Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove Shopper PRO, YT Downloader, etc. via HiJackThis


  • Please log in to reply
26 replies to this topic

#1 rbzo

rbzo

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 09 July 2014 - 07:48 PM

Hello,

 

I humbly beseech you to help me rid my PC of the aforementioned Malware!

 

I've run Malwarebytes Premium, Spybot, Hijackthis! and even Should I remove them, but to no avail.

 

The ShopperPro BHO is especially a pain and refuses to be removed in HJT. 

 

As per protocol, I will not run ComboFix until instructed to do so. 

 

Any help is appreciated!

 

My last HJT log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:21:21 PM, on 7/9/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49238;https=127.0.0.1:49238
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ShopperProBHO - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
O4 - Global Startup: Appupdater Tray Notification Icon.lnk = C:\Program Files (x86)\Appupdater\appupdatert.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNServiceForPowerDVD12 - CyberLink Corp. - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Search Module Update (SMUpd) - Search Module Ltd. - C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: ShopperPro Update (SPBIUpd) - ShopperPro - C:\Program Files\Common Files\ShopperPro\spbiu.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9435 bytes
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 PM

Posted 13 July 2014 - 08:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 PM

Posted 19 July 2014 - 07:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 PM

Posted 29 July 2014 - 06:41 AM

This topic has been re-opened at the request of the person who originally posted.

#5 rbzo

rbzo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 31 July 2014 - 04:45 PM

Nasdaq,

 

Thanks again for reopening this topic.

 

Here is the log file for Adw Cleaner: 

 

# AdwCleaner v3.301 - Report created 28/07/2014 at 14:08:33
# Updated 28/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : ********
# Running from : C:\Users\James\Downloads\adwcleaner_3.301.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : 70e6ca8c
[#] Service Deleted : Appupdater
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : netfilter64
Service Deleted : sbmntr
Service Deleted : SMUpd
Service Deleted : SMUpdd
Service Deleted : SPBIUpd
Service Deleted : SPBIUpdd
Service Deleted : webinstr
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SearchModule
Folder Deleted : C:\ProgramData\ShopperPro
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Appupdater
Folder Deleted : C:\Program Files (x86)\Appupdater
[!] Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\PassShow-soft
Folder Deleted : C:\Program Files (x86)\ShopperPro
Folder Deleted : C:\Program Files (x86)\YTDownloader
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Users\James\AppData\Local\globalUpdate
Folder Deleted : C:\Users\James\AppData\Roaming\PC Health Kit
Folder Deleted : C:\Users\James\AppData\Roaming\SupTab
Folder Deleted : C:\Users\James\AppData\Roaming\Systweak
Folder Deleted : C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Folder Deleted : C:\Users\James\Documents\PC Health Kit
Folder Deleted : C:\Users\Public\Documents\ShopperPro
File Deleted : C:\WINDOWS\System32\drivers\netfilter64.sys
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\WINDOWS\System32\sasnative64.exe
File Deleted : C:\Users\James\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\James\Desktop\Continue VuuPC Installation.lnk
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322552210}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366286650}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556610}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322552210}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366286650}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556610}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Object Browser
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\AppUpdater
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\InstalledBrowserExtensions
Key Deleted : HKLM\Software\SupDp
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppUpdater
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Startup_urls] : hxxp://www-search.net/?pid=s
Deleted [Homepage] : hxxp://www-search.net/?pid=s
 
*************************
 
AdwCleaner[R0].txt - [10753 octets] - [28/07/2014 14:05:23]
AdwCleaner[S0].txt - [10730 octets] - [28/07/2014 14:08:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10791 octets] ##########
 
 
 
And here is the log for Farbar: 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by James (administrator) on ******FAMILY on 28-07-2014 14:33:05
Running from C:\Users\James\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-358060547-1129748777-2863471372-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-358060547-1129748777-2863471372-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4785504 2014-05-07] (PC Drivers Headquarters)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Appupdater Tray Notification Icon.lnk
ShortcutTarget: Appupdater Tray Notification Icon.lnk -> C:\Program Files (x86)\Appupdater\appupdatert.exe (No File)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:49238;https=127.0.0.1:49238
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKCU\...\Firefox\Extensions: [{BF94EC22-F463-E3AD-5AD5-4FFD4E85D2AD}] - C:\Program Files (x86)\-Re-MarkableS\174.xpi
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-01]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03]
CHR Extension: (WOT) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-03]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-01]
CHR Extension: (Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-01]
CHR Extension: (Google Wallet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-09] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-09] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-09] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [202824 2013-01-18] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-06-06] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-06] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-06] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-06] (Microsoft Corporation)
S2 SPDRIVER_1.37.1.189; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-28 14:33 - 2014-07-28 14:33 - 00012362 _____ () C:\Users\James\Downloads\FRST.txt
2014-07-28 14:28 - 2014-07-28 14:33 - 00000000 ____D () C:\FRST
2014-07-28 14:27 - 2014-07-28 14:27 - 02093568 _____ (Farbar) C:\Users\James\Desktop\FRST64.exe
2014-07-28 14:14 - 2014-07-28 14:14 - 00010912 _____ () C:\Users\James\Desktop\AdwCleaner[S0]POSTREBOOT.txt
2014-07-28 14:08 - 2014-07-28 14:08 - 00010753 _____ () C:\Users\James\Desktop\AdwCleaner[R0].txt
2014-07-28 14:05 - 2014-07-28 14:09 - 00000000 ____D () C:\AdwCleaner
2014-07-28 14:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-28 14:03 - 2014-07-28 14:03 - 01365551 _____ () C:\Users\James\Downloads\adwcleaner_3.301.exe
2014-07-09 18:04 - 2014-07-09 18:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 18:02 - 2014-04-13 20:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 17:29 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 17:29 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 17:29 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 17:29 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 17:29 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 17:29 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 17:29 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 17:29 - 2014-06-18 16:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 17:29 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 17:29 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 17:29 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 17:29 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 17:29 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 17:29 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 17:29 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 17:29 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 17:29 - 2014-06-18 15:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 17:29 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 17:29 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 17:29 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 17:29 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 17:29 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 17:29 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 17:29 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 17:29 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 17:29 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 17:29 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 17:29 - 2014-05-29 05:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 17:29 - 2014-05-29 00:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 17:29 - 2014-05-28 23:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 17:29 - 2014-05-28 23:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 17:29 - 2014-05-28 22:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 17:29 - 2014-05-28 22:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 17:28 - 2014-06-30 15:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 17:28 - 2014-06-28 00:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 17:28 - 2014-06-28 00:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 17:28 - 2014-06-06 06:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 17:28 - 2014-06-06 05:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 17:28 - 2014-05-31 03:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 17:28 - 2014-05-31 03:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 17:28 - 2014-05-30 20:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 17:28 - 2014-05-30 20:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 17:28 - 2014-05-30 20:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 17:28 - 2014-05-30 20:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 17:28 - 2014-05-30 20:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 17:28 - 2014-05-30 20:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 17:28 - 2014-05-30 19:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 17:28 - 2014-05-30 19:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 17:28 - 2014-05-30 19:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 17:28 - 2014-05-30 19:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 17:28 - 2014-05-30 19:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 17:28 - 2014-05-30 19:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 17:28 - 2014-05-30 19:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 17:22 - 2014-07-09 17:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 17:17 - 2014-07-28 14:10 - 00013006 _____ () C:\WINDOWS\PFRO.log
2014-07-09 17:05 - 2014-07-09 17:05 - 00003792 _____ () C:\WINDOWS\System32\Tasks\Driver Support-RTMScan
2014-07-09 17:05 - 2014-07-09 17:05 - 00003784 _____ () C:\WINDOWS\System32\Tasks\Driver Support-RTMUpdater
2014-07-09 17:05 - 2014-07-09 17:05 - 00003780 _____ () C:\WINDOWS\System32\Tasks\Driver Support-RTMRules
2014-07-09 17:05 - 2014-07-09 17:05 - 00000000 ____D () C:\Users\James\Downloads\Driver Support
2014-07-09 17:05 - 2014-07-09 17:05 - 00000000 ____D () C:\ProgramData\UAB
2014-07-09 17:04 - 2014-07-09 17:04 - 00003474 _____ () C:\WINDOWS\System32\Tasks\Driver Support-RTMScanRunOnce
2014-07-09 17:04 - 2014-07-09 17:04 - 00002284 _____ () C:\Users\Public\Desktop\Driver Support.lnk
2014-07-09 17:04 - 2014-07-09 17:04 - 00000000 ____D () C:\Users\James\AppData\Local\PC_Drivers_Headquarters
2014-07-09 17:04 - 2014-07-09 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
2014-07-09 17:04 - 2014-07-09 17:04 - 00000000 ____D () C:\ProgramData\Driver Support
2014-07-09 17:04 - 2014-07-09 17:04 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-07-09 17:01 - 2014-07-09 17:01 - 00003106 _____ () C:\WINDOWS\System32\Tasks\{0285F949-915D-4CC2-98CD-A11874FDEFE7}
2014-07-09 16:57 - 2014-07-28 14:14 - 00001472 _____ () C:\WINDOWS\Tasks\79144690-fc61-4553-b29f-2562b733b76c-5_user.job
2014-07-09 16:53 - 2014-07-09 17:03 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-07-09 16:52 - 2014-07-09 16:54 - 00000155 _____ () C:\WINDOWS\Reimage.ini
2014-07-09 16:52 - 2014-07-09 16:52 - 00929416 _____ (CNET Download.com) C:\Users\James\Downloads\cbsidlm-cbsi188-Should_I_Remove_It-SEO-75834044.exe
2014-07-09 16:37 - 2014-07-28 14:22 - 00837717 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-09 15:57 - 2014-07-09 15:57 - 00002242 _____ () C:\Users\Arbizo Family\Desktop\Google Chrome.lnk
2014-07-09 15:57 - 2014-07-09 15:57 - 00001449 _____ () C:\Users\Arbizo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-09 15:57 - 2014-07-09 15:57 - 00000000 ____D () C:\Users\Arbizo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-09 15:57 - 2014-07-09 15:57 - 00000000 ____D () C:\Users\Arbizo Family\AppData\Roaming\Adobe
2014-07-09 15:57 - 2014-07-09 15:57 - 00000000 ____D () C:\Users\Arbizo Family\AppData\Local\VirtualStore
2014-07-09 15:57 - 2014-07-09 15:57 - 00000000 ____D () C:\Users\Arbizo Family\AppData\Local\Packages
2014-07-09 15:57 - 2014-07-09 15:57 - 00000000 ____D () C:\Users\Arbizo Family\AppData\Local\Google
2014-07-09 15:56 - 2014-07-09 15:57 - 00000000 ____D () C:\Users\Arbizo Family
2014-07-09 15:56 - 2014-07-09 15:56 - 00000020 ___SH () C:\Users\Arbizo Family\ntuser.ini
2014-07-09 15:56 - 2014-06-06 16:54 - 00000000 ___RD () C:\Users\Arbizo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-09 15:56 - 2014-06-06 16:11 - 00000000 ____D () C:\Users\Arbizo Family\Documents\hp.system.package.metadata
2014-07-09 15:56 - 2014-03-18 03:33 - 00000000 ___RD () C:\Users\Arbizo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 15:56 - 2014-03-18 03:13 - 00000369 _____ () C:\Users\Arbizo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-09 15:56 - 2014-03-18 03:13 - 00000369 _____ () C:\Users\Arbizo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-09 15:56 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Arbizo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-09 15:56 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\Arbizo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-03 18:05 - 2014-07-03 18:05 - 00003110 _____ () C:\WINDOWS\System32\Tasks\{9D6D3B35-2AC3-4776-8E17-A55B79454CAC}
2014-07-03 17:50 - 2014-07-03 17:50 - 00003454 _____ () C:\WINDOWS\wininit.ini
2014-07-03 17:47 - 2014-07-03 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-03 17:46 - 2014-07-03 17:47 - 04812672 _____ (Piriform Ltd) C:\Users\James\Downloads\ccsetup415.exe
2014-07-03 17:45 - 2014-07-09 16:59 - 00000000 ____D () C:\Users\James\Desktop\Internet Protection
2014-07-03 17:12 - 2014-07-03 17:12 - 01402880 _____ () C:\Users\James\Downloads\HijackThis.msi
2014-07-03 17:12 - 2014-07-03 17:12 - 00000000 ____D () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-03 17:12 - 2014-07-03 17:12 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-03 17:03 - 2014-07-03 17:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-07-03 17:02 - 2014-07-03 17:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-03 17:02 - 2014-07-03 17:14 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-03 17:02 - 2014-07-03 17:02 - 00001370 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-03 17:02 - 2014-07-03 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-07-03 17:02 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-07-03 17:01 - 2014-07-03 17:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\James\Downloads\spybot-2.4.exe
2014-07-03 16:24 - 2014-07-03 16:24 - 00003100 _____ () C:\WINDOWS\System32\Tasks\{301E7366-9B9D-40E5-91B5-1C093DF41BC2}
2014-07-03 13:57 - 2014-07-28 14:14 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 13:57 - 2014-07-03 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-03 13:57 - 2014-07-03 13:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 13:57 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-03 13:57 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-03 13:54 - 2014-07-03 13:54 - 00003136 _____ () C:\WINDOWS\System32\Tasks\{27BA6EB2-5DF9-4221-84CD-47927A47DF00}
2014-07-01 14:32 - 2014-07-03 12:41 - 00000000 ____D () C:\Users\James\AppData\Local\LogMeIn Rescue Applet
2014-07-01 14:32 - 2014-07-01 14:32 - 01529152 _____ (LogMeIn, Inc.) C:\Users\James\Downloads\Support-LogMeInRescue.exe
2014-07-01 14:32 - 2014-07-01 14:32 - 01529152 _____ (LogMeIn, Inc.) C:\Users\James\Downloads\Support-LogMeInRescue (1).exe
2014-07-01 14:17 - 2014-07-03 13:28 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2014-07-01 14:17 - 2014-07-03 13:28 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2014-07-01 14:17 - 2014-07-01 15:05 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2014-07-01 14:17 - 2014-07-01 14:23 - 00002808 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
2014-07-01 14:17 - 2014-07-01 14:23 - 00002806 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
2014-07-01 14:17 - 2014-07-01 14:23 - 00002806 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
2014-07-01 14:17 - 2014-07-01 14:17 - 00623672 _____ (Click Me In Limited) C:\Users\James\AppData\Local\nsw2D94.tmp
2014-07-01 14:16 - 2014-07-28 14:16 - 00001728 _____ () C:\WINDOWS\Tasks\08e86605-2c3d-409e-9a8c-e86250837a41-5_user.job
2014-07-01 14:16 - 2014-07-28 14:16 - 00001488 _____ () C:\WINDOWS\Tasks\cefb908f-ca65-45a0-adf8-186b46f59e1c-5_user.job
2014-07-01 14:16 - 2014-07-01 14:16 - 00000982 _____ () C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-07-01 14:15 - 2014-07-28 14:14 - 00000948 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-01 14:15 - 2014-07-09 16:58 - 00000952 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-01 14:15 - 2014-07-09 16:53 - 00003924 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-01 14:15 - 2014-07-09 16:53 - 00003688 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-01 14:15 - 2014-07-01 14:15 - 00004506 _____ () C:\WINDOWS\System32\Tasks\ShopperPro
2014-07-01 14:15 - 2014-07-01 14:15 - 00004248 _____ () C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_333934323030373632332d7855236c575a4a5741415034
2014-07-01 14:15 - 2014-07-01 14:15 - 00004242 _____ () C:\WINDOWS\System32\Tasks\SPBIW_UpdateTask_Time_333934323030373632332d7855236c575a4a5741415034
2014-07-01 14:15 - 2014-07-01 14:15 - 00003834 _____ () C:\WINDOWS\System32\Tasks\Smp
2014-07-01 14:15 - 2014-07-01 14:15 - 00003730 _____ () C:\WINDOWS\System32\Tasks\SMupdate1
2014-07-01 14:15 - 2014-07-01 14:15 - 00003590 _____ () C:\WINDOWS\System32\Tasks\YTDownloader
2014-07-01 14:15 - 2014-07-01 14:15 - 00003580 _____ () C:\WINDOWS\System32\Tasks\YTDownloaderUpd
2014-07-01 14:15 - 2014-07-01 14:15 - 00003576 _____ () C:\WINDOWS\System32\Tasks\ShopperProJSUpd
2014-07-01 14:15 - 2014-07-01 14:15 - 00003500 _____ () C:\WINDOWS\System32\Tasks\SPDriver
2014-07-01 14:15 - 2014-07-01 14:15 - 00001968 _____ () C:\Users\James\Desktop\YTDownloader.lnk
2014-07-01 14:15 - 2014-07-01 14:15 - 00000000 ____D () C:\Users\James\AppData\Local\CrashRpt
2014-07-01 14:15 - 2014-07-01 14:15 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2014-07-01 14:15 - 2014-07-01 14:15 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-07-01 13:48 - 2014-07-03 16:48 - 00000000 ____D () C:\Program Files (x86)\CompuClever
2014-07-01 13:48 - 2014-07-01 13:48 - 00003798 _____ () C:\WINDOWS\System32\Tasks\PC Clean Maestro Scan
2014-07-01 13:48 - 2014-07-01 13:48 - 00003510 _____ () C:\WINDOWS\System32\Tasks\PC Clean Maestro Scan SecondTime
2014-07-01 13:48 - 2014-07-01 13:48 - 00003508 _____ () C:\WINDOWS\System32\Tasks\PC Clean Maestro Scan FirstTime
2014-07-01 13:48 - 2014-07-01 13:48 - 00003298 _____ () C:\WINDOWS\System32\Tasks\PC Clean Maestro Startup
2014-07-01 13:48 - 2014-07-01 13:48 - 00000000 ____D () C:\Users\James\AppData\Roaming\CompuClever
2014-07-01 13:40 - 2014-07-03 12:42 - 00003248 _____ () C:\WINDOWS\System32\Tasks\PC Health Kit Schedule
2014-07-01 13:34 - 2014-07-03 17:56 - 00000379 _____ () C:\WINDOWS\SysWOW64\ff.bin
2014-06-29 11:28 - 2014-07-03 12:45 - 00003108 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro
2014-06-29 11:28 - 2014-07-03 12:42 - 00003120 _____ () C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
2014-06-29 11:28 - 2014-06-29 11:28 - 00000000 ____D () C:\MININT
2014-06-29 11:27 - 2014-06-29 11:27 - 01075776 _____ (OR Interactive Ltd) C:\Users\James\Downloads\IDM2-Windows-en-us (2).exe
2014-06-29 11:26 - 2014-06-29 11:26 - 01075776 _____ (OR Interactive Ltd) C:\Users\James\Downloads\IDM2-Windows-en-us.exe
2014-06-29 11:26 - 2014-06-29 11:26 - 01075776 _____ (OR Interactive Ltd) C:\Users\James\Downloads\IDM2-Windows-en-us (1).exe
2014-06-29 10:58 - 2014-06-29 10:58 - 01075776 _____ (OR Interactive Ltd) C:\Users\James\Downloads\IDM2.exe
2014-06-29 10:58 - 2014-06-29 10:58 - 00469048 _____ () C:\Users\James\Downloads\download_videodownloader.exe
2014-06-29 10:56 - 2014-07-03 17:53 - 00000552 _____ () C:\WINDOWS\SysWOW64\schtasks.bin
2014-06-28 21:28 - 2014-07-03 13:45 - 00000000 ____D () C:\Program Files (x86)\0866B8A9-2E46-422F-947B-2C563F566A0E
2014-06-28 21:26 - 2014-06-28 21:26 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieUserList
2014-06-28 21:26 - 2014-06-28 21:26 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieSiteList
2014-06-28 18:21 - 2014-06-28 18:21 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-06-28 18:21 - 2014-06-28 18:21 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-06-28 18:21 - 2014-06-08 06:38 - 00057528 _____ (Corsica) C:\WINDOWS\system32\Drivers\webinstr.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-28 14:33 - 2014-07-28 14:33 - 00012362 _____ () C:\Users\James\Downloads\FRST.txt
2014-07-28 14:33 - 2014-07-28 14:28 - 00000000 ____D () C:\FRST
2014-07-28 14:27 - 2014-07-28 14:27 - 02093568 _____ (Farbar) C:\Users\James\Desktop\FRST64.exe
2014-07-28 14:22 - 2014-07-09 16:37 - 00837717 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-28 14:19 - 2013-11-27 06:11 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-358060547-1129748777-2863471372-1001
2014-07-28 14:16 - 2014-07-01 14:16 - 00001728 _____ () C:\WINDOWS\Tasks\08e86605-2c3d-409e-9a8c-e86250837a41-5_user.job
2014-07-28 14:16 - 2014-07-01 14:16 - 00001488 _____ () C:\WINDOWS\Tasks\cefb908f-ca65-45a0-adf8-186b46f59e1c-5_user.job
2014-07-28 14:14 - 2014-07-28 14:14 - 00010912 _____ () C:\Users\James\Desktop\AdwCleaner[S0]POSTREBOOT.txt
2014-07-28 14:14 - 2014-07-09 16:57 - 00001472 _____ () C:\WINDOWS\Tasks\79144690-fc61-4553-b29f-2562b733b76c-5_user.job
2014-07-28 14:14 - 2014-07-03 13:57 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 14:14 - 2014-07-01 14:15 - 00000948 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-28 14:14 - 2014-06-06 16:42 - 00000000 ___RD () C:\Users\James\OneDrive
2014-07-28 14:14 - 2013-12-01 04:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 14:11 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-28 14:10 - 2014-07-09 17:17 - 00013006 _____ () C:\WINDOWS\PFRO.log
2014-07-28 14:10 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-28 14:09 - 2014-07-28 14:05 - 00000000 ____D () C:\AdwCleaner
2014-07-28 14:09 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-28 14:08 - 2014-07-28 14:08 - 00010753 _____ () C:\Users\James\Desktop\AdwCleaner[R0].txt
2014-07-28 14:03 - 2014-07-28 14:03 - 01365551 _____ () C:\Users\James\Downloads\adwcleaner_3.301.exe
2014-07-28 14:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-28 14:00 - 2013-11-27 06:05 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{879C7D68-F2AB-4D5F-91DC-43D7D68AE7A7}
2014-07-26 23:11 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-09 18:04 - 2014-07-09 18:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 18:04 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-09 18:04 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-09 18:03 - 2013-12-01 04:43 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 18:02 - 2013-12-01 04:43 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 18:01 - 2014-03-18 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 18:00 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-09 17:45 - 2013-12-01 04:06 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-09 17:22 - 2014-07-09 17:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 17:05 - 2014-07-09 17:05 - 00003792 _____ () C:\WINDOWS\System32\Tasks\Driver Support-RTMScan
2014-07-09 17:05 - 2014-07-09 17:05 - 00003784 _____ () C:\WINDOWS\System32\Tasks\Driver Support-RTMUpdater
2014-07-09 17:05 - 2014-07-09 17:05 - 00003780 _____ () C:\WINDOWS\System32\Tasks\Driver Support-RTMRules
2014-07-09 17:05 - 2014-07-09 17:05 - 00000000 ____D () C:\Users\James\Downloads\Driver Support
2014-07-09 17:05 - 2014-07-09 17:05 - 00000000 ____D () C:\ProgramData\UAB
2014-07-09 17:04 - 2014-07-09 17:04 - 00003474 _____ () C:\WINDOWS\System32\Tasks\Driver Support-RTMScanRunOnce
2014-07-09 17:04 - 2014-07-09 17:04 - 00002284 _____ () C:\Users\Public\Desktop\Driver Support.lnk
2014-07-09 17:04 - 2014-07-09 17:04 - 00000000 ____D () C:\Users\James\AppData\Local\PC_Drivers_Headquarters
2014-07-09 17:04 - 2014-07-09 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
2014-07-09 17:04 - 2014-07-09 17:04 - 00000000 ____D () C:\ProgramData\Driver Support
2014-07-09 17:04 - 2014-07-09 17:04 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-07-09 17:03 - 2014-07-09 16:53 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-07-09 17:01 - 2014-07-09 17:01 - 00003106 _____ () C:\WINDOWS\System32\Tasks\{0285F949-915D-4CC2-98CD-A11874FDEFE7}
2014-07-09 16:59 - 2014-07-03 17:45 - 00000000 ____D () C:\Users\James\Desktop\Internet Protection
2014-07-09 16:58 - 2014-07-01 14:15 - 00000952 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-09 16:54 - 2014-07-09 16:52 - 00000155 _____ () C:\WINDOWS\Reimage.ini
2014-07-09 16:53 - 2014-07-01 14:15 - 00003924 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-09 16:53 - 2014-07-01 14:15 - 00003688 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-09 16:52 - 2014-07-09 16:52 - 00929416 _____ (CNET Download.com) C:\Users\James\Downloads\cbsidlm-cbsi188-Should_I_Remove_It-SEO-75834044.exe
2014-07-09 15:57 - 2014-07-09 15:57 - 00002242 _____ () C:\Users\Arbizo Family\Desktop\Google Chrome.lnk
2014-07-09 15:57 - 2014-07-09 15:57 - 00001449 _____ () C:\Users\Arbizo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-09 15:57 - 2014-07-09 15:57 - 00000000 ____D () C:\Users\Arbizo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-09 15:57 - 2014-07-09 15:57 - 00000000 ____D () C:\Users\Arbizo Family\AppData\Roaming\Adobe
2014-07-09 15:57 - 2014-07-09 15:57 - 00000000 ____D () C:\Users\Arbizo Family\AppData\Local\VirtualStore
2014-07-09 15:57 - 2014-07-09 15:57 - 00000000 ____D () C:\Users\Arbizo Family\AppData\Local\Packages
2014-07-09 15:57 - 2014-07-09 15:57 - 00000000 ____D () C:\Users\Arbizo Family\AppData\Local\Google
2014-07-09 15:57 - 2014-07-09 15:56 - 00000000 ____D () C:\Users\Arbizo Family
2014-07-09 15:57 - 2014-06-06 16:41 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-07-09 15:56 - 2014-07-09 15:56 - 00000020 ___SH () C:\Users\Arbizo Family\ntuser.ini
2014-07-03 18:05 - 2014-07-03 18:05 - 00003110 _____ () C:\WINDOWS\System32\Tasks\{9D6D3B35-2AC3-4776-8E17-A55B79454CAC}
2014-07-03 17:56 - 2014-07-01 13:34 - 00000379 _____ () C:\WINDOWS\SysWOW64\ff.bin
2014-07-03 17:53 - 2014-06-29 10:56 - 00000552 _____ () C:\WINDOWS\SysWOW64\schtasks.bin
2014-07-03 17:50 - 2014-07-03 17:50 - 00003454 _____ () C:\WINDOWS\wininit.ini
2014-07-03 17:47 - 2014-07-03 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-03 17:47 - 2014-07-03 17:46 - 04812672 _____ (Piriform Ltd) C:\Users\James\Downloads\ccsetup415.exe
2014-07-03 17:47 - 2013-12-01 05:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-03 17:18 - 2014-07-03 17:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-03 17:14 - 2014-07-03 17:02 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-03 17:13 - 2013-11-27 06:04 - 00000000 ____D () C:\Users\James\AppData\Local\VirtualStore
2014-07-03 17:12 - 2014-07-03 17:12 - 01402880 _____ () C:\Users\James\Downloads\HijackThis.msi
2014-07-03 17:12 - 2014-07-03 17:12 - 00000000 ____D () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-03 17:12 - 2014-07-03 17:12 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-03 17:03 - 2014-07-03 17:03 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-07-03 17:02 - 2014-07-03 17:02 - 00001370 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-03 17:02 - 2014-07-03 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-07-03 17:02 - 2014-07-03 17:01 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\James\Downloads\spybot-2.4.exe
2014-07-03 16:53 - 2013-08-23 11:51 - 00000000 ____D () C:\ProgramData\WildTangent
2014-07-03 16:53 - 2013-08-23 11:51 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-07-03 16:48 - 2014-07-01 13:48 - 00000000 ____D () C:\Program Files (x86)\CompuClever
2014-07-03 16:24 - 2014-07-03 16:24 - 00003100 _____ () C:\WINDOWS\System32\Tasks\{301E7366-9B9D-40E5-91B5-1C093DF41BC2}
2014-07-03 13:57 - 2014-07-03 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-03 13:57 - 2014-07-03 13:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 13:57 - 2013-12-01 05:42 - 00000000 ____D () C:\Users\James\AppData\Roaming\Malwarebytes
2014-07-03 13:57 - 2013-12-01 05:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 13:57 - 2013-12-01 05:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-03 13:54 - 2014-07-03 13:54 - 00003136 _____ () C:\WINDOWS\System32\Tasks\{27BA6EB2-5DF9-4221-84CD-47927A47DF00}
2014-07-03 13:50 - 2014-06-06 16:59 - 00000000 ___DC () C:\WINDOWS\Panther
2014-07-03 13:45 - 2014-06-28 21:28 - 00000000 ____D () C:\Program Files (x86)\0866B8A9-2E46-422F-947B-2C563F566A0E
2014-07-03 13:38 - 2014-03-18 03:03 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-03 13:35 - 2013-12-01 04:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-03 13:28 - 2014-07-01 14:17 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2014-07-03 13:28 - 2014-07-01 14:17 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2014-07-03 13:27 - 2013-08-22 07:44 - 00344488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-03 13:01 - 2013-08-23 11:48 - 00000000 ____D () C:\ProgramData\Temp
2014-07-03 12:45 - 2014-06-29 11:28 - 00003108 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro
2014-07-03 12:42 - 2014-07-01 13:40 - 00003248 _____ () C:\WINDOWS\System32\Tasks\PC Health Kit Schedule
2014-07-03 12:42 - 2014-06-29 11:28 - 00003120 _____ () C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
2014-07-03 12:41 - 2014-07-01 14:32 - 00000000 ____D () C:\Users\James\AppData\Local\LogMeIn Rescue Applet
2014-07-01 15:05 - 2014-07-01 14:17 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2014-07-01 14:51 - 2013-08-22 06:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-07-01 14:32 - 2014-07-01 14:32 - 01529152 _____ (LogMeIn, Inc.) C:\Users\James\Downloads\Support-LogMeInRescue.exe
2014-07-01 14:32 - 2014-07-01 14:32 - 01529152 _____ (LogMeIn, Inc.) C:\Users\James\Downloads\Support-LogMeInRescue (1).exe
2014-07-01 14:23 - 2014-07-01 14:17 - 00002808 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
2014-07-01 14:23 - 2014-07-01 14:17 - 00002806 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
2014-07-01 14:23 - 2014-07-01 14:17 - 00002806 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
2014-07-01 14:17 - 2014-07-01 14:17 - 00623672 _____ (Click Me In Limited) C:\Users\James\AppData\Local\nsw2D94.tmp
2014-07-01 14:16 - 2014-07-01 14:16 - 00000982 _____ () C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-07-01 14:15 - 2014-07-01 14:15 - 00004506 _____ () C:\WINDOWS\System32\Tasks\ShopperPro
2014-07-01 14:15 - 2014-07-01 14:15 - 00004248 _____ () C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_333934323030373632332d7855236c575a4a5741415034
2014-07-01 14:15 - 2014-07-01 14:15 - 00004242 _____ () C:\WINDOWS\System32\Tasks\SPBIW_UpdateTask_Time_333934323030373632332d7855236c575a4a5741415034
2014-07-01 14:15 - 2014-07-01 14:15 - 00003834 _____ () C:\WINDOWS\System32\Tasks\Smp
2014-07-01 14:15 - 2014-07-01 14:15 - 00003730 _____ () C:\WINDOWS\System32\Tasks\SMupdate1
2014-07-01 14:15 - 2014-07-01 14:15 - 00003590 _____ () C:\WINDOWS\System32\Tasks\YTDownloader
2014-07-01 14:15 - 2014-07-01 14:15 - 00003580 _____ () C:\WINDOWS\System32\Tasks\YTDownloaderUpd
2014-07-01 14:15 - 2014-07-01 14:15 - 00003576 _____ () C:\WINDOWS\System32\Tasks\ShopperProJSUpd
2014-07-01 14:15 - 2014-07-01 14:15 - 00003500 _____ () C:\WINDOWS\System32\Tasks\SPDriver
2014-07-01 14:15 - 2014-07-01 14:15 - 00001968 _____ () C:\Users\James\Desktop\YTDownloader.lnk
2014-07-01 14:15 - 2014-07-01 14:15 - 00000000 ____D () C:\Users\James\AppData\Local\CrashRpt
2014-07-01 14:15 - 2014-07-01 14:15 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2014-07-01 14:15 - 2014-07-01 14:15 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-07-01 14:15 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-07-01 13:48 - 2014-07-01 13:48 - 00003798 _____ () C:\WINDOWS\System32\Tasks\PC Clean Maestro Scan
2014-07-01 13:48 - 2014-07-01 13:48 - 00003510 _____ () C:\WINDOWS\System32\Tasks\PC Clean Maestro Scan SecondTime
2014-07-01 13:48 - 2014-07-01 13:48 - 00003508 _____ () C:\WINDOWS\System32\Tasks\PC Clean Maestro Scan FirstTime
2014-07-01 13:48 - 2014-07-01 13:48 - 00003298 _____ () C:\WINDOWS\System32\Tasks\PC Clean Maestro Startup
2014-07-01 13:48 - 2014-07-01 13:48 - 00000000 ____D () C:\Users\James\AppData\Roaming\CompuClever
2014-06-30 15:45 - 2014-07-09 17:28 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-29 11:28 - 2014-06-29 11:28 - 00000000 ____D () C:\MININT
2014-06-29 11:28 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-06-29 11:27 - 2014-06-29 11:27 - 01075776 _____ (OR Interactive Ltd) C:\Users\James\Downloads\IDM2-Windows-en-us (2).exe
2014-06-29 11:26 - 2014-06-29 11:26 - 01075776 _____ (OR Interactive Ltd) C:\Users\James\Downloads\IDM2-Windows-en-us.exe
2014-06-29 11:26 - 2014-06-29 11:26 - 01075776 _____ (OR Interactive Ltd) C:\Users\James\Downloads\IDM2-Windows-en-us (1).exe
2014-06-29 10:58 - 2014-06-29 10:58 - 01075776 _____ (OR Interactive Ltd) C:\Users\James\Downloads\IDM2.exe
2014-06-29 10:58 - 2014-06-29 10:58 - 00469048 _____ () C:\Users\James\Downloads\download_videodownloader.exe
2014-06-28 21:26 - 2014-06-28 21:26 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieUserList
2014-06-28 21:26 - 2014-06-28 21:26 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieSiteList
2014-06-28 18:21 - 2014-06-28 18:21 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-06-28 18:21 - 2014-06-28 18:21 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-06-28 18:21 - 2013-08-22 08:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-06-28 18:21 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-06-28 00:48 - 2014-07-09 17:28 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 00:07 - 2014-07-09 17:28 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
 
Some content of TEMP:
====================
C:\Users\James\AppData\Local\Temp\enfor_mation2.exe
C:\Users\James\AppData\Local\Temp\Quarantine.exe
C:\Users\James\AppData\Local\Temp\ReimagePackage.exe
C:\Users\James\AppData\Local\Temp\ReimageRepair.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-09 17:56
 
==================== End Of Log ============================
 
 
Thanks again for the initial suggestions.
 
Although most junk seems to be gone, I'm still plagued by driver support pop ups, gobeezo PUP and proshopper trying to access my PC.
 
Malwarebytes continues to remove and block these processes (I think).
 
I also have YT downloader, Optimize your PC, and Driver Support icons on my desktop (Is it as simple as sending them to the trash?).
 
Lastly, I'm experiencing dll notifications (small pop ups), although I don't see a difference in performance.

 

 

I await your recommendations. Thank You!

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 PM

Posted 01 August 2014 - 09:13 AM

I also have YT downloader, Optimize your PC, and Driver Support icons on my desktop (Is it as simple as sending them to the trash?).


Yes!

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-358060547-1129748777-2863471372-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4785504 2014-05-07] (PC Drivers Headquarters)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Appupdater Tray Notification Icon.lnk
ShortcutTarget: Appupdater Tray Notification Icon.lnk -> C:\Program Files (x86)\Appupdater\appupdatert.exe (No File)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF HKCU\...\Firefox\Extensions: [{BF94EC22-F463-E3AD-5AD5-4FFD4E85D2AD}] - C:\Program Files (x86)\-Re-MarkableS\174.xpi
S2 SPDRIVER_1.37.1.189; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.sys [X]
C:\Users\James\AppData\Local\Temp\enfor_mation2.exe
C:\Users\James\AppData\Local\Temp\ReimagePackage.exe
C:\Users\James\AppData\Local\Temp\ReimageRepair.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Task: {F071A7D3-A751-466A-814D-2B6BC9633C0E} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {FB01E6F1-DE3F-4F82-B873-2DBBDC4BAFAD} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
C:\Program Files (x86)\-Re-MarkableS
C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe

end

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#7 rbzo

rbzo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 06 August 2014 - 05:18 PM

Nasdaq,

 

Here is the FRST log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02
Ran by James at 2014-08-06 14:46:21 Run:1
Running from C:\Users\James\Desktop\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-358060547-1129748777-2863471372-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4785504 2014-05-07] (PC Drivers Headquarters)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Appupdater Tray Notification Icon.lnk
ShortcutTarget: Appupdater Tray Notification Icon.lnk -> C:\Program Files (x86)\Appupdater\appupdatert.exe (No File)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF HKCU\...\Firefox\Extensions: [{BF94EC22-F463-E3AD-5AD5-4FFD4E85D2AD}] - C:\Program Files (x86)\-Re-MarkableS\174.xpi
S2 SPDRIVER_1.37.1.189; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.sys [X]
C:\Users\James\AppData\Local\Temp\enfor_mation2.exe
C:\Users\James\AppData\Local\Temp\ReimagePackage.exe
C:\Users\James\AppData\Local\Temp\ReimageRepair.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Task: {F071A7D3-A751-466A-814D-2B6BC9633C0E} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {FB01E6F1-DE3F-4F82-B873-2DBBDC4BAFAD} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
C:\Program Files (x86)\-Re-MarkableS
C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
 
end
*****************
 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKU\S-1-5-21-358060547-1129748777-2863471372-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Support => value deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Appupdater Tray Notification Icon.lnk => Moved successfully.
C:\Program Files (x86)\Appupdater\appupdatert.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{BF94EC22-F463-E3AD-5AD5-4FFD4E85D2AD} => value deleted successfully.
SPDRIVER_1.37.1.189 => Service deleted successfully.
"C:\Users\James\AppData\Local\Temp\enfor_mation2.exe" => File/Directory not found.
"C:\Users\James\AppData\Local\Temp\ReimagePackage.exe" => File/Directory not found.
"C:\Users\James\AppData\Local\Temp\ReimageRepair.exe" => File/Directory not found.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F071A7D3-A751-466A-814D-2B6BC9633C0E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F071A7D3-A751-466A-814D-2B6BC9633C0E}" => Key deleted successfully.
C:\Windows\System32\Tasks\RegClean Pro => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB01E6F1-DE3F-4F82-B873-2DBBDC4BAFAD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB01E6F1-DE3F-4F82-B873-2DBBDC4BAFAD}" => Key deleted successfully.
C:\Windows\System32\Tasks\Advanced System Protector_startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup" => Key deleted successfully.
C:\WINDOWS\Tasks\APSnotifierPP1.job => Moved successfully.
C:\WINDOWS\Tasks\APSnotifierPP2.job => Moved successfully.
C:\WINDOWS\Tasks\APSnotifierPP3.job => Moved successfully.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job not found.
"C:\Program Files (x86)\-Re-MarkableS" => File/Directory not found.
C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Here are the results of Security Check:
 

 Results of screen317's Security Check version 0.99.86  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Windows Defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
Thanks for the advice on those pesky desktop icons!
 
A few notes:
 
Prior to Running and posting these FRST & Security Check logs, I'm experiencing a gobeezo popup as the desktop starts up.
It quickly disappears (I assume it's being blocked). 
 
And....
 
I receive multiple Run DLL popups (they look legit) notifying me that there was a problem starting C:\PROGRA~1\COMMON~1\System\SysMenu.dll
 
I'm hoping these will be a non-issue once I restart again, but just thought they should be noted.
 
 
All other issues seems to have  been resolved, and hopefully the logs look clean.
 
 
Thanks again for all of your help!
 
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 PM

Posted 07 August 2014 - 10:36 AM

I receive multiple Run DLL popups (they look legit) notifying me that there was a problem starting C:\PROGRA~1\COMMON~1\System\SysMenu.dll

This is from a remnant item from the infection.

http://www.bleepingcomputer.com/forums/t/540446/unable-to-remove-shopper-pro-yt-downloader-etc-via-hijackthis/
===

Let me check the registry keys.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :regfind
    SysMenu.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.




#9 rbzo

rbzo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 23 August 2014 - 02:54 PM

Nasdaq,

 

Here are the Systemlook results:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 12:51 on 23/08/2014 by James
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "SysMenu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SysMenu.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SysMenu.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\SysMenu.DLL]
 
-= EOF =-
 
 
Thanks again, and I'll standby for your instructions.

Edited by rbzo, 23 August 2014 - 02:55 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 PM

Posted 24 August 2014 - 07:44 AM

 
 
 
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
In Windows 7 and 8
Press the [Windows Icon + R] and enter "notepad" in the box to open Notepad
 
start
 
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SysMenu.DLL /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SysMenu.DLL /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\SysMenu.DLL /f
REBOOT:
 
end
 
 
Save the files as fixlist.txt in to the same folder as FRST
 
Run FRST and click Fix only once and wait.
 
Restart the computer to reset the registry.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
 
How is it now?
 


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 PM

Posted 30 August 2014 - 07:14 AM

Are you still with me?

#12 rbzo

rbzo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 30 August 2014 - 12:52 PM

Nasdaq,

 

Apologies for the delay.

 

I'm out of town and will apply your recommendations by Thursday.

 

Thanks for your patience!



#13 rbzo

rbzo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 06 September 2014 - 04:45 PM

Nasdaq,
 
Thanks for your patience!
 
Here are the FRST results:
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-09-2014
Ran by James at 2014-09-06 14:28:31 Run:2
Running from C:\Users\James\Desktop\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SysMenu.DLL /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SysMenu.DLL /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\SysMenu.DLL /f
REBOOT:
 
end
*****************
 
 
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SysMenu.DLL /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SysMenu.DLL /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\SysMenu.DLL /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
After running this last FRST scan, the PC still had those DLL popup issues that I mentioned earlier in the thread.
 
 
Any other recommendations?

Edited by rbzo, 06 September 2014 - 04:48 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 PM

Posted 07 September 2014 - 08:03 AM

Lets try this way.

; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
 

Windows Registry Editor Version 5.00


[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SysMenu.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SysMenu.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\SysMenu.DLL]



; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

On a Vista or Windows 7/8 operating system, right click the Fix.reg and run as Administrator.

Delete the Fix.reg file when done.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 PM

Posted 12 September 2014 - 08:52 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users