and removed one instance of MyOSProtect.dll. The summary box after the tool ran said:  "Repair complete. 

    0 NameSpace provider entries removed

    0 NameSpace provider entries renumbered

    5 Protocol provider entries removed

    29 Protocol provider entries renumbered."

     

    I restarted my computer and nearly immediately received a pop-up alert from McAfee saying that a Potentially Unwanted Program was blocked. I can still access the internet. Here's what the alert said:

     

    Potentially Unwanted Program Blocked

    About the Potentially Unwanted Program

    Name: Adware-WebProtect

    Quarantined from: C:\\Windows\system32\MyOSProtect.dll

     

    I simply closed the window. Please tell me what to do next.  Thanks - angie



    #12 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 17 October 2014 - 05:18 PM

    Good :thumbup:

     

    That bad file in the LSP stack was preventing it from being deleted elsewhere

     

    Run a new scan with FRST, check Additions and lets get rid of the rest of this pest



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #13 ambrown2

    ambrown2

      New Member

    • Authentic Member
    • Pip
    • 10 posts

    Posted 18 October 2014 - 10:16 AM

    I've run into a bit of a problem. I opened FRST to run it as instructed and it updated automatically. Now, when I try to run it as administrator, an error pops up and says "C:\Users\Angie\Desktop\FRST.exe is not a valid Win32 application." I still have a file on my desktop titled "FRST- OlderVersion" - I investigated running that, but there's not an option to Run as Administrator. What would you have me do? - Thanks, Angie



    #14 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 18 October 2014 - 10:59 AM

    Lets bypass that for the moment and run Malwarebytes, it should get the rest of that infection

     

    Download Malwarebytes' Anti-Malware  to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    MBAMDashboard_zpsddef9b5f.gif

    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Threat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #15 ambrown2

    ambrown2

      New Member

    • Authentic Member
    • Pip
    • 10 posts

    Posted 18 October 2014 - 06:31 PM

    I ran Malwarebytes and it did not detect any issues. However, my McAfee has still identified Adware-WebProtect as a problem. Should I tell it to remove the Program?

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 10/18/2014
    Scan Time: 3:57:43 PM
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.3.1025
    Malware Database: v2014.10.18.06
    Rootkit Database: v2014.10.17.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Angie
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 297817
    Time Elapsed: 10 min, 41 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 0
    (No malicious items detected)
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users