livinspoonful

woo-hoo! The Malware bytes scan came back clean this time! Thanks very much for all your help!

ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=bad0435f4100b44e8d17fe54008401a8 # engine=19247 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-07-18 10:22:31 # local_time=2014-07-18 03:22:31 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 8262585 27748545 0 0 # scanned=137235 # found=3 # cleaned=0 # scan_time=1747 sh=D3ED9D12CBA4C31E8111BF30A5C82816792065E8 ft=1 fh=7f1e21db35fa14e2 vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000002" sh=D3ED9D12CBA4C31E8111BF30A5C82816792065E8 ft=1 fh=7f1e21db35fa14e2 vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Users\Jim\Downloads\Setup (1).exe" sh=FE1D03D0353F90A66381986DA797E5E194358D8F ft=1 fh=1a80b7f035fa14e2 vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Users\Jim\Downloads\Setup.exe"

C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000002 a variant of Win32/SoftPulse.H potentially unwanted application C:\Users\Jim\Downloads\Setup (1).exe a variant of Win32/SoftPulse.H potentially unwanted application C:\Users\Jim\Downloads\Setup.exe a variant of Win32/SoftPulse.H potentially unwanted application

Zoek.exe v5.0.0.0 Updated 16-07-2014 Tool run by Jim on Fri 07/18/2014 at 12:59:37.47. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jim\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 7/18/2014 1:00:31 PM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3331341093-2676811913-1412392328-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78234974-0C4B-4111-BDEB-D9A104418772} deleted successfully HKEY_USERS\S-1-5-21-3331341093-2676811913-1412392328-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78234974-0C4B-4111-BDEB-D9A104418772} deleted successfully HKEY_CLASSES_ROOT\CLSID\{78234974-0C4B-4111-BDEB-D9A104418772} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78234974-0C4B-4111-BDEB-D9A104418772} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\Jim\.android deleted C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts deleted C:\Users\Jim\Searches deleted C:\Windows\wininit.ini deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Jim\gosetup.exe deleted "C:\Windows\Installer\33809355.msi" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[04/11/2014 07:46 PM] Google Voice Search Hotword (Beta) - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn Chrome RDP - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch Facebook Customizer (by Adblock Plus) - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm Appointy - Appointment Scheduler (FREE) - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkcdmbbkojlabojdecchcjlonojlname Auto HD For YouTube™ - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak Skype Click to Call - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Todo.ly - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap Beautiful landscape - Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ambfimhigppdidfmelpjmojccbfdoeig Chrome RDP - Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch Appointy - Appointment Scheduler (FREE) - Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fkcdmbbkojlabojdecchcjlonojlname Auto HD For YouTube\u2122 - Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak Skype for Chromium - Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Todo.ly - Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\obhefmbclkekanpjjpkbciloojcmpkap ==== Chrome Fix ====================== C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Reset Google Chrome ====================== C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences was reset successfully C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=15 folders=4 13096837 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Jim\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Jim\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on Fri 07/18/2014 at 13:08:06.16 ======================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01 Ran by Jim (administrator) on JIM-LAPTOP on 18-07-2014 14:02:39 Running from C:\Users\Jim\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (FedEx Corporation) C:\Program Files (x86)\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (iAnywhere Solutions, Inc.) C:\Program Files (x86)\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\FedEx\ShipManager\BIN\AdminService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (FedEx Corporation) C:\Program Files (x86)\FedEx\ShipManager\BIN\ShipEngineService.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Akamai Technologies, Inc.) C:\Users\Jim\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Jim\AppData\Local\Akamai\netsession_win.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (FedEx Corporation) C:\Program Files (x86)\FedEx\ShipManager\BIN\TransEngineService.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.) HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek) HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3331341093-2676811913-1412392328-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jim\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3331341093-2676811913-1412392328-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-03] (Glarysoft Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AddonNP.lnk ShortcutTarget: AddonNP.lnk -> C:\Program Files (x86)\NewPlayer\AddonNP.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7D9D2F6402B8CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: ASUS Browser Extension x86 -> {78234974-0C4B-4111-BDEB-D9A104418771} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - No File Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25 FireFox: ======== FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-12] CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-12] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22] CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-12] CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-12] CHR Extension: (Skype Click to Call) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-12] CHR Extension: (Google Wallet) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-12] CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-12] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] ==================== Services (Whitelisted) ================= R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) R2 FedExAdminService; C:\Program Files (x86)\FedEx\ShipManager\BIN\AdminService.exe [24576 2013-07-24] () [File not signed] R2 FedExLoggingService; C:\Program Files (x86)\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe [7168 2013-07-24] (FedEx Corporation) [File not signed] R2 FedExShipnetDBService; C:\Program Files (x86)\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe [141176 2013-07-24] (iAnywhere Solutions, Inc.) R3 FedExShipService; C:\Program Files (x86)\FedEx\ShipManager\BIN\ShipEngineService.exe [5120 2013-07-24] (FedEx Corporation) [File not signed] R3 FedExTransactionService; C:\Program Files (x86)\FedEx\ShipManager\BIN\TransEngineService.exe [6656 2013-07-24] (FedEx Corporation) [File not signed] R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-06-26] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-02-27] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-02-27] (Intuit Inc.) [File not signed] R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [56704 2012-09-11] (ASUS Corporation) R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-06-02] (Glarysoft Ltd) R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-07-03] (Glarysoft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [34960 2014-01-30] (Citrix Systems, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-02-09] (Synaptics Incorporated) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-18 14:02 - 2014-07-18 14:02 - 00000000 ____D () C:\Users\Jim\Desktop\FRST-OlderVersion 2014-07-18 13:07 - 2014-07-18 13:07 - 00000000 ____D () C:\Users\Jim\.android 2014-07-18 13:07 - 2014-07-18 12:59 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-07-18 13:00 - 2014-07-18 13:08 - 00007900 _____ () C:\zoek-results.log 2014-07-18 12:59 - 2014-07-18 13:07 - 00000000 ____D () C:\zoek_backup 2014-07-18 12:59 - 2014-07-18 12:59 - 01287168 _____ () C:\Users\Jim\Desktop\zoek.exe 2014-07-18 12:58 - 2014-07-18 12:58 - 01354223 _____ () C:\Users\Jim\Desktop\AdwCleaner (1).exe 2014-07-18 12:55 - 2014-07-18 12:56 - 00000000 ____D () C:\AdwCleaner 2014-07-18 12:55 - 2014-07-18 12:55 - 01354223 _____ () C:\Users\Jim\Desktop\AdwCleaner.exe 2014-07-18 12:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-07-11 22:20 - 2014-07-11 22:23 - 00030238 _____ () C:\Users\Jim\Desktop\Addition.txt 2014-07-11 22:19 - 2014-07-18 14:02 - 00018368 _____ () C:\Users\Jim\Desktop\FRST.txt 2014-07-11 22:19 - 2014-07-18 14:02 - 00000000 ____D () C:\FRST 2014-07-11 22:18 - 2014-07-18 14:02 - 02086912 _____ (Farbar) C:\Users\Jim\Desktop\FRST64.exe 2014-07-11 13:42 - 2014-07-11 13:42 - 00006848 _____ () C:\Users\Jim\Desktop\fedex archive.txt 2014-07-10 13:33 - 2014-07-10 13:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-07-09 23:32 - 2014-07-09 23:32 - 01086104 _____ () C:\Users\Jim\Downloads\Setup (1).exe 2014-07-09 23:28 - 2014-07-09 23:28 - 00003130 _____ () C:\Windows\System32\Tasks\{96E6DA42-8CAB-438B-ABEA-2C8B4C778EBB} 2014-07-09 23:25 - 2014-07-09 23:25 - 00003122 _____ () C:\Windows\System32\Tasks\{16008FBF-A6A6-4591-8367-3B251C03EE22} 2014-07-09 23:21 - 2014-07-09 23:21 - 00000000 ____D () C:\Users\Jim\AppData\Local\com 2014-07-09 23:18 - 2014-07-09 23:18 - 01086104 _____ () C:\Users\Jim\Downloads\Setup.exe 2014-07-09 08:45 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-09 08:45 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-09 08:45 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 08:45 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 08:45 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 08:45 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 08:45 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 08:45 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-09 08:45 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-09 08:45 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-09 08:45 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-09 08:45 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-09 08:45 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-09 08:44 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-09 08:44 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-09 08:44 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 08:44 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 08:44 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-09 08:44 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 08:44 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 08:44 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-09 08:44 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-09 08:44 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-09 08:44 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 08:44 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-09 08:44 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 08:44 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 08:44 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-09 08:44 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-09 08:44 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-09 08:44 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-09 08:44 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 08:44 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 08:44 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-09 08:44 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-09 08:44 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 08:44 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 08:44 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 08:44 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-09 08:44 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-09 08:44 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-09 08:44 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-09 08:44 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-09 08:44 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 08:44 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-09 08:44 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-09 08:44 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-09 08:44 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 08:44 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-09 08:44 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-09 08:44 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-09 08:44 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-09 08:44 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-09 08:44 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 08:44 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-09 08:44 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-09 08:44 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 08:44 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-09 08:44 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-09 08:44 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 08:44 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-09 08:44 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-09 08:44 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-09 08:44 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-09 08:44 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 08:44 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-09 08:44 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-09 08:44 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-09 08:44 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-09 08:44 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-09 08:44 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-09 08:44 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-09 08:44 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-09 08:44 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-09 08:44 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-09 08:44 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-09 08:44 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-09 08:44 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-09 08:43 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 08:43 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-09 08:43 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-09 08:37 - 2014-07-18 13:07 - 00139100 _____ () C:\Windows\PFRO.log 2014-07-09 08:37 - 2014-07-18 13:07 - 00001770 _____ () C:\Windows\setupact.log 2014-07-09 08:37 - 2014-07-09 08:37 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-08 19:02 - 2014-07-08 19:02 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieUserList 2014-07-08 19:02 - 2014-07-08 19:02 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieSiteList 2014-07-08 19:00 - 2014-07-08 19:00 - 12897216 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Jim\Downloads\gosetup.exe 2014-07-08 19:00 - 2014-07-08 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix 2014-07-08 19:00 - 2014-07-08 19:00 - 00000000 ____D () C:\Program Files (x86)\Citrix 2014-07-08 19:00 - 2014-01-30 08:37 - 00131416 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Windows\system32\gotomon_x64.dll 2014-07-08 19:00 - 2014-01-30 08:23 - 00034960 _____ (Citrix Systems, Inc.) C:\Windows\system32\Drivers\monblanking.sys 2014-07-08 12:00 - 2014-07-08 12:00 - 00000000 ____D () C:\Users\Jim\AppData\Local\Citrix 2014-07-07 19:40 - 2014-07-10 19:45 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\crawl 2014-07-07 19:40 - 2014-07-07 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dungeon Crawl Stone Soup 2014-07-07 19:40 - 2014-07-07 19:40 - 00000000 ____D () C:\Program Files (x86)\Crawl 2014-07-07 19:39 - 2014-07-07 19:40 - 13328668 _____ () C:\Users\Jim\Desktop\stone_soup-0.14.1-win32-installer.exe 2014-07-07 17:06 - 2014-07-07 17:06 - 00347816 _____ (Microsoft Corporation) C:\Users\Jim\Desktop\MicrosoftFixit.Printing.Run.exe 2014-07-07 16:49 - 2009-12-07 09:41 - 00023552 _____ (Euro Plus d.o.o.) C:\Windows\system32\zdnPM64S.dll 2014-07-07 16:49 - 2009-12-07 09:41 - 00020480 _____ (Euro Plus d.o.o.) C:\Windows\system32\zdnPM64U.dll 2014-07-07 16:47 - 2014-07-07 16:47 - 00000000 ____D () C:\ZebraDriver 2014-07-07 16:46 - 2014-07-07 16:47 - 11177984 _____ () C:\Users\Jim\Desktop\ZebraFedEx_driver_4500_self_extracting15.exe 2014-07-07 16:29 - 2014-07-07 16:29 - 00002202 _____ () C:\Users\Public\Desktop\Help Me FedEx.lnk 2014-07-07 16:29 - 2014-07-07 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FedEx Ship Manager 2014-07-07 16:29 - 2014-07-07 16:29 - 00000000 ____D () C:\Program Files (x86)\FedEx 2014-07-07 16:15 - 2014-07-07 16:26 - 229610616 _____ (FedEx Corporation) C:\Users\Jim\Desktop\FedExShipManager_2704.exe 2014-07-07 11:21 - 2014-07-07 11:21 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information 2014-07-07 11:20 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAH.DLL 2014-07-07 11:20 - 2010-03-18 19:26 - 00348672 _____ (CANON INC.) C:\Windows\system32\CNC8100L.dll 2014-07-07 11:20 - 2010-03-18 19:25 - 00307200 _____ (CANON INC.) C:\Windows\SysWOW64\CNC8100L.dll 2014-07-07 11:20 - 2010-03-18 19:01 - 00059232 _____ () C:\Windows\SysWOW64\CNC8100W.DAT 2014-07-07 11:20 - 2010-03-18 19:01 - 00059232 _____ () C:\Windows\system32\CNC8100W.DAT 2014-07-07 11:20 - 2010-03-18 17:13 - 01354240 _____ (CANON INC.) C:\Windows\system32\CNC8100C.dll 2014-07-07 11:20 - 2010-03-18 17:13 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNC8100I.dll 2014-07-07 11:20 - 2010-03-18 17:11 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNC8100U.dll 2014-07-07 11:20 - 2010-03-16 08:49 - 00016128 _____ () C:\Windows\SysWOW64\CNC174BD.TBL 2014-07-07 11:20 - 2010-03-16 08:49 - 00016128 _____ () C:\Windows\system32\CNC174BD.TBL 2014-07-07 11:20 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll 2014-07-07 11:20 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll 2014-07-07 11:05 - 2014-07-07 11:05 - 00000000 ____D () C:\Users\Jim\Desktop\MF4150_MFDrivers_W64_us_EN 2014-07-07 11:04 - 2014-07-07 11:04 - 16850048 _____ () C:\Users\Jim\Desktop\MF4150_MFDrivers_W64_us_EN.exe 2014-07-07 10:53 - 2014-07-07 10:53 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe 2014-07-07 10:53 - 2014-07-07 10:53 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe 2014-07-07 10:53 - 2014-07-07 10:53 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe 2014-07-07 10:53 - 2014-07-07 10:53 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe 2014-07-07 10:53 - 2014-07-07 10:53 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe 2014-07-07 10:53 - 2014-07-07 10:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf 2014-07-07 10:53 - 2014-07-07 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center 2014-07-07 10:53 - 2014-07-07 10:53 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center 2014-07-07 10:10 - 2014-07-10 16:01 - 00000000 ____D () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.SearchIndex 2014-07-07 10:09 - 2014-07-10 19:38 - 170823680 ____R () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW 2014-07-07 10:09 - 2014-07-10 19:38 - 00000346 _____ () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.ND 2014-07-07 10:09 - 2014-07-07 10:09 - 00000387 _____ () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.DSN 2014-07-04 08:28 - 2014-07-04 08:28 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-07-04 08:28 - 2014-07-04 08:28 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-07-04 08:28 - 2014-07-04 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-07-04 08:28 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-07-03 09:45 - 2014-07-03 09:45 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jim\Downloads\Spybot_Search_Destroy_v2.4.exe 2014-07-03 08:12 - 2014-07-03 08:12 - 14122128 _____ () C:\Users\Jim\Downloads\Glary_Utilities_Pro_v5.3.0.8.exe 2014-07-01 15:36 - 2014-07-01 15:36 - 00000000 ____D () C:\Users\Jim\Desktop\Livin Spoonful, Inc - Images 2014-07-01 14:12 - 2014-07-10 10:01 - 00000000 ____D () C:\Users\Jim\Desktop\QuickBooksAutoDataRecovery 2014-07-01 14:12 - 2014-07-01 14:12 - 00000496 ____R () C:\Users\Jim\Desktop\Livin Spoonful, Inc.lgb 2014-07-01 13:47 - 2014-07-01 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks 2014-07-01 13:47 - 2012-01-05 12:43 - 04218880 _____ (Amyuni Technologies http://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll 2014-07-01 13:45 - 2014-07-01 13:45 - 00000000 ____D () C:\Users\Public\Documents\Intuit 2014-07-01 13:45 - 2014-07-01 13:45 - 00000000 ____D () C:\ProgramData\Nuance 2014-07-01 13:36 - 2014-07-01 13:41 - 564385456 _____ (Intuit, Inc. ) C:\Users\Jim\Desktop\QuickBooksPro2014.exe 2014-07-01 13:36 - 2014-07-01 13:41 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Download Manager 2014-07-01 13:21 - 2014-07-01 13:23 - 00000000 ____D () C:\Users\Jim\Desktop\DownloadQB21 2014-07-01 13:20 - 2014-07-10 19:38 - 14942208 ____R () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.TLG 2014-07-01 13:20 - 2014-07-07 10:09 - 00000416 _____ () C:\Users\Jim\Desktop\Livin Spoonful, Inc.ND 2014-07-01 13:20 - 2014-07-07 10:09 - 00000000 ____D () C:\Users\Jim\Desktop\Restored_Livin Spoonful, Inc_Files 2014-07-01 13:20 - 2014-07-01 15:01 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11 2014-06-19 10:27 - 2014-06-19 10:27 - 00000000 ____D () C:\Program Files\VideoLAN 2014-06-19 09:44 - 2014-06-19 09:44 - 25055851 _____ () C:\Users\Jim\Downloads\VLC_Media_Player_(64bit)_v2.1.4.exe 2014-06-19 09:07 - 2014-06-19 09:07 - 18583216 _____ (Adobe Systems Incorporated) C:\Users\Jim\Downloads\Adobe_Flash_Player_(IE)_v14.0.0.125.exe 2014-06-18 17:01 - 2014-07-07 16:29 - 00000000 ____D () C:\ProgramData\FedEx 2014-06-18 16:25 - 2014-06-18 16:37 - 229610616 _____ (FedEx Corporation) C:\Users\Jim\Downloads\FedExShipManager_2704.exe 2014-06-18 09:09 - 2014-06-18 09:09 - 13743624 _____ () C:\Users\Jim\Downloads\gup5setup.exe ==================== One Month Modified Files and Folders ======= 2014-07-18 14:02 - 2014-07-18 14:02 - 00000000 ____D () C:\Users\Jim\Desktop\FRST-OlderVersion 2014-07-18 14:02 - 2014-07-11 22:19 - 00018368 _____ () C:\Users\Jim\Desktop\FRST.txt 2014-07-18 14:02 - 2014-07-11 22:19 - 00000000 ____D () C:\FRST 2014-07-18 14:02 - 2014-07-11 22:18 - 02086912 _____ (Farbar) C:\Users\Jim\Desktop\FRST64.exe 2014-07-18 14:02 - 2013-09-22 18:51 - 00000000 ____D () C:\Users\Jim 2014-07-18 13:51 - 2013-11-06 13:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-18 13:42 - 2013-09-22 19:13 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-18 13:29 - 2014-05-10 08:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-18 13:15 - 2009-07-13 21:45 - 00022736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-18 13:15 - 2009-07-13 21:45 - 00022736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-18 13:14 - 2009-07-13 22:13 - 00781782 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-18 13:11 - 2013-09-22 17:35 - 01800515 _____ () C:\Windows\WindowsUpdate.log 2014-07-18 13:08 - 2014-07-18 13:00 - 00007900 _____ () C:\zoek-results.log 2014-07-18 13:08 - 2014-05-22 08:38 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize 5.job 2014-07-18 13:08 - 2014-05-22 08:38 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2014-07-18 13:08 - 2013-11-27 15:21 - 00000000 ____D () C:\Users\Jim\AppData\Local\HTC MediaHub 2014-07-18 13:07 - 2014-07-18 13:07 - 00000000 ____D () C:\Users\Jim\.android 2014-07-18 13:07 - 2014-07-18 12:59 - 00000000 ____D () C:\zoek_backup 2014-07-18 13:07 - 2014-07-09 08:37 - 00139100 _____ () C:\Windows\PFRO.log 2014-07-18 13:07 - 2014-07-09 08:37 - 00001770 _____ () C:\Windows\setupact.log 2014-07-18 13:07 - 2013-09-22 19:13 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-18 13:07 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-18 12:59 - 2014-07-18 13:07 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-07-18 12:59 - 2014-07-18 12:59 - 01287168 _____ () C:\Users\Jim\Desktop\zoek.exe 2014-07-18 12:58 - 2014-07-18 12:58 - 01354223 _____ () C:\Users\Jim\Desktop\AdwCleaner (1).exe 2014-07-18 12:56 - 2014-07-18 12:55 - 00000000 ____D () C:\AdwCleaner 2014-07-18 12:55 - 2014-07-18 12:55 - 01354223 _____ () C:\Users\Jim\Desktop\AdwCleaner.exe 2014-07-13 22:22 - 2013-11-27 23:16 - 00000000 ____D () C:\Users\Jim\Desktop\Sue's Mac Files 2014-07-12 08:52 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help 2014-07-11 22:23 - 2014-07-11 22:20 - 00030238 _____ () C:\Users\Jim\Desktop\Addition.txt 2014-07-11 13:42 - 2014-07-11 13:42 - 00006848 _____ () C:\Users\Jim\Desktop\fedex archive.txt 2014-07-10 22:06 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-07-10 19:45 - 2014-07-07 19:40 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\crawl 2014-07-10 19:38 - 2014-07-07 10:09 - 170823680 ____R () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW 2014-07-10 19:38 - 2014-07-07 10:09 - 00000346 _____ () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.ND 2014-07-10 19:38 - 2014-07-01 13:20 - 14942208 ____R () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.TLG 2014-07-10 16:01 - 2014-07-07 10:10 - 00000000 ____D () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.SearchIndex 2014-07-10 13:41 - 2014-03-23 22:00 - 00000000 ____D () C:\Users\Jim\AppData\Local\Windows Live 2014-07-10 13:33 - 2014-07-10 13:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-07-10 10:01 - 2014-07-01 14:12 - 00000000 ____D () C:\Users\Jim\Desktop\QuickBooksAutoDataRecovery 2014-07-10 09:05 - 2013-09-24 18:34 - 00000090 _____ () C:\Windows\QBChanUtil_Trigger.ini 2014-07-10 03:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache 2014-07-10 03:18 - 2009-07-13 21:45 - 00306896 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-10 03:17 - 2014-05-05 22:21 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-10 03:17 - 2011-04-12 01:28 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-10 03:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Vss 2014-07-10 03:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing 2014-07-10 03:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-10 03:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-10 03:01 - 2013-09-26 12:09 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-10 03:01 - 2013-09-26 12:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 23:32 - 2014-07-09 23:32 - 01086104 _____ () C:\Users\Jim\Downloads\Setup (1).exe 2014-07-09 23:29 - 2014-06-12 20:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-07-09 23:28 - 2014-07-09 23:28 - 00003130 _____ () C:\Windows\System32\Tasks\{96E6DA42-8CAB-438B-ABEA-2C8B4C778EBB} 2014-07-09 23:25 - 2014-07-09 23:25 - 00003122 _____ () C:\Windows\System32\Tasks\{16008FBF-A6A6-4591-8367-3B251C03EE22} 2014-07-09 23:21 - 2014-07-09 23:21 - 00000000 ____D () C:\Users\Jim\AppData\Local\com 2014-07-09 23:18 - 2014-07-09 23:18 - 01086104 _____ () C:\Users\Jim\Downloads\Setup.exe 2014-07-09 08:37 - 2014-07-09 08:37 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-08 21:33 - 2013-09-22 18:28 - 00000000 ____D () C:\Windows\Panther 2014-07-08 19:26 - 2013-12-13 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled 2014-07-08 19:02 - 2014-07-08 19:02 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieUserList 2014-07-08 19:02 - 2014-07-08 19:02 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieSiteList 2014-07-08 19:00 - 2014-07-08 19:00 - 12897216 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Jim\Downloads\gosetup.exe 2014-07-08 19:00 - 2014-07-08 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix 2014-07-08 19:00 - 2014-07-08 19:00 - 00000000 ____D () C:\Program Files (x86)\Citrix 2014-07-08 19:00 - 2013-09-23 22:03 - 00000000 ____D () C:\Program Files\DIFX 2014-07-08 12:00 - 2014-07-08 12:00 - 00000000 ____D () C:\Users\Jim\AppData\Local\Citrix 2014-07-08 11:51 - 2013-11-06 13:56 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-08 11:51 - 2013-11-06 13:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-08 11:51 - 2013-11-06 13:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-07 19:40 - 2014-07-07 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dungeon Crawl Stone Soup 2014-07-07 19:40 - 2014-07-07 19:40 - 00000000 ____D () C:\Program Files (x86)\Crawl 2014-07-07 19:40 - 2014-07-07 19:39 - 13328668 _____ () C:\Users\Jim\Desktop\stone_soup-0.14.1-win32-installer.exe 2014-07-07 17:06 - 2014-07-07 17:06 - 00347816 _____ (Microsoft Corporation) C:\Users\Jim\Desktop\MicrosoftFixit.Printing.Run.exe 2014-07-07 17:06 - 2013-09-22 19:13 - 00069496 _____ () C:\Users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-07 16:47 - 2014-07-07 16:47 - 00000000 ____D () C:\ZebraDriver 2014-07-07 16:47 - 2014-07-07 16:46 - 11177984 _____ () C:\Users\Jim\Desktop\ZebraFedEx_driver_4500_self_extracting15.exe 2014-07-07 16:29 - 2014-07-07 16:29 - 00002202 _____ () C:\Users\Public\Desktop\Help Me FedEx.lnk 2014-07-07 16:29 - 2014-07-07 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FedEx Ship Manager 2014-07-07 16:29 - 2014-07-07 16:29 - 00000000 ____D () C:\Program Files (x86)\FedEx 2014-07-07 16:29 - 2014-06-18 17:01 - 00000000 ____D () C:\ProgramData\FedEx 2014-07-07 16:26 - 2014-07-07 16:15 - 229610616 _____ (FedEx Corporation) C:\Users\Jim\Desktop\FedExShipManager_2704.exe 2014-07-07 11:21 - 2014-07-07 11:21 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information 2014-07-07 11:20 - 2009-07-13 20:20 - 00000000 __RSD () C:\Windows\Media 2014-07-07 11:05 - 2014-07-07 11:05 - 00000000 ____D () C:\Users\Jim\Desktop\MF4150_MFDrivers_W64_us_EN 2014-07-07 11:04 - 2014-07-07 11:04 - 16850048 _____ () C:\Users\Jim\Desktop\MF4150_MFDrivers_W64_us_EN.exe 2014-07-07 10:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-07 10:53 - 2014-07-07 10:53 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe 2014-07-07 10:53 - 2014-07-07 10:53 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe 2014-07-07 10:53 - 2014-07-07 10:53 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe 2014-07-07 10:53 - 2014-07-07 10:53 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe 2014-07-07 10:53 - 2014-07-07 10:53 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe 2014-07-07 10:53 - 2014-07-07 10:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf 2014-07-07 10:53 - 2014-07-07 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center 2014-07-07 10:53 - 2014-07-07 10:53 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center 2014-07-07 10:09 - 2014-07-07 10:09 - 00000387 _____ () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.DSN 2014-07-07 10:09 - 2014-07-01 13:20 - 00000416 _____ () C:\Users\Jim\Desktop\Livin Spoonful, Inc.ND 2014-07-07 10:09 - 2014-07-01 13:20 - 00000000 ____D () C:\Users\Jim\Desktop\Restored_Livin Spoonful, Inc_Files 2014-07-04 08:32 - 2014-02-21 10:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-07-04 08:28 - 2014-07-04 08:28 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-07-04 08:28 - 2014-07-04 08:28 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-07-04 08:28 - 2014-07-04 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-07-04 08:28 - 2013-09-22 22:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-07-03 09:45 - 2014-07-03 09:45 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jim\Downloads\Spybot_Search_Destroy_v2.4.exe 2014-07-03 08:26 - 2014-05-22 08:38 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys 2014-07-03 08:26 - 2014-05-22 08:38 - 00002972 _____ () C:\Windows\System32\Tasks\GU5SkipUAC 2014-07-03 08:26 - 2014-05-22 08:38 - 00002624 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5 2014-07-03 08:26 - 2014-05-22 08:38 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2014-07-03 08:12 - 2014-07-03 08:12 - 14122128 _____ () C:\Users\Jim\Downloads\Glary_Utilities_Pro_v5.3.0.8.exe 2014-07-01 15:52 - 2013-11-06 11:30 - 00002044 _____ () C:\Users\Jim\Documents\gpfax.adr 2014-07-01 15:52 - 2013-11-06 11:30 - 00000024 _____ () C:\Users\Jim\Documents\gpfax.idx 2014-07-01 15:36 - 2014-07-01 15:36 - 00000000 ____D () C:\Users\Jim\Desktop\Livin Spoonful, Inc - Images 2014-07-01 15:01 - 2014-07-01 13:20 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11 2014-07-01 14:12 - 2014-07-01 14:12 - 00000496 ____R () C:\Users\Jim\Desktop\Livin Spoonful, Inc.lgb 2014-07-01 13:54 - 2013-09-24 18:35 - 00000000 ____D () C:\Users\Jim\AppData\Local\Intuit 2014-07-01 13:54 - 2013-09-24 18:33 - 00000000 ____D () C:\Windows\Intuit 2014-07-01 13:47 - 2014-07-01 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks 2014-07-01 13:45 - 2014-07-01 13:45 - 00000000 ____D () C:\Users\Public\Documents\Intuit 2014-07-01 13:45 - 2014-07-01 13:45 - 00000000 ____D () C:\ProgramData\Nuance 2014-07-01 13:45 - 2013-09-24 18:34 - 00000000 ____D () C:\ProgramData\Intuit 2014-07-01 13:45 - 2013-09-24 18:34 - 00000000 ____D () C:\Program Files (x86)\Intuit 2014-07-01 13:41 - 2014-07-01 13:36 - 564385456 _____ (Intuit, Inc. ) C:\Users\Jim\Desktop\QuickBooksPro2014.exe 2014-07-01 13:41 - 2014-07-01 13:36 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Download Manager 2014-07-01 13:23 - 2014-07-01 13:21 - 00000000 ____D () C:\Users\Jim\Desktop\DownloadQB21 2014-06-29 19:09 - 2014-07-09 08:45 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-29 19:04 - 2014-07-09 08:45 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-25 21:56 - 2014-02-08 21:19 - 00068704 _____ () C:\Users\Jim\AppData\Roaming\GDIPFONTCACHEV1.DAT 2014-06-20 19:37 - 2013-09-22 19:13 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-20 19:37 - 2013-09-22 19:13 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-20 13:14 - 2014-07-09 08:44 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-06-20 12:39 - 2014-07-09 08:44 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-06-19 10:27 - 2014-06-19 10:27 - 00000000 ____D () C:\Program Files\VideoLAN 2014-06-19 09:44 - 2014-06-19 09:44 - 25055851 _____ () C:\Users\Jim\Downloads\VLC_Media_Player_(64bit)_v2.1.4.exe 2014-06-19 09:07 - 2014-06-19 09:07 - 18583216 _____ (Adobe Systems Incorporated) C:\Users\Jim\Downloads\Adobe_Flash_Player_(IE)_v14.0.0.125.exe 2014-06-18 18:39 - 2014-07-09 08:44 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-18 18:06 - 2014-07-09 08:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-18 18:06 - 2014-07-09 08:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-18 17:48 - 2014-07-09 08:44 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-18 17:42 - 2014-07-09 08:44 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-18 17:42 - 2014-07-09 08:44 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-18 17:41 - 2014-07-09 08:44 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-06-18 17:41 - 2014-07-09 08:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-18 17:32 - 2014-07-09 08:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-18 17:31 - 2014-07-09 08:44 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-18 17:26 - 2014-07-09 08:44 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-18 17:24 - 2014-07-09 08:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-18 17:24 - 2014-07-09 08:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-18 17:23 - 2014-07-09 08:44 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-18 17:16 - 2014-07-09 08:44 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-18 17:14 - 2014-07-09 08:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-18 17:09 - 2014-07-09 08:44 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-18 16:59 - 2014-07-09 08:44 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-18 16:56 - 2014-07-09 08:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-18 16:53 - 2014-07-09 08:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-18 16:51 - 2014-07-09 08:44 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-18 16:50 - 2014-07-09 08:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-18 16:48 - 2014-07-09 08:44 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-18 16:39 - 2014-07-09 08:44 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-18 16:38 - 2014-07-09 08:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-18 16:37 - 2014-07-09 08:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-18 16:37 - 2014-06-18 16:25 - 229610616 _____ (FedEx Corporation) C:\Users\Jim\Downloads\FedExShipManager_2704.exe 2014-06-18 16:36 - 2014-07-09 08:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-18 16:35 - 2014-07-09 08:44 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-06-18 16:33 - 2014-07-09 08:44 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-18 16:32 - 2014-07-09 08:44 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-18 16:28 - 2014-07-09 08:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-18 16:28 - 2014-07-09 08:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-18 16:27 - 2014-07-09 08:44 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-18 16:27 - 2014-07-09 08:44 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-18 16:25 - 2014-07-09 08:44 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-18 16:23 - 2014-07-09 08:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-18 16:22 - 2014-07-09 08:44 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-18 16:12 - 2014-07-09 08:44 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-18 16:06 - 2014-07-09 08:44 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-18 16:01 - 2014-07-09 08:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-18 15:59 - 2014-07-09 08:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-18 15:58 - 2014-07-09 08:44 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-18 15:58 - 2014-07-09 08:44 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-18 15:52 - 2014-07-09 08:44 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-18 15:51 - 2014-07-09 08:44 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-18 15:49 - 2014-07-09 08:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-18 15:46 - 2014-07-09 08:44 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-18 15:45 - 2014-07-09 08:44 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-18 15:35 - 2014-07-09 08:44 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-18 15:34 - 2014-07-09 08:44 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-18 15:15 - 2014-07-09 08:44 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-18 15:13 - 2014-07-09 08:44 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-18 15:09 - 2014-07-09 08:44 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-18 15:07 - 2014-07-09 08:44 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-18 09:09 - 2014-06-18 09:09 - 13743624 _____ () C:\Users\Jim\Downloads\gup5setup.exe 2014-06-18 08:48 - 2014-06-05 08:35 - 00000234 _____ () C:\BackupLoader.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 10:02 ==================== End Of Log ============================

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/18/2014 Scan Time: 1:39:43 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.18.08 Rootkit Database: v2014.07.17.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Jim Scan Type: Threat Scan Result: Completed Objects Scanned: 279746 Time Elapsed: 5 min, 0 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

# AdwCleaner v3.216 - Report created 18/07/2014 at 12:56:21 # Updated 17/07/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Jim - JIM-LAPTOP # Running from : C:\Users\Jim\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : globalUpdate [#] Service Deleted : globalUpdatem ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer Folder Deleted : C:\Program Files (x86)\predm Folder Deleted : C:\Users\Jim\AppData\Local\globalUpdate Folder Deleted : C:\Users\Jim\AppData\Roaming\Activeris File Deleted : C:\END File Deleted : C:\Windows\System32\roboot64.exe File Deleted : C:\Users\Jim\Desktop\Continue VuuPC Installation.lnk File Deleted : C:\Users\Jim\Desktop\NewPlayer.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\installedbrowserextensions Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\TutoTag Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\GlobalUpdate Key Deleted : HKLM\Software\installedbrowserextensions Key Deleted : HKLM\Software\NewPlayer Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [startup_urls] : hxxps://mail.google.com/mail/ca/u/0/#inbox Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325277&octid=EB_ORIGINAL_CTID&ISID=M8F6ECD14-4E5E-4749-9C06-BCAEA8866F5D&SearchSource=55&CUI=&UM=2&UP=SP3DC2F962-4CFB-49DA-90FA-3245771B5F94&SSPV=SE3NTPBGF_sp_ch Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb ************************* AdwCleaner[R0].txt - [3886 octets] - [18/07/2014 12:55:36] AdwCleaner[s0].txt - [3685 octets] - [18/07/2014 12:56:21] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3745 octets] ########## # AdwCleaner v3.216 - Report created 18/07/2014 at 12:56:21 # Updated 17/07/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Jim - JIM-LAPTOP # Running from : C:\Users\Jim\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : globalUpdate [#] Service Deleted : globalUpdatem ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer Folder Deleted : C:\Program Files (x86)\predm Folder Deleted : C:\Users\Jim\AppData\Local\globalUpdate Folder Deleted : C:\Users\Jim\AppData\Roaming\Activeris File Deleted : C:\END File Deleted : C:\Windows\System32\roboot64.exe File Deleted : C:\Users\Jim\Desktop\Continue VuuPC Installation.lnk File Deleted : C:\Users\Jim\Desktop\NewPlayer.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\installedbrowserextensions Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\TutoTag Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\GlobalUpdate Key Deleted : HKLM\Software\installedbrowserextensions Key Deleted : HKLM\Software\NewPlayer Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [startup_urls] : hxxps://mail.google.com/mail/ca/u/0/#inbox Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325277&octid=EB_ORIGINAL_CTID&ISID=M8F6ECD14-4E5E-4749-9C06-BCAEA8866F5D&SearchSource=55&CUI=&UM=2&UP=SP3DC2F962-4CFB-49DA-90FA-3245771B5F94&SSPV=SE3NTPBGF_sp_ch Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb ************************* AdwCleaner[R0].txt - [3886 octets] - [18/07/2014 12:55:36] AdwCleaner[s0].txt - [3685 octets] - [18/07/2014 12:56:21] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3745 octets] ########## # AdwCleaner v3.216 - Report created 18/07/2014 at 12:56:21 # Updated 17/07/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Jim - JIM-LAPTOP # Running from : C:\Users\Jim\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : globalUpdate [#] Service Deleted : globalUpdatem ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer Folder Deleted : C:\Program Files (x86)\predm Folder Deleted : C:\Users\Jim\AppData\Local\globalUpdate Folder Deleted : C:\Users\Jim\AppData\Roaming\Activeris File Deleted : C:\END File Deleted : C:\Windows\System32\roboot64.exe File Deleted : C:\Users\Jim\Desktop\Continue VuuPC Installation.lnk File Deleted : C:\Users\Jim\Desktop\NewPlayer.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\installedbrowserextensions Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\TutoTag Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\GlobalUpdate Key Deleted : HKLM\Software\installedbrowserextensions Key Deleted : HKLM\Software\NewPlayer Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [startup_urls] : hxxps://mail.google.com/mail/ca/u/0/#inbox Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325277&octid=EB_ORIGINAL_CTID&ISID=M8F6ECD14-4E5E-4749-9C06-BCAEA8866F5D&SearchSource=55&CUI=&UM=2&UP=SP3DC2F962-4CFB-49DA-90FA-3245771B5F94&SSPV=SE3NTPBGF_sp_ch Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb ************************* AdwCleaner[R0].txt - [3886 octets] - [18/07/2014 12:55:36] AdwCleaner[s0].txt - [3685 octets] - [18/07/2014 12:56:21] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3745 octets] ##########

Malwarebytes Anti-Malware www.malwarebytes.org Protection, 7/18/2014 9:23:35 AM, SYSTEM, JIM-LAPTOP, Protection, Malicious Website Protection, Starting, Protection, 7/18/2014 9:23:43 AM, SYSTEM, JIM-LAPTOP, Protection, Malicious Website Protection, Started, Protection, 7/18/2014 9:24:30 AM, SYSTEM, JIM-LAPTOP, Protection, Malware Protection, Starting, Protection, 7/18/2014 9:24:30 AM, SYSTEM, JIM-LAPTOP, Protection, Malware Protection, Started, (end) This is the most recent log I could find in the history tab.

I have Malware bytes premium but it doesn't seem to be taking care of it. After I quarantine, the pup shows up again and again. And it typically takes about 5 minutes for the quarantine action to complete...just for this one pup. Addition.txt FRST.txt