Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015 Ran by Joe (administrator) on JOE-PC on 18-06-2015 16:19:08 Running from C:\Users\Joe\Downloads Loaded Profiles: Joe & UpdatusUser (Available Profiles: Joe & Josh & UpdatusUser) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe (Symantec Corporation) C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe (Symantec Corporation) C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\nsbu.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Symantec Corporation) C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\nsbu.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-21-344620198-1433528080-3347177808-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe [927920 2015-05-31] (Adobe Systems Incorporated) HKU\S-1-5-21-344620198-1433528080-3347177808-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\buShell.dll [2015-03-20] (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\buShell.dll [2015-03-20] (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\buShell.dll [2015-03-20] (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NSBU&pvid=22.1.0.9 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NSBU&pvid=22.1.0.9 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NSBU&pvid=22.1.0.9 HKU\S-1-5-21-344620198-1433528080-3347177808-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKU\S-1-5-21-344620198-1433528080-3347177808-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-344620198-1433528080-3347177808-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://duckduckgo.com/ HKU\S-1-5-21-344620198-1433528080-3347177808-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NSBU&pvid=22.1.0.9 URLSearchHook: HKU\S-1-5-21-344620198-1433528080-3347177808-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn21\yt.dll (Yahoo! Inc.) SearchScopes: HKU\S-1-5-21-344620198-1433528080-3347177808-1000 -> DefaultScope {D6B1F8FA-7814-4FAE-B8BF-711C2CFACCAC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADSA_enUS388 SearchScopes: HKU\S-1-5-21-344620198-1433528080-3347177808-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-344620198-1433528080-3347177808-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-344620198-1433528080-3347177808-1000 -> {D6B1F8FA-7814-4FAE-B8BF-711C2CFACCAC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADSA_enUS388 BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn21\yt.dll [2015-01-19] (Yahoo! Inc.) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation) BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-27] (Oracle Corporation) BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-27] (Oracle Corporation) BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2011-03-15] (Yahoo! Inc) Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn21\yt.dll [2015-01-19] (Yahoo! Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation) Toolbar: HKU\S-1-5-21-344620198-1433528080-3347177808-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-344620198-1433528080-3347177808-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-27] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation) FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-344620198-1433528080-3347177808-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Joe\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll [2010-10-20] () FF Plugin HKU\S-1-5-21-344620198-1433528080-3347177808-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS) FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.1.0.9\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.1.0.9\coFFPlgn [2015-06-07] Chrome: ======= CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-31] CHR Extension: (Google Drive) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-27] CHR Extension: (YouTube) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-27] CHR Extension: (Google Search) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-27] CHR Extension: (Yahoo Extension) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2015-03-02] CHR Extension: (Norton Identity Safe) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-03-02] CHR Extension: (Norton Identity Protection) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-11-27] CHR Extension: (Google Wallet) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31] CHR Extension: (Gmail) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-27] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\Exts\Chrome.crx [2015-04-10] CHR HKLM\...\Chrome\Extension: [eihhgekonheiliaidomffpplfhecmkag] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed] R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-08-21] (Symantec Corporation) R2 NSBU; C:\Program Files\Norton Security with Backup\Engine\22.5.0.120\NSBU.exe [282016 2015-06-06] (Symantec Corporation) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) S2 N360; "C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\21.6.0.32\diMaster.dll" /prefetch:1 ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx86; C:\Program Files\Norton Security with Backup\NortonData\22.1.0.9\Definitions\BASHDefs\20150602.001\BHDrvx86.sys [1172696 2015-05-21] (Symantec Corporation) S1 ccSet_N360; C:\Windows\system32\drivers\N360\1506000.020\ccSetx86.sys [127064 2014-02-20] (Symantec Corporation) R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBU\1605000.078\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [380720 2015-05-27] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [113456 2015-05-27] (Symantec Corporation) S1 IDSVix86; C:\Program Files\Norton Security with Backup\NortonData\22.1.0.9\Definitions\IPSDefs\20150617.001\IDSvix86.sys [514776 2015-05-23] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 NAVENG; C:\Program Files\Norton Security with Backup\NortonData\22.1.0.9\Definitions\VirusDefs\20150617.034\NAVENG.SYS [95704 2015-03-25] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Norton Security with Backup\NortonData\22.1.0.9\Definitions\VirusDefs\20150617.034\NAVEX15.SYS [1636696 2015-03-25] (Symantec Corporation) S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21792 2011-04-13] (Microsoft Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NSBU\1602000.01F\SRTSP.SYS [702168 2015-03-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NSBU\1605000.078\SRTSPX.SYS [36056 2014-12-02] (Symantec Corporation) R4 SymDS; C:\Windows\System32\drivers\NSBU\1602000.01F\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation) R4 SymEFA; C:\Windows\System32\drivers\NSBU\1602000.01F\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation) S0 SymEFASI; C:\Windows\System32\drivers\NSBU\1605000.078\SYMEFASI.SYS [1278168 2015-06-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2015-06-12] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NSBU\1605000.078\Ironx86.SYS [226008 2015-06-04] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NSBU\1602000.01F\SYMNETS.SYS [420056 2014-09-09] (Symantec Corporation) S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 WUSB54GSCv2.NTx86; system32\DRIVERS\WUSB54GSCV2_X86.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-18 16:19 - 2015-06-18 16:19 - 00016824 _____ C:\Users\Joe\Downloads\FRST.txt 2015-06-18 16:18 - 2015-06-18 16:18 - 01148416 _____ (Farbar) C:\Users\Joe\Downloads\FRST.exe 2015-05-22 16:25 - 2015-05-22 16:25 - 00000215 _____ C:\Users\Joe\Desktop\DuckDuckGo.url 2015-05-20 09:16 - 2015-05-31 09:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-18 16:19 - 2015-04-13 16:01 - 00000000 ____D C:\FRST 2015-06-18 15:47 - 2015-04-11 08:58 - 00099835 _____ C:\Windows\WindowsUpdate.log 2015-06-18 15:47 - 2012-07-24 18:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-18 09:13 - 2014-06-19 09:25 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-17 19:07 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\LogFiles 2015-06-12 09:10 - 2013-02-21 18:19 - 00094424 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS 2015-06-12 09:10 - 2013-02-21 18:19 - 00008138 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT 2015-06-12 09:09 - 2015-01-27 17:05 - 00000000 ____D C:\Windows\system32\Drivers\NSBU 2015-06-09 09:25 - 2010-08-10 10:44 - 00000000 ____D C:\Users\Josh 2015-06-07 11:35 - 2009-07-14 00:34 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-07 11:35 - 2009-07-14 00:34 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-07 11:28 - 2012-06-07 15:38 - 00000406 _____ C:\Windows\Tasks\PC Optimizer Pro startups.job 2015-06-07 11:28 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-07 09:00 - 2014-06-19 09:24 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-05-31 09:34 - 2014-06-16 12:59 - 00000000 ____D C:\Users\Joe\AppData\Local\Adobe 2015-05-31 09:33 - 2012-04-03 08:53 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-05-31 09:33 - 2011-06-02 09:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-05-20 09:16 - 2014-06-19 09:24 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys ==================== Files in the root of some directories ======= 2011-09-08 20:00 - 2011-09-09 09:18 - 0000042 _____ () C:\Users\Joe\AppData\Roaming\default.pls 2012-01-17 09:55 - 2012-01-17 09:55 - 0020537 _____ () C:\Users\Joe\AppData\Roaming\UserTile.png 2012-02-18 16:26 - 2013-02-24 20:35 - 0000268 ___RH () C:\Users\Joe\AppData\Roaming\WebServer 2013-02-24 20:35 - 2013-02-24 20:35 - 0000268 ___RH () C:\Users\Joe\AppData\Roaming\Widgets 2012-02-26 20:50 - 2013-02-24 20:35 - 0000268 ___RH () C:\Users\Joe\AppData\Roaming\Woodwind 2012-10-20 18:42 - 2012-10-20 18:42 - 0003584 _____ () C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-05-24 14:00 - 2011-02-08 12:13 - 0000600 _____ () C:\Users\Joe\AppData\Local\PUTTY.RND 2010-08-15 17:28 - 2015-02-22 10:54 - 0007618 _____ () C:\Users\Joe\AppData\Local\resmon.resmoncfg 2013-02-24 20:35 - 2013-02-24 20:35 - 0000012 ___RH () C:\ProgramData\Abstract 2013-02-24 20:35 - 2013-02-24 20:35 - 0000012 ___RH () C:\ProgramData\Action 2013-02-24 20:35 - 2013-02-24 20:35 - 0000268 ___RH () C:\ProgramData\business-inkjet 2012-02-18 16:26 - 2013-02-24 20:35 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2012-02-18 16:26 - 2013-02-24 20:45 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2012-02-18 16:26 - 2013-02-24 20:35 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2012-02-26 20:45 - 2013-02-24 20:28 - 0000000 _____ () C:\ProgramData\Track Settings 2013-02-24 20:35 - 2013-02-24 20:35 - 0000268 ___RH () C:\ProgramData\Work - Home 2013-02-24 20:35 - 2013-02-24 20:35 - 0000268 ___RH () C:\ProgramData\Workflows ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-08 15:31 ==================== End of log ============================