Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

WebProtect Infection on Windows 7 [Solved]


  • This topic is locked This topic is locked
20 replies to this topic

#16 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 18 October 2014 - 06:54 PM

Yes, let it if it can, might be just some leftover files or what not

 

Drag FRST to the trash and lets download a new copy and make sure you check additions and post both logs, make sure you download it to your desktop  . 

 

You need the 32 bit version

 

 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check 
  • *List BCD
    *Drivers MD5
    *Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #17 ambrown2

    ambrown2

      New Member

    • Authentic Member
    • Pip
    • 10 posts

    Posted 19 October 2014 - 02:15 PM

    McAfee seems to think that it has quarantined WebProtect. I still have a file folder on my hard drive entitled "C:\Program Files\Web Protect" - could I/should I drag it to the recycle bin? 

     

    Logs:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2014
    Ran by Angie (administrator) on ANGIE-PC on 19-10-2014 16:03:47
    Running from C:\Users\Angie\Desktop
    Loaded Profile: Angie (Available profiles: Angie)
    Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    (Malwarebytes Corporation) C:\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Malwarebytes Corporation) C:\Malwarebytes Anti-Malware\mbamservice.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Malwarebytes Corporation) C:\Malwarebytes Anti-Malware\mbam.exe
    (Digital Delivery Networks, Inc.) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (Lenovo) C:\Program Files\Lenovo\VeriFace\PManage.exe
    (Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
    (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (StrikeForce Technologies Inc.) C:\Program Files\SFT\GuardedID\GIDD.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (White Sky, Inc.) C:\Program Files\ID Vault\IDVaultSvc.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (AT&T Inc.) C:\Users\Angie\AppData\Local\ATT Connect\Participant\pull.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    (White Sky, Inc.) C:\Program Files\ID Vault\IDVault.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (Digital Delivery Networks, Inc.) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
    (Digital Delivery Networks, Inc.) C:\Program Files\DDNI\DIBS\DDNIService.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
    (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [163840 2008-03-26] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [IdeaNotesUser] => C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe [221872 2009-08-24] (Digital Delivery Networks, Inc.)
    HKLM\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe
    HKLM\...\Run: [PLFSetL] => C:\windows\PLFSetL.exe
    HKLM\...\Run: [VeriFaceManager] => C:\Program Files\Lenovo\VeriFace\PManage.exe [3122440 2009-10-22] (Lenovo)
    HKLM\...\Run: [UpdateP2GShortCut] => C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
    HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4081480 2009-07-15] (Lenovo(beijing) Limited)
    HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064520 2009-06-25] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [GIDDesktop] => C:\Program Files\SFT\GuardedID\gidd.exe [391944 2010-09-20] (StrikeForce Technologies Inc.)
    HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
    HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
    HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
    HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\Run: [Push Client] => C:\Users\Angie\AppData\Local\ATT Connect\Participant\pull.exe [966944 2011-04-27] (AT&T Inc.)
    HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\Run: [Google Update] => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-10] (Google Inc.)
    HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-3861706144-2676772620-90763643-1004\...\MountPoints2: {0a8be379-9c51-11e2-a999-002622cd26d2} - F:\DT4000_Launcher.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ID Vault.lnk
    ShortcutTarget: ID Vault.lnk -> C:\Program Files\ID Vault\IDVault.exe (White Sky, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
    URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    SearchScopes: HKCU - {E1C1E76D-CDBC-49A0-8873-A7B3A2FB54CB} URL = https://search.yahoo...p={SearchTerms}
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: GuardId.MSIEBrowser.BHO -> {5b0a01d2-b8a0-4e56-9e6b-cba0ef4b4eb5} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...nt/ieatgpc1.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\Angie\AppData\Local\Roblox\Versions\version-a730860d440c4e6c\\NPRobloxProxy.dll ( ROBLOX Corporation)
    FF Plugin HKCU: @nsroblox.roblox.com/launcher64 -> C:\Users\Angie\AppData\Local\Roblox\Versions\version-a730860d440c4e6c\\NPRobloxProxy64.dll ( ROBLOX Corporation)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: google.com/WidevineMediaOptimizer -> C:\Users\Angie\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2009-08-25]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-20]
    CHR Extension: (Google Drive) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-20]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (YouTube) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-20]
    CHR Extension: (Google Search) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-20]
    CHR Extension: (SiteAdvisor) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-09-20]
    CHR Extension: (Google Wallet) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
    CHR Extension: (Gmail) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-20]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S2 0237611413748351mcinstcleanup; C:\windows\TEMP\023761~1.EXE [836168 2014-03-13] (McAfee, Inc.)
    R2 DDNIMSGService; C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [171872 2010-07-20] (Digital Delivery Networks, Inc.) [File not signed]
    R2 DDNIService; C:\Program Files\DDNI\DIBS\DDNIService.exe [163680 2010-07-23] (Digital Delivery Networks, Inc.) [File not signed]
    R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 IDVaultSvc; C:\Program Files\ID Vault\IDVaultSvc.exe [42312 2010-12-04] (White Sky, Inc.)
    R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
    S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [414984 2009-07-28] (Lenovo Group Limited)
    S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [472328 2009-07-28] (Lenovo Group Limited)
    R2 MBAMScheduler; C:\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-09-23] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
    S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
    S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
    R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
    R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)
    S2 UpdaterSvcKlipPal; "C:\Program Files\Klip Pal\updater.exe" [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
    S3 acsock; C:\windows\System32\DRIVERS\acsock.sys [92528 2013-10-10] (Cisco Systems, Inc.)
    S3 Bridge0; C:\windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
    R3 cfwids; C:\windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
    R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [54800 2009-10-22] ()
    R1 GIDv2; C:\windows\system32\Drivers\GIDv2.sys [25360 2010-09-20] (StrikeForce Technologies, Inc.)
    S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-18] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
    R3 mfeapfk; C:\windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
    S3 mfebopk; C:\windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
    R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
    R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)
    S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)
    R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
    R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1759616 2009-03-13] ()
    S3 vpnva; C:\windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.)
    R3 wdmirror; C:\windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows ® Codename Longhorn DDK provider)
    S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-10-19 16:03 - 2014-10-19 16:04 - 00022140 _____ () C:\Users\Angie\Desktop\FRST.txt
    2014-10-19 16:02 - 2014-10-19 16:02 - 01103360 _____ (Farbar) C:\Users\Angie\Desktop\FRST.exe
    2014-10-17 18:57 - 2014-10-17 18:57 - 00186880 _____ (CEXX.ORG) C:\Users\Angie\Desktop\LSPFix.exe
    2014-10-15 19:46 - 2014-10-18 18:53 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-15 19:46 - 2014-10-15 19:46 - 00000701 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-15 19:46 - 2014-10-15 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-15 19:46 - 2014-10-15 19:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-15 19:46 - 2014-10-15 19:46 - 00000000 ____D () C:\Malwarebytes Anti-Malware
    2014-10-15 19:46 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-10-15 19:46 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-10-15 19:46 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-10-15 19:41 - 2014-10-15 19:43 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Angie\Desktop\mbam-setup-2.0.3.1025.exe
    2014-10-15 18:17 - 2014-10-15 18:19 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Angie\Desktop\mbam-clean-2.1.1.1001.exe
    2014-10-14 21:16 - 2014-10-14 21:16 - 00001057 _____ () C:\Users\Angie\Desktop\mbam.txt
    2014-10-14 20:53 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-10-14 20:53 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-10-14 20:53 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-10-14 20:53 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-10-14 20:53 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-10-14 20:53 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-10-14 20:53 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-10-14 20:53 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-10-14 20:53 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-10-14 20:53 - 2014-09-18 21:14 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-10-14 20:53 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-10-14 20:53 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-10-14 20:53 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-10-14 20:53 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-10-14 20:53 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-10-14 20:53 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-10-14 20:53 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-10-14 20:53 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-10-14 20:53 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-10-14 20:53 - 2014-09-18 20:50 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-10-14 20:53 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-10-14 20:53 - 2014-09-18 20:44 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-10-14 20:53 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-10-14 20:53 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-10-14 20:53 - 2014-09-18 20:20 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-10-14 20:53 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-10-14 20:53 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-10-14 20:53 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-10-14 20:53 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-10-14 20:53 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-10-14 20:43 - 2014-10-09 21:44 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-10-14 20:42 - 2014-10-09 21:44 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-10-14 20:42 - 2014-10-09 21:39 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-10-14 20:42 - 2014-09-28 20:41 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-10-14 20:41 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
    2014-10-14 19:49 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
    2014-10-14 19:49 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
    2014-10-14 19:49 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
    2014-10-14 19:45 - 2014-10-14 19:45 - 00000755 _____ () C:\Users\Angie\Desktop\JRT.txt
    2014-10-14 19:41 - 2014-10-14 19:41 - 00000000 ____D () C:\windows\ERUNT
    2014-10-14 19:04 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-10-14 19:04 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
    2014-10-14 19:04 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
    2014-10-14 19:04 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
    2014-10-14 19:04 - 2014-07-16 21:39 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
    2014-10-14 19:04 - 2014-07-16 21:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
    2014-10-14 19:04 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
    2014-10-14 19:04 - 2014-07-16 21:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
    2014-10-14 19:04 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2014-10-14 19:04 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2014-10-14 19:04 - 2014-07-16 21:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
    2014-10-14 19:04 - 2014-07-16 21:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
    2014-10-14 19:03 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-10-14 19:03 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
    2014-10-14 19:03 - 2014-08-18 22:41 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
    2014-10-14 19:03 - 2014-08-18 22:41 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
    2014-10-14 19:03 - 2014-08-18 22:40 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
    2014-10-14 19:03 - 2014-08-18 22:40 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
    2014-10-14 19:03 - 2014-08-18 21:48 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
    2014-10-14 19:03 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00473600 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
    2014-10-14 19:03 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
    2014-10-14 19:03 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
    2014-10-14 19:03 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
    2014-10-14 19:03 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
    2014-10-14 19:03 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2014-10-14 19:03 - 2014-07-06 21:39 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
    2014-10-14 19:03 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
    2014-10-14 19:03 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
    2014-10-14 19:03 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
    2014-10-14 19:03 - 2014-07-06 21:28 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
    2014-10-14 19:03 - 2014-06-27 20:21 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
    2014-10-14 19:03 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
    2014-10-14 19:03 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
    2014-10-14 18:53 - 2014-10-14 18:53 - 00006465 _____ () C:\Users\Angie\Desktop\AdwCleaner[S0].txt
    2014-10-14 18:42 - 2014-10-14 18:49 - 00000000 ____D () C:\AdwCleaner
    2014-10-14 18:39 - 2014-10-14 18:41 - 01705698 _____ (Thisisu) C:\Users\Angie\Desktop\JRT.exe
    2014-10-14 18:37 - 2014-10-14 18:39 - 01976320 _____ () C:\Users\Angie\Desktop\AdwCleaner.exe
    2014-10-13 11:11 - 2014-10-19 16:03 - 00000000 ____D () C:\FRST
    2014-10-13 11:06 - 2014-10-13 11:06 - 00002014 _____ () C:\Users\Angie\Desktop\aswMBR.txt
    2014-10-13 11:06 - 2014-10-13 11:06 - 00000512 _____ () C:\Users\Angie\Desktop\MBR.dat
    2014-10-13 10:58 - 2014-10-13 10:58 - 00149912 _____ () C:\windows\Minidump\101314-23197-01.dmp
    2014-10-13 10:45 - 2014-10-13 10:53 - 05185536 _____ (AVAST Software) C:\Users\Angie\Desktop\aswMBR.exe
    2014-10-12 18:22 - 2014-10-12 18:22 - 00000000 ____D () C:\Users\Angie\AppData\Local\VS Revo Group
    2014-10-12 18:21 - 2014-10-12 18:21 - 00000000 ____D () C:\ProgramData\VS Revo Group
    2014-10-12 18:21 - 2014-10-12 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    2014-10-12 18:21 - 2014-10-12 18:21 - 00000000 ____D () C:\Program Files\VS Revo Group
    2014-10-12 18:21 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
    2014-10-12 18:17 - 2014-10-12 18:20 - 10691640 _____ (VS Revo Group ) C:\Users\Angie\Downloads\RevoUninProSetup.exe
    2014-10-12 17:15 - 2014-10-12 17:15 - 00000000 ____D () C:\Users\Angie\Desktop\Malwarebytes Anti-Malware
    2014-10-12 17:10 - 2014-10-12 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012 (1).exe
    2014-10-12 08:53 - 2014-10-12 08:53 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
    2014-10-12 08:53 - 2014-10-12 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-10-12 08:53 - 2014-10-12 08:53 - 00000000 ____D () C:\Program Files\Common Files\Java
    2014-10-12 08:53 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
    2014-10-12 08:53 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
    2014-10-12 08:53 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\system32\java.exe
    2014-10-12 08:52 - 2014-10-12 08:53 - 00004477 _____ () C:\windows\system32\jupdate-1.7.0_67-b01.log
    2014-10-12 00:06 - 2014-10-12 00:21 - 30856384 _____ (Microsoft Corporation) C:\Users\Angie\Downloads\Windows-KB890830-V5.16 (1).exe
    2014-10-11 23:34 - 2014-10-11 23:42 - 30856384 _____ (Microsoft Corporation) C:\Users\Angie\Downloads\Windows-KB890830-V5.16.exe
    2014-09-30 19:57 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
    2014-09-24 21:23 - 2014-10-16 20:04 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-09-24 16:55 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
    2014-09-19 22:02 - 2014-09-19 22:02 - 00000000 ____D () C:\ProgramData\boost_interprocess
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-10-19 15:53 - 2009-07-14 00:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-19 15:53 - 2009-07-14 00:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-19 15:49 - 2014-09-13 12:01 - 00000000 ____D () C:\Program Files\Web Protect
    2014-10-19 15:49 - 2009-10-22 04:37 - 01333364 _____ () C:\windows\WindowsUpdate.log
    2014-10-19 15:45 - 2014-04-16 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2014-10-19 15:45 - 2010-08-15 18:59 - 00001844 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
    2014-10-19 15:45 - 2009-10-22 04:48 - 10861143 _____ () C:\FaceProv.log
    2014-10-19 15:37 - 2014-05-09 18:47 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004UA1cf6bd8b226d12a.job
    2014-10-19 15:37 - 2014-04-03 20:42 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4f9ebbfa075c.job
    2014-10-19 15:36 - 2012-04-12 07:19 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-10-19 15:36 - 2009-10-22 04:46 - 00000000 ____D () C:\ProgramData\VeriFace
    2014-10-19 15:36 - 2009-08-25 04:19 - 00000270 _____ () C:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    2014-10-19 15:36 - 2009-07-14 00:39 - 00215268 _____ () C:\windows\setupact.log
    2014-10-18 19:36 - 2014-02-17 21:38 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004Core1cf2c4a16b9c432.job
    2014-10-18 19:36 - 2012-02-02 20:34 - 00000880 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-18 19:04 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\rescache
    2014-10-17 19:03 - 2009-07-14 00:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-10-17 18:26 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\NDF
    2014-10-16 19:04 - 2009-08-25 04:17 - 00922074 _____ () C:\windows\PFRO.log
    2014-10-15 20:19 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\Microsoft.NET
    2014-10-15 20:07 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\registration
    2014-10-15 18:44 - 2009-07-14 00:33 - 00406136 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-10-15 18:42 - 2014-05-09 17:54 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-10-15 18:26 - 2009-08-25 04:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-10-14 20:02 - 2013-07-18 08:12 - 00000000 ____D () C:\windows\system32\MRT
    2014-10-14 19:53 - 2010-07-08 08:35 - 100290944 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-10-13 10:58 - 2013-12-11 19:20 - 326823133 _____ () C:\windows\MEMORY.DMP
    2014-10-13 10:58 - 2013-12-11 19:20 - 00000000 ____D () C:\windows\Minidump
    2014-10-12 08:53 - 2013-11-02 13:11 - 00000000 ____D () C:\ProgramData\Oracle
    2014-10-12 08:53 - 2010-08-31 15:39 - 00000000 ____D () C:\Program Files\Java
    2014-09-27 08:13 - 2012-04-12 07:19 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
    2014-09-27 08:13 - 2011-06-29 09:00 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
    2014-09-24 17:32 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\GroupPolicy
    2014-09-24 15:18 - 2009-07-13 22:04 - 00000612 _____ () C:\windows\win.ini
    2014-09-19 21:40 - 2014-08-30 17:44 - 00001348 _____ () C:\Users\Angie\Desktop\ROBLOX Player.lnk
    2014-09-19 21:40 - 2014-08-30 17:33 - 00001167 _____ () C:\Users\Angie\Desktop\ROBLOX Studio 2013.lnk
    2014-09-19 21:40 - 2014-08-30 17:33 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
     
    Some content of TEMP:
    ====================
    C:\Users\Angie\AppData\Local\Temp\20130227082026762jniverify.dll
    C:\Users\Angie\AppData\Local\Temp\contentDATs.exe
    C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate.exe
    C:\Users\Angie\AppData\Local\Temp\FreeConverter_stub.exe
    C:\Users\Angie\AppData\Local\Temp\G2MInstallerExtractor.exe
    C:\Users\Angie\AppData\Local\Temp\installhelper.dll
    C:\Users\Angie\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
    C:\Users\Angie\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
    C:\Users\Angie\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
    C:\Users\Angie\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
    C:\Users\Angie\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\Angie\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Angie\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\Angie\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Angie\AppData\Local\Temp\Quarantine.exe
    C:\Users\Angie\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\Angie\AppData\Local\Temp\SpOrder.dll
    C:\Users\Angie\AppData\Local\Temp\sqlite3.dll
    C:\Users\Angie\AppData\Local\Temp\SRAssetsHelper.dll
    C:\Users\Angie\AppData\Local\Temp\{01A2BC51-FC48-43A7-BB95-EE2B18358669}-35.0.1916.114_34.0.1847.137_chrome_updater.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-10-18 18:53
     
    ==================== End Of Log ============================
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2014
    Ran by Angie at 2014-10-19 16:05:29
    Running from C:\Users\Angie\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
    Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
    Adobe AIR (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
    Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,2,385,0 - Adobe Systems Incorporated)
    Adobe Connect Add-in (HKCU\...\Adobe Connect Add-in) (Version:  - )
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
    AT&T Connect Participant Application v9.0.82 (HKLM\...\{1F3A6960-8470-4C84-820C-EBFFAF4DA580}) (Version: 9.0.82 - AT&T Inc.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
    Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.01 - Broadcom Corporation)
    Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
    Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
    Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.4.0 - Conexant)
    DIBS (Version: 1.7.0 - DDNI) Hidden
    EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo)
    Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.3.1.1 - Lenovo)
    Git version 1.9.2-preview20140411 (HKLM\...\Git_is1) (Version: 1.9.2-preview20140411 - The Git Development Community)
    Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
    Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
    GoToMeeting 5.9.0.1207 (HKCU\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
    GuardedID (HKLM\...\{9191979D-821C-4EA8-B021-2DA1D859A7C5}) (Version: 0.03.1026 - StrikeForce Technologies, Inc)
    iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
    ID Vault (HKLM\...\ID Vault) (Version: 5.8.1111.0 - White Sky, Inc.)
    Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
    Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
    iTunes (HKLM\...\{C8EBB0DE-5655-4D32-99E1-9447E702A89F}) (Version: 11.1.2.32 - Apple Inc.)
    Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
    Lenovo EasyCamera (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50.6 - Suyin Optronics Corp.)
    Lenovo First Boot (HKLM\...\{F2602F16-02D1-4F1C-99A5-E246C522A59D}) (Version: 1.7.2.2 - DDNI)
    Lenovo Idea Central (HKLM\...\Lenovo Idea Central) (Version: 1.7.2.3 - DDNI)
    Lenovo Idea Notes (HKLM\...\{A06E1854-1580-4157-AD70-72734D324DEA}) (Version: 1.5.1 - DDNI)
    Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden
    Lenovo ReadyComm 5 (HKLM\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.17 - Lenovo)
    Lenovo ReadyComm 5.0 Service (HKLM\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
    Lights Out (HKLM\...\Lights Out) (Version:  - )
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    McAfee AntiVirus Plus (HKLM\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
    McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Live Meeting 2007 (HKLM\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
    Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Store Download Manager (HKLM\...\{A3D88A98-506E-4CFC-B294-E256C679B0EE}) (Version: 2.5.2219.1 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)
    My Photo Adventure (HKLM\...\My Photo Adventure) (Version: 4.0 - Inter-State Studio)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    OverDrive Media Console (HKLM\...\{7A9AB748-A66C-46C2-84CA-D3185727C9B0}) (Version: 3.3.1 - OverDrive, Inc.)
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d1 - CyberLink Corp.)
    PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
    Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
    Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
    ROBLOX Player for Angie (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
    RStudio (HKLM\...\RStudio) (Version: 0.98.507 - RStudio)
    Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
    Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Symantec Enterprise Vault Outlook Add-In (HKLM\...\{F8E222C8-A19E-4E77-BA75-38815A39B999}) (Version: 10.0.1316 - Symantec Corporation)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    VeriFace (HKLM\...\VeriFace) (Version: 3.6.0.0730 - Lenovo)
    WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
    Widevine Media Optimizer IE 6.0.0 (HKCU\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)
    Windows Live Toolbar (HKLM\...\Windows Live Toolbar) (Version: 03.01.0130 - Microsoft Corporation)
    Windows Live Toolbar (Version: 03.01.0130 - Microsoft Corporation) Hidden
    Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{01E0A80A-97FD-4FC2-B75D-C754396CD255}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{156B30E4-2D3D-4257-A340-9BDD2E972E2E}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\Video2ActiveXWnd.OCX ()
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{2087C2F4-2CEF-4953-A8AB-66779B670495}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Utilities\winhttp.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{2115F58A-CE09-47CC-A0B1-A8A2EC0C5423}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\webex\1226\atucfobj.dll (Cisco WebEx LLC)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{48A60FE8-C446-4371-95EB-258B14DCC5AC}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{5A31DC2C-BC50-4F71-93B8-2EC648404AF3}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\Video2ActiveXWnd.OCX ()
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Angie\AppData\Local\Roblox\Versions\version-a730860d440c4e6c\RobloxProxy.dll (ROBLOX Corporation)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{7949C823-54C6-40F0-8D85-2348247E6820}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Utilities\IWMaterials.OCX (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{795B06EA-58E8-482C-AF11-A7E4E34DA16F}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{7A162288-DE78-473C-A6BA-23FF17F768E9}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{83730EE4-6C46-11CF-A524-0080C77A7786}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\MSMASK32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1207\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{88BE9158-3A40-4907-B2F0-7E72496A9596}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{8A3C5585-D1ED-4EC0-B3C4-94998094E5BB}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{8CC82228-2200-4D22-9859-B762582F6D31}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{C932BA85-4374-101B-A56C-00AA003668DC}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\MSMASK32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files\Git\git-cheetah\git_shell_ext.dll ()
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{CC9F903E-1C4B-4596-B410-982107EC4899}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\windows\system32\MSVBVM60.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{DE471660-5535-47A8-949A-9DA95A72951F}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Utilities\IWMaterials.OCX (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Angie\AppData\Local\Roblox\Versions\version-a730860d440c4e6c\RobloxProxy64.dll (ROBLOX Corporation)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{defa762b-ebc6-4ce2-a48c-32b232aac64d}\InprocServer32 -> C:\Users\Angie\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{E169D2B5-9411-47B9-A473-345A3FB57090}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{F4A2332C-B453-4424-A142-AB9C51BAE2AF}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{F8ACB9F2-2A7D-4261-AA37-A39448C23CAE}\InprocServer32 -> C:\Users\Angie\AppData\Local\ATT Connect\Participant\dsoframer.ocx (AT&T Inc.)
    CustomCLSID: HKU\S-1-5-21-3861706144-2676772620-90763643-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Angie\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
     
    ==================== Restore Points  =========================
     
    24-09-2014 20:55:11 Windows Update
    25-09-2014 01:11:26 Windows Backup
    25-09-2014 07:00:15 Windows Update
    29-09-2014 12:15:10 Windows Backup
    30-09-2014 23:57:48 Windows Update
    02-10-2014 00:01:57 Windows Update
    06-10-2014 21:14:57 Windows Backup
    08-10-2014 01:23:16 Windows Update
    12-10-2014 12:51:02 Installed Java 7 Update 67
    12-10-2014 22:25:03 Revo Uninstaller Pro's restore point - Web Protect for Windows
    12-10-2014 23:02:44 Windows Backup
    14-10-2014 23:01:50 Windows Update
    14-10-2014 23:49:44 Windows Update
    15-10-2014 22:18:46 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 22:04 - 2013-12-19 10:49 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {229F8523-B27B-4BC3-84D5-B0EB3D406E57} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004Core1cf2c4a16b9c432 => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
    Task: {23D2B41E-22AF-4C5A-B248-D8463F4A89F0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {46C23D4D-DAEB-462C-A0CE-A4042D9D5CB2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27] (Adobe Systems Incorporated)
    Task: {4E76C36C-97F0-430A-ADB7-EB1CAB5CA9D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {6FA06986-0883-40A8-86CD-1C18A05BC695} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4f9ebbfa075c => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-02] (Google Inc.)
    Task: {A0906B02-D0E8-485C-BBF1-679FDF255A1D} - System32\Tasks\Check Updates for Windows Live Toolbar => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12] (Microsoft Corporation)
    Task: {A58FA3DB-B21A-4A56-AF02-A02CD0365B91} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-02] (Google Inc.)
    Task: {B04D33F7-D032-4780-A262-94A1EF9F7700} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004UA1cf6bd8b226d12a => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\Check Updates for Windows Live Toolbar.job => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4f9ebbfa075c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004Core1cf2c4a16b9c432.job => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3861706144-2676772620-90763643-1004UA1cf6bd8b226d12a.job => C:\Users\Angie\AppData\Local\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2013-10-10 17:48 - 2013-10-10 17:48 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
    2011-02-11 21:29 - 2009-12-20 21:42 - 00176235 _____ () C:\windows\System32\Primomonnt.dll
    2009-06-12 16:32 - 2009-06-12 16:32 - 00104456 _____ () C:\windows\system32\EasyHook32.dll
    2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2009-10-22 04:46 - 2009-10-22 04:45 - 01410312 _____ () C:\windows\system32\IcnOvrly.dll
    2009-10-22 04:46 - 2009-10-22 04:45 - 00513288 _____ () C:\windows\system32\SimpleExt.dll
    2014-05-23 20:27 - 2014-04-11 14:40 - 00334464 _____ () C:\Program Files\Git\git-cheetah\git_shell_ext.dll
    2009-10-22 04:45 - 2009-10-22 04:45 - 00492808 _____ () C:\Program Files\Lenovo\VeriFace\ChooseLang.dll
    2009-10-22 04:46 - 2008-12-19 23:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
    2009-10-22 04:46 - 2008-12-19 23:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
    2011-04-27 13:22 - 2011-04-27 13:22 - 00031744 _____ () C:\Users\Angie\AppData\Local\ATT Connect\Participant\IwRegVC90.dll
    2011-04-21 11:10 - 2011-04-21 11:10 - 00418304 _____ () C:\Users\Angie\AppData\Local\ATT Connect\Participant\exchndl.dll
    2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
    2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
    2010-12-04 15:00 - 2010-12-04 15:00 - 00067400 _____ () C:\Program Files\ID Vault\IdVaultCore.XmlSerializers.dll
    2009-08-25 04:14 - 2009-01-29 08:26 - 00117264 _____ () c:\Program Files\McAfee\SiteAdvisor\apengine.dll
    2009-08-25 04:14 - 2009-01-29 08:27 - 00071696 _____ () c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
    2009-08-25 04:14 - 2009-01-29 08:27 - 00207376 _____ () c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
    2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
    2014-09-12 11:42 - 2014-09-03 23:01 - 01098056 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
    2014-09-12 11:42 - 2014-09-03 23:01 - 00174408 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\libegl.dll
    2014-09-12 11:42 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll
    2014-09-12 11:42 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
    2014-09-12 11:42 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\ProgramData\Temp:6017A808
    AlternateDataStreams: C:\ProgramData\Temp:E51234A9
    AlternateDataStreams: C:\Users\Angie\Documents\3rd party auth.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\Angie\Documents\3rd party auth.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-3861706144-2676772620-90763643-500 - Administrator - Disabled)
    Angie (S-1-5-21-3861706144-2676772620-90763643-1004 - Administrator - Enabled) => C:\Users\Angie
    Guest (S-1-5-21-3861706144-2676772620-90763643-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3861706144-2676772620-90763643-1005 - Limited - Enabled)
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (10/19/2014 03:36:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 68713136
     
    Error: (10/19/2014 03:36:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 68713136
     
    Error: (10/19/2014 03:36:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (10/19/2014 03:36:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 68707208
     
    Error: (10/19/2014 03:36:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 68707208
     
    Error: (10/19/2014 03:36:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (10/18/2014 06:59:57 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
     
    Error: (10/18/2014 03:54:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 11015636
     
    Error: (10/18/2014 03:54:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 11015636
     
    Error: (10/18/2014 03:54:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
     
    System errors:
    =============
    Error: (10/19/2014 03:47:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
     
    Error: (10/19/2014 03:42:59 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {7323885B-407F-4839-9695-96F545FF6286}
     
    Error: (10/19/2014 03:42:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
     
    Error: (10/18/2014 04:10:58 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
     
    Error: (10/18/2014 11:57:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IDVaultSvc service.
     
    Error: (10/17/2014 07:05:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
     
    Error: (10/17/2014 07:04:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The UpdaterSvcKlipPal service failed to start due to the following error: 
    %%2
     
    Error: (10/17/2014 06:33:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
     
    Error: (10/17/2014 06:32:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The UpdaterSvcKlipPal service failed to start due to the following error: 
    %%2
     
    Error: (10/17/2014 06:15:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
     
     
    Microsoft Office Sessions:
    =========================
    Error: (12/11/2013 07:17:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 7376 seconds with 3420 seconds of active time.  This session ended with a crash.
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2013-09-06 20:49:34.219
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:33.899
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:33.559
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:33.249
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:32.955
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:32.940
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:32.597
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:32.193
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:31.543
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2013-09-06 20:49:31.223
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\GIDHook.dll because the set of per-page image hashes could not be found on the system.
     
     
    ==================== Memory info =========================== 
     
    Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
    Percentage of memory in use: 56%
    Total physical RAM: 3032.6 MB
    Available physical RAM: 1323.53 MB
    Total Pagefile: 6063.49 MB
    Available Pagefile: 3789.68 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1914.36 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:187.67 GB) (Free:75.37 GB) NTFS
    Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:0.01 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 3FC4B4DF)
    Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=187.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=30.2 GB) - (Type=OF Extended)
    Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
     
    ==================== End Of Log ============================


    #18 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 19 October 2014 - 03:07 PM

    This should take care of it, after the fix post the log and let me know how your system is behaving now ??

     

     

    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.

    Start
    CloseProcesses:
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    C:\Program Files\Web Protect
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
    Hosts:
    EmptyTemp:
    End
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

     



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #19 ambrown2

    ambrown2

      New Member

    • Authentic Member
    • Pip
    • 10 posts

    Posted 20 October 2014 - 06:44 PM

    It worked!! McAfee is no longer popping up alerts and the WebProtect folder was removed from my C drive.  Thank you, thank you!! Now, should I hang on to FRST, Adware Cleaner, Malwarebytes, and Junkware Removal Tool, or can I uninstall them? 

     

    Is there anything in particular, aside from always knowing what is being installed in bundles on my PC and keeping antivirus on, that I should do in order to avoid this problem in the future?

     

    Thanks again!! Angie

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-10-2014 01
    Ran by Angie at 2014-10-20 18:45:26 Run:1
    Running from C:\Users\Angie\Desktop
    Loaded Profiles: Angie &  (Available profiles: Angie)
    Boot Mode: Normal
     
    ==============================================
     
    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    C:\Program Files\Web Protect
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
    Hosts:
    EmptyTemp:
    End
    *****************
     
    Processes closed successfully.
    C:\windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    C:\Program Files\Web Protect => Moved successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys" => Key deleted successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 2.4 GB temporary data.
     
     
    The system needed a reboot. 
     
    ==== End of Fixlog ====


    #20 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 20 October 2014 - 09:37 PM

    To answer your questions, first whenever you download and install a software program you need to read read read through what your installing, a lot of people don't and just keep clicking on next during the prompts, as an example when upgrading Java if you don't look and just click next it will install the Ask Toolbar which is not malicious but an inferior one, this gives them more revenue .  If reading the EULA ( End User License Agreement ) it says by installing this software you give us the right to install additional software that's the tip off that your going to get more than you bargained for.

     

    As far as all the tools we used, you can do this

     

    Double click on AdwCleaner.exe to run the tool again.
    •  
    • Click on the Uninstall button.
    • Click Yes when asked are you sure you want to uninstall.
    • Both AdwCleaner.exe, its folder and all logs will be removed.
     
     
     
    ==========================================================
     
     
    Please download DelFix and save the file to your Desktop.
     
    •  
    • Windows XP Double Click DelFix.exe to run the program. 
    • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 
    • Place a checkmark next to the following items
     
    •  
    • Activate UAC
    • Remove Disinfection Tools
    • Create registry backup
    • Reset System Settings
     
     
    Click the Run button
     
    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
     
     
     
    ==========================================================
     
     
     
    •  
    How did I get infected in the first place ?    
    Read these links and find out how to prevent getting infected again.
     
     
     
    Safe Surfn
    Ken


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #21 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 22 October 2014 - 11:15 AM

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
    and start a New Topic.

     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users