Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

popups comming all the time [Solved]


  • This topic is locked This topic is locked

#1
RUSTY2

RUSTY2

    Member

  • Member
  • PipPipPip
  • 164 posts

Thank you in advance for your help

I have had help with this befor so I went ahead and ran malwarebytse but this time it did not seem to desplay a log for me to send you


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts

Hello Rusty2 and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem. :)

A few things before we get started.

  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened. You can PM me or a member of staff to do this.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    Step1 - MBAM Log
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy (CTRL + C) & Paste (CTRL + V) the entire contents of the report log in your next reply.

    Step2 - FRST Scan

    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click on the file and select run as administrator (if you don't have this option just double click the file to run it). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from (this should be your desktop).
  • Please copy (CTRL + C) and paste (CTRL + V) this log back here.
  • The first time the tool is run it generates another log Addition.txt - also located in the same directory as FRST.exe.
  • Please also paste that along with the FRST.txt into your reply.
    Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.


    Things for your next post:
  • Malwarebytes log
  • FRST.txt log
  • Addition.txt log

  • 0

#3
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Hi Bruce

  my Malwaebytes log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04/03/2015
Scan Time: 5:12:47 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.04.07
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: BR

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 556100
Time Elapsed: 35 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 101
PUP.Optional.MindSpark.A, C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\MyImageConverter_8j, Quarantined, [65442101bbcfbc7a1d7c2e403ec5d030],
PUP.Optional.BoxRock.A, C:\Program Files (x86)\Box Rock, Quarantined, [a900988a4842e1558e438b03eb18cb35],
PUP.Optional.LuckyTab.A, C:\Program Files (x86)\LuckyTab, Quarantined, [bcedfa28305a86b00714bfd4689b47b9],
PUP.Optional.LuckyTab.A, C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab, Quarantined, [4762b96991f92c0a36d484104bb8ad53],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\GPUCache, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Cache, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\databases, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extension Rules, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extension State, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\dilnpplfaapaocilphkfmkjloddlkhpd, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\dilnpplfaapaocilphkfmkjloddlkhpd\0.0.3_0, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\dilnpplfaapaocilphkfmkjloddlkhpd\0.0.3_0\js, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\dilnpplfaapaocilphkfmkjloddlkhpd\0.0.3_0\js\external, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\dnelakbncfopielkcjcknfghbplkichk, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\dnelakbncfopielkcjcknfghbplkichk\0.0.1_0, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\dnelakbncfopielkcjcknfghbplkichk\0.0.1_0\js, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\dnelakbncfopielkcjcknfghbplkichk\0.0.1_0\js\external, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook\images, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook\images\carousel, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook\images\carousel\screenshots, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\data, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\images, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\images\blackfriday, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\weather, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\weather\images, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\css, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\about, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\apps, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\clean, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\discovery, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\favorites, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\ftue, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\icons, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\icons\pageAction, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\image-upload, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\loaders, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\notifications, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\phone, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\review-gifs, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\review-gifs\cat, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\search, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\bubbles, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\buttons, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\city, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\clean, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\disco, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\fishing, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\forest, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\mountains, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\planets, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\sea, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\space, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\strips, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\sunset, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\user, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\js, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\lib, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\locales, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\ar, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\de, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\en, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\es, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\fr, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\he, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\it, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\ja, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\nl, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\pl, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\pt_BR, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\ru, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\tr, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\momemhkbinelldlcgiinalblpbmlbpop, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\momemhkbinelldlcgiinalblpbmlbpop\0.0.3_0, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\momemhkbinelldlcgiinalblpbmlbpop\0.0.3_0\js, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\momemhkbinelldlcgiinalblpbmlbpop\0.0.3_0\js\external, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ojjlapahjhmecodonapdmllhjcpljaol, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ojjlapahjhmecodonapdmllhjcpljaol\0.0.3_0, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ojjlapahjhmecodonapdmllhjcpljaol\0.0.3_0\js, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\ojjlapahjhmecodonapdmllhjcpljaol\0.0.3_0\js\external, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Extensions\Temp, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\IndexedDB, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\IndexedDB\chrome-extension_ecmgfadhlfnnjeldifpnbohpkbbgonfd_0.indexeddb.leveldb, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\JumpListIcons, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\JumpListIconsOld, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Local Storage, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\Session Storage, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\Default\User StyleSheets, Quarantined, [64455fc38efcdb5b8e82910808fb867a],
PUP.Optional.Taplika.A, C:\Users\BR\AppData\Local\Taplika\User Data\pnacl, Quarantined, [64455fc38efcdb5b8e82910808fb867a],

Files: 3
PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\Msft_Kernel_webTinstMK_01009.Wdf, Delete-on-Reboot, [c604b5cfc9deaaa32691fc2798b86936],
PUP.Optional.Bershnet, C:\Users\BR\AppData\Local\Temp\9qmYtR2n.exe.part, Quarantined, [0d9c4fd36b1f7fb713a777c732d35fa1],
PUP.Optional.LuckyTab.A, C:\Program Files (x86)\LuckyTab\LuckyTab.exe, Quarantined, [bcedfa28305a86b00714bfd4689b47b9],

Physical Sectors: 0
(No malicious items detected)


(end)

 

my FRSTTXT log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by BR (administrator) on BRIAN-PC on 05-03-2015 15:55:37
Running from C:\Users\BR\Desktop
Loaded Profiles: BR (Available profiles: BRIAN & bcom & BR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\jnsfE0CE.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Alibaba (China) Co., Ltd.) C:\Program Files (x86)\TradeManager\AliIM.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Super PC Tools Ltd) C:\ProgramData\{e464dc0c-3cba-5e51-e464-4dc0c3cb7030}\superpc_soft_partner.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\nsvACBE.tmpfs
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [XeroxEndeavorBackgroundTask] => rundll32.exe xrWCbgnd.dll,LaunchBgTask 1
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-06-18] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087776 2014-08-26] (Wondershare)
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [aliim] => C:\Program Files (x86)\TradeManager\AliIM.exe [293880 2014-12-29] (Alibaba (China) Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\superpc_soft_partner.lnk
ShortcutTarget: superpc_soft_partner.lnk -> C:\ProgramData\{e464dc0c-3cba-5e51-e464-4dc0c3cb7030}\superpc_soft_partner.exe (Super PC Tools Ltd)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53904;https=127.0.0.1:53904
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....google.com&OSP=
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....google.com&OSP=
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://us.search.ya...param2=f%3D1&b={browser}%26cc%3Dca%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0DyBtBzz0E0CyCtD0EtN0D0Tzu0StCtCyDyBtN1L2XzutAtFyBtFyCtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0AyEtDyCtCyE0BtGtByB0AtBtGtBtCyCtDtGyB0E0CzztGyBtByByCyCtDtCtC0ByE0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtAtAzztA0DzzyBtG0F0DyByCtGyEyCzyzztGzy0DyE0AtG0EtAyC0D0Azz0A0A0A0E0FyE2Q%26cr%3D1544553982%26a%3Dwny_wnzp_15_10%26os%3DWindows 7 Home Premium
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = https://us.search.ya...5_10&os=Windows 7 Home Premium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = https://us.search.ya...5_10&os=Windows 7 Home Premium&p={searchTerms}
SearchScopes: HKLM -> {07C7C110-7846-4522-8DA7-7316F05F3171} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = https://us.search.ya...5_10&os=Windows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = https://us.search.ya...5_10&os=Windows 7 Home Premium&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 64.59.144.16 64.59.150.132

FireFox:
========
FF ProfilePath: C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default
FF DefaultSearchEngine: Trovi
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF DefaultSearchUrl:
FF SearchEngineOrder.1:
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: https://www.google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files (x86)\TradeManager\nptrademanager.dll ( )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\TradeManager\npwangwang.dll ( )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" No File
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" No File
FF user.js: detected! => C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll ( )
FF SearchPlugin: C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\searchplugins\Search Provided by Yahoo.xml
FF Extension: iCloud Bookmarks - C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\Extensions\[email protected] [2014-11-20]
FF Extension: Zoom It - C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\Extensions\{5358ec89-31c9-b9fa-2e6d-39b89ef98307} [2015-03-04]
FF Extension: HP Detect - C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-09-29]
FF Extension: عارض PDF - C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\Extensions\[email protected] [2013-08-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 BackupService; C:\Users\BRIAN\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R2 cehufofi; C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\jnsfE0CE.tmp [103424 2015-03-02] () [File not signed]
S4 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S4 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-06-07] (SolidWorks) [File not signed]
S4 SQLANYs_SmpParts; C:\Program Files (x86)\SQL Anywhere 10\win32\dbsrv10.exe [136568 2010-12-08] (iAnywhere Solutions, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 Blackberry Device Manager; "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 xeqomesu; C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\nsvACBE.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 15:55 - 2015-03-05 15:56 - 00038806 _____ () C:\Users\BR\Desktop\FRST.txt
2015-03-05 15:54 - 2015-03-05 15:55 - 00000000 ____D () C:\FRST
2015-03-05 15:53 - 2015-03-05 15:53 - 02092544 _____ (Farbar) C:\Users\BR\Desktop\FRST64.exe
2015-03-05 10:39 - 2015-03-05 10:40 - 00000000 ____D () C:\Users\BR\AppData\Local\{E56DA771-428E-461E-9243-5385C7F3CEC7}
2015-03-05 09:08 - 2015-03-05 09:08 - 00000000 ____D () C:\Users\BR\AppData\Local\{CC0B2B13-D4CC-4E79-BFFE-C9A979DAEC73}
2015-03-05 09:00 - 2015-03-05 09:00 - 02981504 _____ () C:\Users\BR\Desktop\Setup_FileViewPro_[2015].exe
2015-03-05 08:51 - 2015-03-05 08:51 - 00023655 _____ () C:\Users\BR\Desktop\pujpeg.pes
2015-03-05 08:48 - 2015-03-05 08:51 - 00006611 _____ () C:\Users\BR\Desktop\pujpeg.saf
2015-03-05 08:13 - 2015-03-05 08:13 - 00000000 ____D () C:\Users\BR\AppData\Local\NJCrawford Software
2015-03-05 03:19 - 2015-03-05 03:19 - 00472504 _____ () C:\Users\BR\Documents\pinup.cdr
2015-03-05 02:18 - 2015-03-05 02:18 - 00000000 ____D () C:\Users\BR\Documents\My Palettes
2015-03-05 02:17 - 2015-03-05 02:25 - 00000000 ____D () C:\Users\BR\Documents\Corel
2015-03-05 02:16 - 2015-03-05 02:17 - 00000000 ____D () C:\ProgramData\Protexis64
2015-03-05 02:16 - 2015-03-05 02:16 - 00000000 ____D () C:\Users\BR\AppData\Roaming\Corel
2015-03-05 02:10 - 2015-03-05 02:07 - 00002525 _____ () C:\Users\Public\Desktop\Bitstream Font Navigator (64-Bit).lnk
2015-03-05 02:10 - 2015-03-05 02:04 - 00003063 _____ () C:\Users\Public\Desktop\Corel PHOTO-PAINT X7 (64-Bit).lnk
2015-03-05 02:10 - 2015-03-05 02:04 - 00003060 _____ () C:\Users\Public\Desktop\Corel CAPTURE X7 (64-Bit).lnk
2015-03-05 02:10 - 2015-03-05 02:04 - 00002345 _____ () C:\Users\Public\Desktop\Corel CONNECT X7 (64-Bit).lnk
2015-03-05 02:10 - 2015-03-05 02:03 - 00003015 _____ () C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2015-03-05 02:07 - 2015-03-05 02:07 - 00000000 ____D () C:\Program Files\Common Files\Corel
2015-03-05 02:06 - 2015-03-05 02:06 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2015-03-05 02:05 - 2015-03-05 02:05 - 00000000 ____D () C:\Users\Public\Documents\Corel
2015-03-05 02:03 - 2015-03-05 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2015-03-05 02:02 - 2015-03-05 02:17 - 00000000 ____D () C:\ProgramData\Corel
2015-03-05 02:02 - 2015-03-05 02:02 - 00000000 ____D () C:\Program Files\Corel
2015-03-05 02:00 - 2015-03-05 02:14 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2015-03-05 01:57 - 2015-03-05 02:00 - 549068072 _____ (Acresso Software Inc. ) C:\Users\BR\Desktop\CorelDRAWGraphicsSuiteX7Installer_EN64Bit.exe
2015-03-05 01:25 - 2015-03-05 01:25 - 09612504 _____ (teorex ) C:\Users\BR\Desktop\PhotoScissorsSetup.exe
2015-03-05 01:04 - 2015-03-05 01:05 - 30813632 _____ (clipping-path-studio.com ) C:\Users\BR\Desktop\InstantMaskUltimateSetup10.exe
2015-03-05 00:29 - 2015-03-05 00:29 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\BR\Desktop\revosetup.exe
2015-03-04 23:33 - 2015-03-04 23:38 - 00000000 ____D () C:\Users\BR\Documents\embroidery
2015-03-04 20:59 - 2015-03-04 20:59 - 00000000 ____D () C:\Users\BR\AppData\Local\{BBEFF767-3194-44D6-B704-797115DE9168}
2015-03-04 16:58 - 2015-03-04 16:58 - 00002285 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-03-04 16:58 - 2015-03-04 16:58 - 00002279 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-03-04 16:58 - 2015-03-04 16:58 - 00000000 ____D () C:\Users\BR\AppData\Local\WinZip
2015-03-04 16:58 - 2015-03-04 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-03-04 16:58 - 2015-03-04 16:58 - 00000000 ____D () C:\Program Files\WinZip
2015-03-04 16:56 - 2015-03-04 16:57 - 01083168 _____ (App Internet ) C:\Users\BR\Desktop\winzip19-cnet.exe
2015-03-04 07:47 - 2015-03-04 07:47 - 00000000 ____D () C:\Users\BR\AppData\Local\{18AE4FB9-1FCC-4EC5-8A78-14FD665CD6AE}
2015-03-03 17:12 - 2015-03-05 00:37 - 00039596 _____ () C:\Windows\PFRO.log
2015-03-03 08:37 - 2015-03-03 08:37 - 00000000 ____D () C:\Users\BR\AppData\Local\{335503CA-8CFF-44CC-8710-E4F98B2FE62B}
2015-03-03 08:23 - 2015-03-03 08:23 - 00000000 ____D () C:\Users\BR\AppData\Local\{115800B3-B019-4B59-B593-826E739C6EF4}
2015-03-03 06:54 - 2015-03-03 08:20 - 00000000 ____D () C:\Program Files (x86)\Vector Magic
2015-03-02 19:43 - 2015-03-02 19:44 - 00000000 ____D () C:\Users\BR\AppData\Local\{46467EF0-9415-4995-BC4A-5520C9F49863}
2015-03-02 15:38 - 2015-03-05 00:38 - 00000336 _____ () C:\Windows\setupact.log
2015-03-02 15:38 - 2015-03-02 15:38 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-02 13:41 - 2015-03-02 13:41 - 00000000 ____D () C:\ProgramData\c2d5e0200004554
2015-03-02 13:30 - 2015-03-02 13:30 - 10801480 _____ (VS Revo Group ) C:\Users\BR\Desktop\RevoUninProSetup.exe
2015-03-02 13:30 - 2015-03-02 13:30 - 00000000 ____D () C:\Users\BR\AppData\Local\VS Revo Group
2015-03-02 13:30 - 2015-03-02 13:30 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-03-02 13:14 - 2015-03-02 13:14 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2015-03-02 13:08 - 2015-03-02 13:08 - 00003236 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule
2015-03-02 13:07 - 2015-03-02 13:07 - 00000000 ____D () C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F
2015-03-02 13:06 - 2015-03-02 13:06 - 00000000 ___HD () C:\Users\Public\Temp
2015-03-02 13:03 - 2015-03-02 13:20 - 00000000 ____D () C:\Program Files (x86)\Regprocleaner
2015-03-02 13:03 - 2015-03-02 13:03 - 00003072 _____ () C:\Windows\System32\Tasks\RPC
2015-03-02 13:03 - 2015-03-02 13:03 - 00000981 _____ () C:\Users\BRIAN\Desktop\PepperZip.lnk
2015-03-02 13:03 - 2015-03-02 13:03 - 00000981 _____ () C:\Users\bcom\Desktop\PepperZip.lnk
2015-03-02 13:03 - 2015-03-02 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-03-02 13:03 - 2015-03-02 13:03 - 00000000 ____D () C:\Program Files (x86)\predm
2015-03-02 13:03 - 2015-02-02 07:42 - 04686848 ____N () C:\Windows\rcore.exe
2015-03-02 13:01 - 2015-03-02 13:47 - 00000000 ____D () C:\ProgramData\{e464dc0c-3cba-5e51-e464-4dc0c3cb7030}
2015-03-02 12:51 - 2015-03-02 12:51 - 00000000 ____D () C:\Users\BR\AppData\Roaming\SimpleFiles
2015-03-02 07:43 - 2015-03-02 07:43 - 00000000 ____D () C:\Users\BR\AppData\Local\{BAC3D290-574A-4A85-A939-84EF709A115B}
2015-03-01 19:42 - 2015-03-01 19:42 - 00000000 ____D () C:\Users\BR\AppData\Local\{FCE8531B-3B8F-4CD9-850A-F741A80D5A28}
2015-03-01 14:38 - 2015-03-01 14:38 - 00430793 _____ () C:\Users\BR\Desktop\lucky 13-1.pes
2015-03-01 14:38 - 2015-03-01 14:38 - 00006494 _____ () C:\Users\BR\Desktop\lucky 13-1.saf
2015-03-01 07:41 - 2015-03-01 07:41 - 00000000 ____D () C:\Users\BR\AppData\Local\{56112B5F-6CB4-4C67-83DC-0334DC335E7E}
2015-02-28 08:17 - 2015-02-28 08:17 - 00000000 ____D () C:\Users\BR\AppData\Local\{76A64A46-5945-4EF8-8E84-B13B9CBF3366}
2015-02-27 10:13 - 2015-02-27 10:13 - 00000000 ____D () C:\Users\BR\AppData\Local\{C7D0241A-968D-4B07-BEB2-C0BAABE2B63A}
2015-02-27 08:30 - 2015-02-27 08:30 - 00000000 ____D () C:\Users\BR\AppData\Local\{6935FFD4-C5D3-48E2-8B02-29DEFA9E1F57}
2015-02-26 16:51 - 2015-02-26 16:51 - 00000000 ____D () C:\Users\BR\AppData\Local\{D33E422C-4421-4ACE-A860-E90C0875067A}
2015-02-26 12:14 - 2015-02-26 12:14 - 00000000 ____D () C:\Users\BR\AppData\Local\{53F95B59-FF6A-4876-9C4E-48C24CD9107A}
2015-02-26 10:11 - 2015-02-26 10:11 - 00000000 ____D () C:\Users\BR\AppData\Local\{316661A0-1ECA-4F19-9D88-7D9DD1155908}
2015-02-25 09:12 - 2015-02-25 09:13 - 00000000 ____D () C:\Users\BR\AppData\Local\{5E7F6273-0A5F-46C8-AA30-2BEAB699FF66}
2015-02-25 03:00 - 2015-01-08 15:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 03:00 - 2015-01-08 15:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 17:10 - 2015-02-24 17:10 - 00000000 ____D () C:\Users\BR\AppData\Local\{F0ED3098-250A-4C54-A988-AD33DA9B95BF}
2015-02-23 19:16 - 2015-02-23 19:18 - 00000000 ____D () C:\Users\BR\AppData\Local\{4B763B6D-E984-4974-A7BB-80A55BCA5D1C}
2015-02-23 18:25 - 2015-02-23 18:25 - 00000000 ____D () C:\Users\BR\AppData\Local\{3A969113-90B9-4080-AF78-C5DD972C8CC7}
2015-02-23 09:42 - 2015-02-23 09:42 - 00002950 _____ () C:\Windows\System32\Tasks\{3B22DB93-5D1E-4887-A309-936490D348AA}
2015-02-23 09:41 - 2015-02-23 09:41 - 00002950 _____ () C:\Windows\System32\Tasks\{EE7250D0-13DD-4831-92FA-5FF718F977CD}
2015-02-23 09:31 - 2015-02-23 09:31 - 00000978 _____ () C:\Users\Public\Desktop\TradeManager.lnk
2015-02-23 02:57 - 2015-02-23 02:57 - 00000000 ____D () C:\Users\BR\AppData\Local\{58F73485-6F3E-4761-83A9-8A63DBB6B367}
2015-02-23 01:36 - 2015-02-23 01:36 - 00002025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SewArt64.lnk
2015-02-23 01:36 - 2015-02-23 01:36 - 00002013 _____ () C:\Users\Public\Desktop\SewArt64.lnk
2015-02-23 01:36 - 2015-02-23 01:36 - 00000000 ____D () C:\Program Files\S & S Computing
2015-02-23 01:34 - 2015-02-23 01:34 - 06599168 _____ () C:\Users\BR\Desktop\SewArt64.msi
2015-02-23 01:32 - 2015-02-23 01:32 - 00215528 _____ () C:\Users\BR\Desktop\SewArt64-25601984.exe
2015-02-23 01:28 - 2015-02-23 01:28 - 00018178 _____ () C:\Users\BR\Desktop\PAS_Creator.zip
2015-02-22 10:06 - 2015-02-22 10:06 - 00000000 ____D () C:\Users\BR\AppData\Local\{38644A6A-6CB5-411C-A6A8-EFD045F10F15}
2015-02-21 22:06 - 2015-02-21 22:06 - 00000000 ____D () C:\Users\BR\AppData\Local\{2A4754E7-36F9-4D06-BC1E-0ECF05B38A6E}
2015-02-21 13:09 - 2015-02-21 13:09 - 00000000 ____D () C:\Users\BR\AppData\Roaming\SandSComputing
2015-02-21 09:14 - 2015-02-21 09:14 - 00000000 ____D () C:\Users\BR\AppData\Local\{3C143E36-4642-49F8-8BD9-0F758C01D39F}
2015-02-20 10:53 - 2015-02-20 10:53 - 00000000 ____D () C:\Users\BR\AppData\Local\{5764FC4C-EAF2-4190-BECF-C847F493BBBC}
2015-02-19 23:33 - 2015-03-05 00:40 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-02-19 23:29 - 2015-02-19 23:29 - 00000000 ____D () C:\Users\bcom\AppData\Local\HP
2015-02-19 23:27 - 2015-02-19 23:27 - 00000000 __SHD () C:\Users\bcom\AppData\Local\EmieUserList
2015-02-19 23:27 - 2015-02-19 23:27 - 00000000 __SHD () C:\Users\bcom\AppData\Local\EmieSiteList
2015-02-19 23:27 - 2015-02-19 23:27 - 00000000 __SHD () C:\Users\bcom\AppData\Local\EmieBrowserModeList
2015-02-19 23:21 - 2015-02-19 23:21 - 00000000 ____D () C:\Users\bcom\AppData\Local\Wondershare
2015-02-19 23:20 - 2015-02-19 23:23 - 00000000 ____D () C:\Users\bcom\AppData\Roaming\Adobe
2015-02-19 23:20 - 2015-02-19 23:23 - 00000000 ____D () C:\Users\bcom\AppData\Local\Adobe
2015-02-19 23:20 - 2015-02-19 23:20 - 00000000 ____D () C:\Users\bcom\AppData\Local\VirtualStore
2015-02-19 21:51 - 2015-02-19 21:52 - 00000000 ____D () C:\Users\BR\AppData\Local\{9CD76417-A7B8-471A-9BC9-EF8A0DE76B3B}
2015-02-19 16:37 - 2015-01-08 19:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-19 16:37 - 2015-01-08 19:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-19 16:37 - 2015-01-08 19:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-19 16:37 - 2015-01-08 18:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-19 09:51 - 2015-02-19 09:51 - 00000000 ____D () C:\Users\BR\AppData\Local\{D5D95B65-A704-45A2-9F87-8F07A17100BE}
2015-02-18 09:02 - 2015-02-18 09:02 - 00000000 ____D () C:\Users\BR\AppData\Local\{F0AC7C7E-883D-4AD2-9258-C87F482EF05E}
2015-02-17 09:02 - 2015-02-17 09:02 - 00000000 ____D () C:\Users\BR\AppData\Local\{AED162F5-EC74-4BDB-982D-BDEBEE9EC83B}
2015-02-16 20:49 - 2015-02-16 20:49 - 00000000 ____D () C:\Users\BR\AppData\Roaming\IsolatedStorage
2015-02-16 20:49 - 2015-02-16 20:49 - 00000000 ____D () C:\Users\BR\AppData\Local\FileViewPro
2015-02-16 20:49 - 2015-02-16 20:49 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-02-16 20:47 - 2015-02-16 20:51 - 00000000 ____D () C:\Users\BR\AppData\Roaming\Solvusoft
2015-02-16 20:47 - 2015-02-16 20:47 - 00000000 ____D () C:\Spacekace
2015-02-16 20:47 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
2015-02-16 19:59 - 2015-02-16 20:02 - 00000000 ____D () C:\Program Files (x86)\ExtractNow
2015-02-16 19:59 - 2015-02-16 20:01 - 00000000 ____D () C:\Users\BR\AppData\Local\ExtractNow
2015-02-16 19:58 - 2015-03-02 14:31 - 00000000 ____D () C:\Users\BR\AppData\Roaming\BrowserExtensions
2015-02-16 08:35 - 2015-02-16 08:35 - 00000000 ____D () C:\Users\BR\AppData\Local\{F7AA9CD0-62C1-46F7-B1CA-B09AFA82B85C}
2015-02-16 00:41 - 2015-02-16 00:41 - 00000000 ____D () C:\Users\BR\AppData\Local\{FF236163-21B3-4B0F-A9BE-F0C709270D94}
2015-02-15 10:06 - 2015-02-15 10:06 - 00000000 ____D () C:\Users\BR\AppData\Local\{3147D79C-8200-43F7-8816-7B49E7843559}
2015-02-15 09:18 - 2015-02-15 09:18 - 00000000 ____D () C:\Users\BR\AppData\Local\{78B2D250-2FEF-4457-8052-1D2EB9706245}
2015-02-15 08:01 - 2015-02-15 08:01 - 00000000 ____D () C:\Users\BR\AppData\Local\{DC376EDA-D3E9-4CCF-A67E-AC10884DA696}
2015-02-14 22:24 - 2015-02-14 22:24 - 00000000 ____D () C:\Users\BR\AppData\Local\{F9372260-6BFB-431D-A922-40111B42003E}
2015-02-14 08:14 - 2015-02-14 08:14 - 00000000 ____D () C:\Users\BR\AppData\Local\{7BCC26AE-1151-4AA5-A0B8-C5C5DC9275E9}
2015-02-13 08:44 - 2015-02-13 08:44 - 00000000 ____D () C:\Users\BR\AppData\Local\{10B7C839-9960-453D-A4C7-ADCCE900E574}
2015-02-12 08:30 - 2015-02-12 08:30 - 00000000 ____D () C:\Users\BR\AppData\Local\{1169EBED-64FA-4914-8B29-495BF4F271A3}
2015-02-11 11:41 - 2015-02-11 11:41 - 00000000 ____D () C:\Users\BR\AppData\Local\{E7A81870-80EE-438A-8F43-9100636F7E9A}
2015-02-11 04:28 - 2015-02-11 04:28 - 00000000 ____D () C:\Users\BR\AppData\Local\{64AAD29C-22D9-4C00-B637-01D2315AF1F7}
2015-02-11 03:42 - 2015-01-22 20:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 03:42 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 03:42 - 2015-01-22 19:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 03:42 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 01:05 - 2015-01-13 21:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 01:05 - 2015-01-11 19:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 01:05 - 2015-01-11 18:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 01:05 - 2015-01-11 18:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 01:05 - 2015-01-11 18:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 01:05 - 2015-01-11 18:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 01:05 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 01:05 - 2015-01-11 17:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 01:05 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 01:05 - 2015-01-11 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 01:05 - 2015-01-11 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 01:05 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 01:05 - 2015-01-09 22:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 01:05 - 2015-01-09 22:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 01:05 - 2015-01-09 22:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 01:05 - 2015-01-09 22:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 01:05 - 2015-01-09 22:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 01:05 - 2015-01-09 22:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 01:05 - 2015-01-09 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 01:05 - 2015-01-09 22:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 01:05 - 2015-01-09 22:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 01:05 - 2015-01-09 22:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 01:05 - 2015-01-09 22:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 01:05 - 2015-01-09 22:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 01:05 - 2015-01-09 22:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 01:05 - 2015-01-09 22:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 01:04 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 01:04 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 01:04 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 01:04 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 01:04 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 01:04 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 01:04 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 01:04 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 01:04 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 01:04 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 01:04 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 01:04 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 01:04 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 01:04 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 01:04 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 01:04 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 01:04 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 01:04 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 01:04 - 2015-01-13 21:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 01:04 - 2015-01-12 19:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 01:04 - 2015-01-12 18:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 01:04 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 01:04 - 2015-01-11 19:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 01:04 - 2015-01-11 18:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 01:04 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 01:04 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 01:04 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 01:04 - 2015-01-11 18:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 01:04 - 2015-01-11 18:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 01:04 - 2015-01-11 18:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 01:04 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 01:04 - 2015-01-11 18:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 01:04 - 2015-01-11 18:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 01:04 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 01:04 - 2015-01-11 18:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 01:04 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 01:04 - 2015-01-11 18:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 01:04 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 01:04 - 2015-01-11 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 01:04 - 2015-01-11 18:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 01:04 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 01:04 - 2015-01-11 18:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 01:04 - 2015-01-11 17:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 01:04 - 2015-01-11 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 01:04 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 01:04 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 01:04 - 2015-01-11 17:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 01:04 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 01:04 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 01:04 - 2015-01-11 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 01:04 - 2015-01-11 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 01:04 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 01:04 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 01:04 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 01:04 - 2015-01-11 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 01:04 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 01:04 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 01:04 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 01:04 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 01:04 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 01:04 - 2014-12-11 21:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 01:04 - 2014-12-11 21:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 01:04 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 01:04 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 01:04 - 2014-11-25 19:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 01:04 - 2014-11-25 19:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 01:03 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 01:03 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 01:03 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 01:03 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 01:03 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 01:03 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 01:03 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 01:03 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 22:12 - 2015-02-10 22:12 - 00000000 ____D () C:\Users\BR\AppData\Local\{92B9E4D4-8F95-42D5-B2E2-9A013AB4EE59}
2015-02-10 10:03 - 2015-02-10 10:03 - 00000000 ____D () C:\Users\BR\AppData\Local\{A28C6689-7772-4F4E-ACD9-62412926CB42}
2015-02-09 14:42 - 2015-02-09 14:42 - 00000000 ____D () C:\Users\BR\AppData\Local\{E111BEF7-C554-4E9B-A16B-9537C68EB119}
2015-02-09 02:41 - 2015-02-09 02:41 - 00000000 ____D () C:\Users\BR\AppData\Local\{BFEDE210-B4E5-4103-BF56-FEB3986F37E2}
2015-02-09 02:14 - 2015-02-09 02:14 - 00000000 ____D () C:\Users\BR\AppData\Local\{349DEFEA-A7EA-46E5-A0F4-1DAA528812B4}
2015-02-08 23:44 - 2015-02-08 23:44 - 00000000 ____D () C:\Users\BR\AppData\Local\{9C56D43B-15DC-4E6B-BF6C-DBECEAE0E458}
2015-02-08 10:20 - 2015-02-08 10:21 - 00000000 ____D () C:\Users\BR\AppData\Local\{D3B70658-7302-4BA8-B54E-5B2785E275A5}
2015-02-07 10:20 - 2015-02-07 10:20 - 00000000 ____D () C:\Users\BR\AppData\Local\{0D1F1F76-E852-4085-8BC6-96C4CC5329BE}
2015-02-07 08:35 - 2015-02-07 08:35 - 00000000 ____D () C:\Users\BR\AppData\Local\{F06CF5F3-ECD6-4DD0-8299-78F0AF90DD45}
2015-02-06 10:40 - 2015-02-06 10:40 - 01055936 _____ (Adobe) C:\Users\BR\Desktop\install_flashplayer16x32_mssd_aaa_aih.exe
2015-02-06 09:51 - 2015-02-06 09:51 - 00000000 ____D () C:\Users\BR\AppData\Local\{26BF73D4-1763-49F2-B3BB-A259E751C13F}
2015-02-05 13:06 - 2015-02-05 13:06 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-05 13:06 - 2015-02-05 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-05 13:06 - 2015-02-05 13:06 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-05 13:06 - 2015-02-05 13:06 - 00000000 ____D () C:\Program Files\iTunes
2015-02-05 13:06 - 2015-02-05 13:06 - 00000000 ____D () C:\Program Files\iPod
2015-02-05 13:06 - 2015-02-05 13:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-05 08:16 - 2015-02-05 08:16 - 00000000 ____D () C:\Users\BR\AppData\Local\{D1744F10-68BB-4F03-9A64-5516B3413E01}
2015-02-04 13:26 - 2015-02-04 13:26 - 00000000 ____D () C:\Users\BR\AppData\Local\{4BAB5A7F-304F-467E-932F-B28B354467EA}
2015-02-04 11:09 - 2015-02-04 11:09 - 00000000 ____D () C:\Users\BR\AppData\Local\{D0C865D8-C734-47F1-9F87-736FDAB1888F}
2015-02-04 07:50 - 2015-02-04 07:50 - 00000000 ____D () C:\Users\BR\AppData\Local\{5732FD4A-4915-4283-B864-FDB3DFEFEC55}
2015-02-03 18:56 - 2015-02-03 18:56 - 00000000 ____D () C:\Users\BR\AppData\Local\{A3DF8B11-E9D5-47F0-9AEF-BB0D2BE55321}
2015-02-03 06:36 - 2015-03-03 08:32 - 00009715 _____ () C:\Users\BR\Documents\MX INV.2.xlsx
2015-02-03 06:18 - 2015-03-03 08:34 - 00009657 _____ () C:\Users\BR\Documents\mx inv.1.xlsx
2015-02-03 04:29 - 2015-02-03 04:29 - 00000000 ____D () C:\Users\BR\AppData\Local\{83DFCC95-DBE0-4C60-AEAF-5BC00B5D569B}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 15:56 - 2012-04-18 07:43 - 00000000 ____D () C:\Users\BR\AppData\Roaming\Skype
2015-03-05 15:39 - 2012-04-13 07:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-05 15:37 - 2014-05-02 18:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-05 10:26 - 2012-03-13 05:12 - 01597010 _____ () C:\Windows\WindowsUpdate.log
2015-03-05 02:17 - 2012-04-01 10:22 - 00185288 _____ () C:\Users\BR\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-05 02:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-05 02:08 - 2014-09-04 15:00 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 02:00 - 2012-04-01 19:31 - 00000000 ____D () C:\Users\BR\AppData\Local\Adobe
2015-03-05 01:50 - 2013-08-21 07:20 - 00000691 _____ () C:\Users\BR\Desktop\Revo Uninstaller.lnk
2015-03-05 00:53 - 2014-05-13 18:36 - 00000000 ____D () C:\Program Files (x86)\TradeManager
2015-03-05 00:52 - 2014-09-07 16:27 - 00000000 ____D () C:\Users\BR\.gimp-2.8
2015-03-05 00:50 - 2014-09-07 16:32 - 00000000 ____D () C:\Users\BR\AppData\Local\gtk-2.0
2015-03-05 00:48 - 2009-07-13 20:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-05 00:48 - 2009-07-13 20:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-05 00:45 - 2013-08-21 07:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-05 00:40 - 2014-11-20 08:35 - 00000000 ___RD () C:\Users\BR\iCloudDrive
2015-03-05 00:40 - 2014-02-11 22:13 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-05 00:38 - 2014-05-02 18:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-05 00:38 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 23:35 - 2012-03-13 04:33 - 00000000 ____D () C:\Users\BR\Documents\dvd
2015-03-04 18:05 - 2014-11-02 22:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-04 17:50 - 2009-12-17 11:55 - 00000000 ____D () C:\Windows\Panther
2015-03-04 16:58 - 2014-11-11 09:56 - 00000000 ____D () C:\ProgramData\WinZip
2015-03-03 17:12 - 2013-10-15 06:48 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-03 05:17 - 2012-03-13 04:24 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 13:26 - 2012-05-05 16:39 - 00000000 ____D () C:\Users\BR\AppData\Local\Google
2015-02-27 19:11 - 2013-08-07 07:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-27 19:11 - 2012-04-26 05:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-23 10:19 - 2009-07-13 21:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 09:31 - 2012-04-18 07:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeManager
2015-02-23 01:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-19 23:20 - 2012-04-01 09:08 - 00163456 _____ () C:\Users\bcom\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-19 23:20 - 2012-04-01 09:08 - 00001415 _____ () C:\Users\bcom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-19 16:49 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
2015-02-19 16:42 - 2012-03-13 05:43 - 00770488 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-19 16:23 - 2009-12-17 12:12 - 00000000 ____D () C:\Program Files (x86)\hp
2015-02-16 14:31 - 2014-07-22 14:10 - 00000000 ____D () C:\Windows\Minidump
2015-02-16 14:26 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-12 06:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 03:32 - 2009-07-13 20:45 - 00626800 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 03:12 - 2012-03-13 15:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 03:10 - 2012-04-26 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 03:10 - 2012-03-13 05:44 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-11 03:10 - 2012-03-13 05:43 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 03:10 - 2012-03-13 05:43 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 03:09 - 2013-08-16 11:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:03 - 2012-03-14 08:27 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 23:47 - 2012-04-18 07:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-10 23:47 - 2012-04-18 07:42 - 00000000 ____D () C:\ProgramData\Skype
2015-02-06 10:42 - 2012-04-13 07:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 10:42 - 2012-04-13 07:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 10:42 - 2012-03-16 00:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 13:06 - 2014-11-15 16:08 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2014-09-09 15:27 - 2014-09-09 15:30 - 0000000 _____ () C:\Users\BR\AppData\Roaming\bibstats
2014-10-27 08:16 - 2014-11-13 19:01 - 0000308 _____ () C:\Users\BR\AppData\Roaming\Rim.Desktop.Exception.log
2014-10-27 08:09 - 2014-11-28 09:44 - 0004042 _____ () C:\Users\BR\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-10-27 08:16 - 2014-11-13 19:01 - 0000308 _____ () C:\Users\BR\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-11-11 10:57 - 2014-11-11 10:57 - 0000044 _____ () C:\Users\BR\AppData\Roaming\WB.CFG
2014-10-27 09:02 - 2014-10-27 09:02 - 0009728 _____ () C:\Users\BR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-09 10:57 - 2014-09-09 10:57 - 0005021 _____ () C:\Users\BR\AppData\Local\recently-used.xbel
2012-06-07 20:09 - 2012-06-07 20:09 - 0000000 _____ () C:\Users\BR\AppData\Local\Temptable.xml
2012-09-23 13:15 - 2012-09-23 13:15 - 0137289 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.0
2012-09-23 13:15 - 2012-09-23 13:15 - 0132486 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.1
2012-09-23 13:15 - 2012-09-23 13:15 - 0132533 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.JPG
2012-09-23 13:15 - 2012-09-23 13:15 - 0003890 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001_navi.JPG
2012-10-03 17:21 - 2012-10-03 17:21 - 0121078 _____ () C:\Users\BR\AppData\Local\tmpNOMAD1.0
2012-10-03 17:21 - 2012-10-03 17:21 - 0044248 _____ () C:\Users\BR\AppData\Local\tmpNOMAD1.JPG
2012-10-03 17:18 - 2012-10-03 17:18 - 0112551 _____ () C:\Users\BR\AppData\Local\tmpNOMAD2.0
2012-10-03 17:18 - 2012-10-03 17:18 - 0040181 _____ () C:\Users\BR\AppData\Local\tmpNOMAD2.JPG
2012-10-03 17:21 - 2012-10-03 17:21 - 0115714 _____ () C:\Users\BR\AppData\Local\tmpNOMAD3.0
2012-10-03 17:21 - 2012-10-03 17:21 - 0038427 _____ () C:\Users\BR\AppData\Local\tmpNOMAD3.JPG
2012-10-03 17:22 - 2012-10-03 17:22 - 0134269 _____ () C:\Users\BR\AppData\Local\tmpNOMAD4.0
2012-10-03 17:22 - 2012-10-03 17:22 - 0049466 _____ () C:\Users\BR\AppData\Local\tmpNOMAD4.JPG
2012-10-03 17:22 - 2012-10-03 17:22 - 0135858 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.0
2012-10-03 17:22 - 2012-10-03 17:22 - 0050685 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.1
2012-10-03 17:22 - 2012-10-03 17:22 - 0050520 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.JPG
2012-10-03 17:23 - 2012-10-03 17:23 - 0136857 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.0
2012-10-03 17:23 - 2012-10-03 17:23 - 0049261 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.1
2012-10-03 17:23 - 2012-10-03 17:23 - 0049486 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.JPG
2012-08-22 15:05 - 2012-08-22 15:05 - 0006400 _____ () C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).0
2012-08-22 15:05 - 2012-08-22 15:05 - 0001969 _____ () C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).JPG
2014-09-04 10:40 - 2014-09-04 10:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-03-13 06:52 - 2014-07-22 14:04 - 0003834 _____ () C:\ProgramData\hpzinstall.log
2012-03-13 17:47 - 2012-12-22 17:06 - 0000173 _____ () C:\ProgramData\LockFilePath.ini
2012-12-02 12:08 - 2012-12-02 12:08 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\bcom\AppData\Local\Temp\Package_en_ww.exe
C:\Users\BR\AppData\Local\Temp\0BF38EF9-CCE2-52B1-5DF2-7511A6B22A52.exe
C:\Users\BR\AppData\Local\Temp\0kAI4GMlBl.exe
C:\Users\BR\AppData\Local\Temp\37858A5A-1915-6035-0BD3-E36287BF2F27.dll
C:\Users\BR\AppData\Local\Temp\37858A5A-1915-6035-0BD3-E36287BF2F27.exe
C:\Users\BR\AppData\Local\Temp\besB231.exe
C:\Users\BR\AppData\Local\Temp\besB3D6.exe
C:\Users\BR\AppData\Local\Temp\besE552.exe
C:\Users\BR\AppData\Local\Temp\besE571.exe
C:\Users\BR\AppData\Local\Temp\GfA2hLhqxy.exe
C:\Users\BR\AppData\Local\Temp\nI2xvt0TuR.exe
C:\Users\BR\AppData\Local\Temp\SSClientUp.exe
C:\Users\BR\AppData\Local\Temp\supoptsetup.exe
C:\Users\BR\AppData\Local\Temp\xoaHtueSip.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 04:03

==================== End Of Log ============================

 my addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by BR at 2015-03-05 15:56:41
Running from C:\Users\BR\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Akamai) (Version:  - Akamai Technologies, Inc)
AliIM Plugins for Browser (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\AliIM Plugins for Browser) (Version: 1.0 - Alibaba(China) Co., Ltd)
AliSetup 0.1.0.52 (HKLM-x32\...\AliSetup) (Version: 0.1.0.52 - °¢Àï°Í°Í£¨Öйú£©ÓÐÏÞ¹«Ë¾)
Any Video Converter 3.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD 2011 - English (HKLM\...\AutoCAD 2011 - English) (Version: 18.1.49.0 - Autodesk)
AutoCAD 2011 - English (Version: 18.1.49.0 - Autodesk) Hidden
AutoCAD 2011 Language Pack - English (Version: 18.1.49.0 - Autodesk) Hidden
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c6100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CDBurnerXP Free Download Packages (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\CDBurnerXP Free Download Packages) (Version:  - ) <==== ATTENTION
CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{A977D10D-989A-40D4-B0B1-450954516543}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Help (HKLM-x32\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.7 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2226 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Logitech Harmony Remote Software (x86) (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Photobucket Desktop (HKLM-x32\...\{D0916F1D-236D-4B9A-BCEA-F535444DCA41}) (Version: 1.0.3.1552 - Photobucket)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
Product Improvement Study for HP Officejet Pro 8620 (HKLM\...\{99039186-EBEB-4127-BFA2-18B10A05ACE2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rosetta Stone Version 3 (HKLM-x32\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.7.0 - Rosetta Stone Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Sentinel System Driver Installer 7.5.7 (HKLM-x32\...\{B281C7D1-C088-40E0-86EA-B2D9D7E0810A}) (Version: 7.5.7 - SafeNet, Inc.)
SewArt (HKLM\...\{9FC78FFB-FDEE-401F-9C59-C955C622BDD3}) (Version: 1.6.7 - S & S Computing)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SmoothDraw version 4.0.5 (HKLM-x32\...\SmoothDraw_is1) (Version: 4.0.5 - )
SMPIS (HKLM-x32\...\{999052D7-44A2-49F8-9851-A3D2D297EE03}) (Version: 29.00.000 - Merry Mechanization Inc.)
SolidWorks 2011 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20110-40200-1100-100) (Version: 19.2.0.49 - SolidWorks Corporation)
SolidWorks 2011 x64 Edition SP02 (Version: 19.120.49 - SolidWorks) Hidden
SolidWorks eDrawings 2011 SP02 (HKLM-x32\...\{67C6633B-5A12-4955-A5E4-98D703F9AFA3}) (Version: 11.2.113 - Dassault Systèmes SolidWorks Corp.)
SolidWorks eDrawings 2011 x64 Edition SP02 (Version: 11.2.113 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks Explorer 2011 SP02 (HKLM-x32\...\{5F590D74-AA75-410F-A778-3CDFCE12DCD4}) (Version: 19.20.49 - SolidWorks Corporation)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SQLAnywhere1000 (HKLM-x32\...\{349E9132-5101-4094-859E-0EEE6F3DDCD5}) (Version: 10.1.4157 - Merry Mechanization Inc)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TradeManager 2011 SP2 (HKLM-x32\...\TradeManager 2011 SP2) (Version:  - Alisoft)
TradeManager 2014 Beta1 (HKLM-x32\...\TradeManager) (Version:  - Alibaba (China) Network Technology Co., Ltd.)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.8 - Tweaking.com)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{A95E3E66-D5A4-404E-997D-02562AA492E8}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll (Alibaba (China) Co., Ltd.)
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll (Alibaba (China) Co., Ltd.)
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2011\acadficn.dll (Autodesk, Inc.)

==================== Restore Points  =========================

25-02-2015 03:00:14 Windows Update
28-02-2015 03:29:09 Windows Update
03-03-2015 07:56:33 Removed WinZip 19.0
03-03-2015 15:49:16 Windows Update
04-03-2015 23:39:42 Installed SewArt
05-03-2015 00:31:46 Revo Uninstaller's restore point - Fotor 2.0.0
05-03-2015 02:08:24 Microsoft Visual Studio Tools for Applications 2012

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-01-25 06:35 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00BF9635-66CA-4DFC-A11F-93B3344BB30B} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
Task: {01B68D52-81A4-4E5D-A008-EBE7A5E1D7A8} - System32\Tasks\AdobeAAMUpdater-1.0-BRIAN-PC-BR => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {02C67267-8551-4C1C-B7DA-63EA28A6B54E} - \SpeeditUp Update No Task File <==== ATTENTION
Task: {137B4BA2-DE24-4F80-BC1F-179956948A9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {19835642-4FB1-409E-B1C8-8C8DAB245E33} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {261C88CB-C0A6-449C-8B7E-520CB4278507} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2761B74C-FF47-4ABC-B888-2B671AC244E5} - System32\Tasks\{A5D314F0-456F-4CB4-B01B-01065EE19CB7} => pcalua.exe -a E:\setup.exe -d E:\
Task: {2A5E94B0-88B5-4A7C-AE52-03F3C01C221B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {379D608C-0688-4B10-B21D-50B5B2A22E4F} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {3FEB099C-1396-4994-BCD8-9335686FEAE1} - System32\Tasks\{3B22DB93-5D1E-4887-A309-936490D348AA} => C:\Program Files (x86)\TradeManager\AliIM.exe [2014-12-29] (Alibaba (China) Co., Ltd.)
Task: {4B06D158-F426-4D63-842D-A8D695E38F5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {58044AB4-8524-4227-9073-AAA8DF62A596} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {6937A1AC-3E01-4BF9-B20F-503455F33CE2} - System32\Tasks\{EE7250D0-13DD-4831-92FA-5FF718F977CD} => C:\Program Files (x86)\TradeManager\AliIM.exe [2014-12-29] (Alibaba (China) Co., Ltd.)
Task: {6AB5DF9B-167C-4E53-B5F8-EC132C9AB8CD} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {7016C1DA-8A0A-4266-A065-4ECEF51B751B} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {76BFAC61-5025-4C95-9233-B223F5F3731E} - System32\Tasks\{8687F8BE-E36A-4EEF-AF42-1D43D36FA6D3} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {786E9D0A-E3FE-465E-BC0D-620FE1DFB271} - System32\Tasks\HPCustParticipation HP Officejet Pro 8620 => C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {78C2A66C-9EA8-4576-B521-87A652EFB47E} - \avayvaxvaa No Task File <==== ATTENTION
Task: {80747828-AE28-4142-B594-2A8E87EF8F5F} - System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {85F928BF-474B-410C-955F-9BC4A5E814AE} - System32\Tasks\{ECC6E21C-0E02-48C1-81A6-B7DF3E56C4A3} => pcalua.exe -a "C:\Program Files (x86)\MMI\MachineDriverInstaller.exe" -d C:\Users\BRIAN\Desktop -c C:\Users\BRIAN\Desktop\second-house.DXF
Task: {9A3CE333-775C-4F78-992D-AA2801A46B4E} - System32\Tasks\{6F7F92BF-441E-4C9E-852D-876D6730FB99} => pcalua.exe -a L:\AutoCAD_2011_English_Win_64bit.exe -d L:\
Task: {9E7B5155-9C08-45C9-9779-27D04278AC5D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {A1ADD4D7-6035-4698-926B-41161C68C3CE} - \LuckyTab No Task File <==== ATTENTION
Task: {A478F95E-3FEA-4AA2-9564-F616630E60FB} - System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A} => pcalua.exe -a "C:\Users\BR\Documents\SolidWorks Downloads\SolidWorks 2011 SP02\swwi\data\setup.exe" -d "C:\Users\BR\Documents\SolidWorks Downloads\SolidWorks 2011 SP02\swwi\data"
Task: {AB93CB62-09D3-4CB8-A69A-DD87F1BF9463} - System32\Tasks\RPC => C:\Program Files (x86)\Regprocleaner\Regprocleaner.exe
Task: {AD73D1BF-E8BA-44CE-992E-38F1BF19BF40} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BC023B06-0D54-426A-B5F9-A28527102E43} - System32\Tasks\{349F7917-DF9C-433B-BD70-8DF9498AE672} => pcalua.exe -a C:\Windows\Installer\{4F113377-0BA1-4552-9ABB-9BF220FAF132}\i386_SldWorks.exe -d "C:\Program Files (x86)\Mozilla Firefox" -c C:\Users\BR\AppData\Local\Temp\car-trailer-tilt-deck.snapshot.1-1.zip
Task: {BEBB79F8-7713-4DBF-9FF9-0BA8E1E28A44} - System32\Tasks\{992C1360-B7C4-4ED1-9082-8E159FCB82C3} => pcalua.exe -a C:\Users\BR\Downloads\setup.exe -d C:\Users\BR\Downloads
Task: {DD268EF9-0389-4933-BB76-5200E5670973} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E58DB626-EECF-4E0B-B279-CE49CB629190} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E9277419-9C0E-48AE-95EB-A2908B59EB8D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EB9802D6-15A7-4ACD-B627-BED4322F44A9} - System32\Tasks\Update Service HitsBlender => C:\Program Files (x86)\HitsBlenderUpdater\HitsBlenderUpdater.exe
Task: {EFBFF8D6-C539-4881-9214-7E4BE60C3988} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2012-07-30] (Microsoft)
Task: {FF68EC2C-3B0C-4266-A221-56BDB11B6623} - System32\Tasks\{9F1E4A2B-AEA4-4565-A49A-E488006A3FAF} => pcalua.exe -a C:\Users\BR\Downloads\Mach3Version3.043.066.exe -d C:\Users\BR\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-12-15 12:55 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-02 13:07 - 2015-03-02 13:07 - 00103424 _____ () C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\jnsfE0CE.tmp
2015-03-02 13:07 - 2015-03-02 13:07 - 00114176 _____ () C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\nsvACBE.tmpfs
2014-09-26 14:40 - 2014-09-26 14:40 - 06237856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-10-22 18:50 - 2009-10-22 18:50 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-12-29 21:24 - 2014-12-29 21:24 - 00037368 _____ () C:\Program Files (x86)\TradeManager\rv2log.dll
2014-12-29 21:24 - 2014-12-29 21:24 - 00321528 _____ () C:\Program Files (x86)\TradeManager\rv2core.dll
2014-12-29 21:23 - 2014-12-29 21:23 - 00280056 _____ () C:\Program Files (x86)\TradeManager\pcre.dll
2014-12-28 19:30 - 2014-12-28 19:30 - 01554888 _____ () C:\Program Files (x86)\TradeManager\LIBEAY32.dll
2014-12-29 21:24 - 2014-12-29 21:24 - 00368120 _____ () C:\Program Files (x86)\TradeManager\rv2archive.dll
2014-12-28 19:30 - 2014-12-28 19:30 - 00322376 _____ () C:\Windows\SysWow64\aliedit\aliedit.dll
2014-12-29 21:24 - 2014-12-29 21:24 - 00457208 _____ () C:\Program Files (x86)\TradeManager\uacagent.dll
2014-12-28 19:30 - 2014-12-28 19:30 - 00072192 _____ () C:\Program Files (x86)\TradeManager\zlibwapi.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-11-23 16:20 - 2014-08-26 17:47 - 01491968 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-11-23 16:20 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2015-02-06 10:42 - 2015-02-06 10:42 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\BR\Documents\Aluminum Fabricated Tables.eml:OECustomProperty
AlternateDataStreams: C:\Users\BR\Documents\P.O. For tumble weed(0).eml:OECustomProperty
AlternateDataStreams: C:\Users\BR\Documents\P.O. For tumble weed.eml:OECustomProperty
AlternateDataStreams: C:\Users\BR\Documents\reaper pic sept(0).eml:OECustomProperty
AlternateDataStreams: C:\Users\BR\Documents\reaper pic sept.eml:OECustomProperty
AlternateDataStreams: C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com(0).eml:OECustomProperty
AlternateDataStreams: C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-998330651-303224156-1059126384-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\BR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.59.144.16 - 64.59.150.132

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-998330651-303224156-1059126384-500 - Administrator - Disabled)
bcom (S-1-5-21-998330651-303224156-1059126384-1003 - Administrator - Enabled) => C:\Users\bcom
BR (S-1-5-21-998330651-303224156-1059126384-1004 - Administrator - Enabled) => C:\Users\BR
BRIAN (S-1-5-21-998330651-303224156-1059126384-1000 - Administrator - Enabled) => C:\Users\BRIAN
Guest (S-1-5-21-998330651-303224156-1059126384-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP Officejet Pro 8620
Description: HP Officejet Pro 8620
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2015 03:40:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SewArt.exe, version: 1.6.7.0, time stamp: 0x519f98a6
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x794
Faulting application start time: 0xSewArt.exe0
Faulting application path: SewArt.exe1
Faulting module path: SewArt.exe2
Report Id: SewArt.exe3

Error: (03/05/2015 03:34:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SewArt.exe, version: 1.6.7.0, time stamp: 0x519f98a6
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0150010
Fault offset: 0x000000000006f822
Faulting process id: 0x111c
Faulting application start time: 0xSewArt.exe0
Faulting application path: SewArt.exe1
Faulting module path: SewArt.exe2
Report Id: SewArt.exe3

Error: (03/05/2015 03:34:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SewArt.exe, version: 1.6.7.0, time stamp: 0x519f98a6
Faulting module name: SewArt.exe, version: 1.6.7.0, time stamp: 0x519f98a6
Exception code: 0xc0000005
Fault offset: 0x0000000000041696
Faulting process id: 0x111c
Faulting application start time: 0xSewArt.exe0
Faulting application path: SewArt.exe1
Faulting module path: SewArt.exe2
Report Id: SewArt.exe3

Error: (03/05/2015 03:29:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SewArt.exe, version: 1.6.7.0, time stamp: 0x519f98a6
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0150010
Fault offset: 0x000000000006f822
Faulting process id: 0x1658
Faulting application start time: 0xSewArt.exe0
Faulting application path: SewArt.exe1
Faulting module path: SewArt.exe2
Report Id: SewArt.exe3

Error: (03/05/2015 03:28:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SewArt.exe, version: 1.6.7.0, time stamp: 0x519f98a6
Faulting module name: SewArt.exe, version: 1.6.7.0, time stamp: 0x519f98a6
Exception code: 0xc0000005
Fault offset: 0x0000000000030f8d
Faulting process id: 0x1658
Faulting application start time: 0xSewArt.exe0
Faulting application path: SewArt.exe1
Faulting module path: SewArt.exe2
Report Id: SewArt.exe3

Error: (03/05/2015 01:30:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoScissors.exe, version: 0.0.0.0, time stamp: 0x5432cf2c
Faulting module name: PhotoScissors.exe, version: 0.0.0.0, time stamp: 0x5432cf2c
Exception code: 0x40000015
Fault offset: 0x00000000008195ba
Faulting process id: 0xc94
Faulting application start time: 0xPhotoScissors.exe0
Faulting application path: PhotoScissors.exe1
Faulting module path: PhotoScissors.exe2
Report Id: PhotoScissors.exe3

Error: (03/05/2015 00:00:05 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (03/04/2015 00:00:27 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (03/04/2015 00:00:08 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (03/03/2015 07:55:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 36.0.0.5531, time stamp: 0x54eb029a
Faulting module name: mozalloc.dll, version: 36.0.0.5531, time stamp: 0x54eaf3b7
Exception code: 0x80000003
Fault offset: 0x00001e02
Faulting process id: 0x7fc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (03/05/2015 00:48:55 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (03/05/2015 00:48:48 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (03/05/2015 00:44:56 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (03/05/2015 00:43:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (03/05/2015 00:39:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (03/05/2015 00:39:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (03/05/2015 00:39:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (03/05/2015 00:05:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (03/04/2015 05:56:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (03/04/2015 05:52:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-02 13:14:51.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-02 13:14:51.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-02 13:14:50.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-02 13:14:50.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-02 13:13:30.385
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-02 13:13:30.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-02 13:13:29.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-02 13:13:29.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-02 13:13:28.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-02 13:13:28.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 45%
Total physical RAM: 7133.18 MB
Available physical RAM: 3880.35 MB
Total Pagefile: 14264.55 MB
Available Pagefile: 11358.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920.39 GB) (Free:749.58 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.02 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#4
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts

Hi Rusty2

 

Thanks for the logs. :)  I am analysing these and will get back to as soon as possible once my fix is approved.

 

I have a question.

 

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

 

 

Have you or a system administrator knowingly set a proxy server on Internet Explorer?

 

Please answer my question in your next post.  

 

Many thanks.


  • 0

#5
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

hi , no i have know idea what that is


  • 0

#6
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts

Hi Rusty2

 

My fix is with my instructor so hopefully get back to you fairly soon.

 

Cheers


  • 0

#7
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Rusty2.

Apologies for the delay. There was a misunderstanding with my instructor on my part.

Here are my next steps for you.

Step1 - Remove Programs

Please uninstall the following unwanted programs:

BubbleSound
CDBurnerXP Free Download Packages
PepperZip
RegProCleaner
Super Optimizer

Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:
  • Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
  • In the list of installed programs locate and click on the program to uninstall e.g. BubbleSound.
  • Click uninstall.
  • Repeat the above steps for all the other programs to remove.

    Step2 - FRST fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   4.19KB   129 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

    Step3 - Junkware Removal Tool

    Download Junkware Removal Tool by thisisu and save it to your desktop.

    Important: Please disable your anti virus program prior to running this program. Please see here if you are unsure on how to do this.

    1.Ensure all programs and windows are closed before proceeding.
    2.Simply double-click the program icon to run it. It will ask for administrator privileges.
    3.A black window will appear. Press any key to continue.
    4.Wait for it to finish. It won't take long.
    5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    7. Reboot your machine and enable your anti virus again.

    Things for your next post:
  • Fixlog.txt
  • JRT.txt log

  • 0

#8
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

When I was downloading the Junkware Removal Tool  the firefox stopped working and now it seems that my computer home page was lost for some reason ?

 

 

 

fix log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 01
Ran by BR at 2015-03-08 05:33:40 Run:1
Running from C:\Users\BR\Desktop
Loaded Profiles: BR (Available profiles: BRIAN & bcom & BR)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
() C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\jnsfE0CE.tmp
() C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\nsvACBE.tmpfs
R2 cehufofi; C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\jnsfE0CE.tmp [103424 2015-03-02] () [File not signed]
R2 xeqomesu; C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\nsvACBE.tmpfs [X]
2015-03-02 13:07 - 2015-03-02 13:07 - 00103424 _____ () C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\jnsfE0CE.tmp
2015-03-02 13:07 - 2015-03-02 13:07 - 00114176 _____ () C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\nsvACBE.tmpfs
C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
C:\Program Files\BubbleSound
ShortcutTarget: superpc_soft_partner.lnk -> C:\ProgramData\{e464dc0c-3cba-5e51-e464-4dc0c3cb7030}\superpc_soft_partner.exe (Super PC Tools Ltd)
Startup: C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\superpc_soft_partner.lnk
2015-03-02 13:08 - 2015-03-02 13:08 - 00003236 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule
Task: {00BF9635-66CA-4DFC-A11F-93B3344BB30B} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
2015-03-02 13:14 - 2015-03-02 13:14 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2015-03-02 13:03 - 2015-03-02 13:20 - 00000000 ____D () C:\Program Files (x86)\Regprocleaner
2015-03-02 13:03 - 2015-03-02 13:03 - 00003072 _____ () C:\Windows\System32\Tasks\RPC
Task: {AB93CB62-09D3-4CB8-A69A-DD87F1BF9463} - System32\Tasks\RPC => C:\Program Files (x86)\Regprocleaner\Regprocleaner.exe
2015-03-02 13:03 - 2015-03-02 13:03 - 00000981 _____ () C:\Users\BRIAN\Desktop\PepperZip.lnk
2015-03-02 13:03 - 2015-03-02 13:03 - 00000981 _____ () C:\Users\bcom\Desktop\PepperZip.lnk
2015-03-02 13:03 - 2015-03-02 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-03-02 13:03 - 2015-03-02 13:03 - 00000000 ____D () C:\Program Files (x86)\predm
2015-03-02 13:03 - 2015-02-02 07:42 - 04686848 ____N () C:\Windows\rcore.exe
2015-03-02 12:51 - 2015-03-02 12:51 - 00000000 ____D () C:\Users\BR\AppData\Roaming\SimpleFiles
2015-02-23 09:42 - 2015-02-23 09:42 - 00002950 _____ () C:\Windows\System32\Tasks\{3B22DB93-5D1E-4887-A309-936490D348AA}
2015-02-23 09:41 - 2015-02-23 09:41 - 00002950 _____ () C:\Windows\System32\Tasks\{EE7250D0-13DD-4831-92FA-5FF718F977CD}
2015-02-16 20:49 - 2015-02-16 20:49 - 00000000 ____D () C:\Users\BR\AppData\Roaming\IsolatedStorage
2015-02-16 20:49 - 2015-02-16 20:49 - 00000000 ____D () C:\Users\BR\AppData\Local\FileViewPro
2015-02-16 20:49 - 2015-02-16 20:49 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-02-16 20:47 - 2015-02-16 20:51 - 00000000 ____D () C:\Users\BR\AppData\Roaming\Solvusoft
2015-02-16 20:47 - 2015-02-16 20:47 - 00000000 ____D () C:\Spacekace
2015-02-16 20:47 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
2015-02-16 19:59 - 2015-02-16 20:02 - 00000000 ____D () C:\Program Files (x86)\ExtractNow
2015-02-16 19:59 - 2015-02-16 20:01 - 00000000 ____D () C:\Users\BR\AppData\Local\ExtractNow
2015-02-16 19:58 - 2015-03-02 14:31 - 00000000 ____D () C:\Users\BR\AppData\Roaming\BrowserExtensions
Task: {02C67267-8551-4C1C-B7DA-63EA28A6B54E} - \SpeeditUp Update No Task File <==== ATTENTION
Task: {78C2A66C-9EA8-4576-B521-87A652EFB47E} - \avayvaxvaa No Task File <==== ATTENTION
Task: {A1ADD4D7-6035-4698-926B-41161C68C3CE} - \LuckyTab No Task File <==== ATTENTION
2015-03-02 13:41 - 2015-03-02 13:41 - 00000000 ____D () C:\ProgramData\c2d5e0200004554
2015-03-02 13:01 - 2015-03-02 13:47 - 00000000 ____D () C:\ProgramData\{e464dc0c-3cba-5e51-e464-4dc0c3cb7030}
C:\Program Files (x86)\Super Optimizer
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53904;https=127.0.0.1:53904
FF DefaultSearchEngine: Trovi
cmd: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:


*****************

Restore point was successfully created.
[1424] C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\jnsfE0CE.tmp => Process closed successfully.
[3204] C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\nsvACBE.tmpfs => Process closed successfully.
cehufofi => Service deleted successfully.
xeqomesu => Service deleted successfully.
C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\jnsfE0CE.tmp => Moved successfully.
C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F\nsvACBE.tmpfs => Moved successfully.
C:\Users\BR\AppData\Roaming\BC6A47D4-1425301620-11DF-94BB-158251E1A54F => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\3D BubbleSound => value deleted successfully.
"C:\Program Files\BubbleSound" => File/Directory not found.
C:\ProgramData\{e464dc0c-3cba-5e51-e464-4dc0c3cb7030}\superpc_soft_partner.exe => Moved successfully.
C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\superpc_soft_partner.lnk => Moved successfully.
C:\Windows\System32\Tasks\Super Optimizer Schedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00BF9635-66CA-4DFC-A11F-93B3344BB30B}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00BF9635-66CA-4DFC-A11F-93B3344BB30B}" => Key Deleted successfully.
C:\Windows\System32\Tasks\Super Optimizer Schedule not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule" => Key Deleted successfully.
C:\Windows\system32\Drivers\SPPD.sys => Moved successfully.
C:\Program Files (x86)\Regprocleaner => Moved successfully.
C:\Windows\System32\Tasks\RPC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB93CB62-09D3-4CB8-A69A-DD87F1BF9463}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB93CB62-09D3-4CB8-A69A-DD87F1BF9463}" => Key Deleted successfully.
C:\Windows\System32\Tasks\RPC not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RPC" => Key Deleted successfully.
C:\Users\BRIAN\Desktop\PepperZip.lnk => Moved successfully.
C:\Users\bcom\Desktop\PepperZip.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip => Moved successfully.
C:\Program Files (x86)\predm => Moved successfully.
C:\Windows\rcore.exe => Moved successfully.
C:\Users\BR\AppData\Roaming\SimpleFiles => Moved successfully.
C:\Windows\System32\Tasks\{3B22DB93-5D1E-4887-A309-936490D348AA} => Moved successfully.
C:\Windows\System32\Tasks\{EE7250D0-13DD-4831-92FA-5FF718F977CD} => Moved successfully.
C:\Users\BR\AppData\Roaming\IsolatedStorage => Moved successfully.
C:\Users\BR\AppData\Local\FileViewPro => Moved successfully.
C:\ProgramData\IsolatedStorage => Moved successfully.
C:\Users\BR\AppData\Roaming\Solvusoft => Moved successfully.
C:\Spacekace => Moved successfully.
C:\Windows\system32\roboot64.exe => Moved successfully.
C:\Program Files (x86)\ExtractNow => Moved successfully.
C:\Users\BR\AppData\Local\ExtractNow => Moved successfully.
C:\Users\BR\AppData\Roaming\BrowserExtensions => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02C67267-8551-4C1C-B7DA-63EA28A6B54E}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02C67267-8551-4C1C-B7DA-63EA28A6B54E}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeeditUp Update" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78C2A66C-9EA8-4576-B521-87A652EFB47E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78C2A66C-9EA8-4576-B521-87A652EFB47E}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avayvaxvaa" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A1ADD4D7-6035-4698-926B-41161C68C3CE}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1ADD4D7-6035-4698-926B-41161C68C3CE}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab" => Key Deleted successfully.
C:\ProgramData\c2d5e0200004554 => Moved successfully.

"C:\ProgramData\{e464dc0c-3cba-5e51-e464-4dc0c3cb7030}" directory move:

Could not move "C:\ProgramData\{e464dc0c-3cba-5e51-e464-4dc0c3cb7030}" directory. => Scheduled to move on reboot.

"C:\Program Files (x86)\Super Optimizer" => File/Directory not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Firefox DefaultSearchEngine deleted successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {C7D616ED-7C13-486D-B574-D2C87A70CBD5}.
{BA659E97-10C2-40E7-BDF9-6F8BB1E2CA19} canceled.
1 out of 2 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 769.2 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-08 05:39:36)<=

C:\ProgramData\{e464dc0c-3cba-5e51-e464-4dc0c3cb7030} => Moved successfully.

==== End of Fixlog 05:39:37 ====

 

jrt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by BR on 08/03/2015 at  6:00:45.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/03/2015 at  6:04:15.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#9
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts

Hi Rusty2

 

the firefox stopped working and now it seems that my computer home page was lost for some reason ?

 

 

Sorry, can you just clarify.

 

Is your firefox working ok?

 

What computer home page is lost? Do you mean the fire fox browser home page or something else?

 

Thanks


  • 0

#10
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

no it is working it is just different and it seems it put some old firfox files onto my decktop. when i ran the last programe I had a message come up (Plugin contaner for firefox has stoped working. But I changed the browser back to google and it seems to be working and the popup are not comming up


  • 0

Advertisements


#11
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Rusty2

Thanks for clarifying the position. If there are still some issues with your Fire Fox we can do a reset at the end.

Here's the next steps I want you to do.

Step1 - Run adwcleaner

Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    AdwCleaner.png
  • Click the Scan button and wait for the program to finish.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open
  • Please copy/paste the generated log to your next reply
Step2 - Malwarebytes
  • Launch Malwarebytes Anti-Malware
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    oGHz2fO.png
  • Go back to Dashboard and click the green Scan Now button.
  • If threats are detected click on Apply actions, the program will ask to reboot the machine.
    MBAMReboot_zps9089ab30.jpg
  • Click Yes.
  • On completion of the scan (or after the reboot) select View Detailed Log

    MBAMLog.JPG
  • Click on Export Button, select Text File, give it the name MBAM Log and save the log to your Desktop.
  • Copy and Paste the contents of the log in your next reply.

    Things for your next post:
  • AdwCleaner[S*].txt
  • MBAM log

  • 0

#12
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Had a little problem , downloaded the AdwCleaner the log was in my notebook then ran Malwarebytes but when it rebooted I lost the Adwcleaner log so I reran it here .

 

now for the Malwarebytes ran it but on my trial version there is no View Detailed Log button I can see some files when I go to the quarantine section but cant copy them and it did not produce a log?

 

# AdwCleaner v4.112 - Logfile created 10/03/2015 at 10:41:23
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : BR - BRIAN-PC
# Running from : C:\Users\BR\Downloads\AdwCleaner(2).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0.1 (x86 en-US)


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [2384 bytes] - [09/03/2015 16:22:18]
AdwCleaner[R1].txt - [2446 bytes] - [09/03/2015 16:28:51]
AdwCleaner[R2].txt - [952 bytes] - [10/03/2015 10:39:02]
AdwCleaner[S0].txt - [2462 bytes] - [09/03/2015 16:30:36]
AdwCleaner[S1].txt - [880 bytes] - [10/03/2015 10:41:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [938  bytes] ##########
 


  • 0

#13
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts

Hi Rusty2

No worries. :) 

I would like to look at the adwcleaner report run earlier.

  • The AdwCleaner logs are located in the C:\AdwCleaner folder. Browse to the adwCleaner folder and locate the log file called AdwCleaner[S0].txt. This was the one run on the 9/3/15 at 16:30.
  • Please copy and paste this log into your next reply.

    For Malwarebytes - try this again to get the log.
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.

  • 0

#14
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

# AdwCleaner v4.112 - Logfile created 09/03/2015 at 16:28:51
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : BR - BRIAN-PC
# Running from : C:\Users\BR\Downloads\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\HitsBlender
Folder Found : C:\Users\BR\AppData\Local\HitsBlender

***** [ Scheduled tasks ] *****

Task Found : Update Service HitsBlender

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\SpeeditUp
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8b2978de-aea9-4f16-8da7-29babf714234}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b2978de-aea9-4f16-8da7-29babf714234}
Key Found : HKCU\Software\SimpleFiles
Key Found : HKCU\Software\Super Optimizer
Key Found : [x64] HKCU\Software\SimpleFiles
Key Found : [x64] HKCU\Software\Super Optimizer
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\.
Key Found : HKLM\SOFTWARE\Classes\..9
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8b2978de-aea9-4f16-8da7-29babf714234}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8b2978de-aea9-4f16-8da7-29babf714234}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\SimpleFiles
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{8b2978de-aea9-4f16-8da7-29babf714234}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0.1 (x86 en-US)


-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [2384 bytes] - [09/03/2015 16:22:18]
AdwCleaner[R1].txt - [2296 bytes] - [09/03/2015 16:28:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2355 bytes] ##########
 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 09/03/2015

Scan Time: 4:40:44 PM

Logfile:

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.03.09.06

Rootkit Database: v2015.02.25.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: BR

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 558256

Time Elapsed: 26 min, 15 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 4

PUP.Optional.Shopperz.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [88218b973258df5738d68b1a29dab44c],

PUP.Optional.Shopperz.A, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [dccd9b8797f32115f21c32739c672cd4],

PUP.Optional.Shopperz.A, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [c8e1a082e8a2a88e33db4f5640c3ec14],

PUP.Optional.Shopperz.A, HKU\S-1-5-21-998330651-303224156-1059126384-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [cadf3ee4dab07db90608d0d512f149b7],

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)


  • 0

#15
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Rusty2

Things are looking pretty good. Just a few more scans.

How's computer behaving now? Are you still getting any of the pop ups?

Step1 - ESET Scan

Vista / 7 users: You will need to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus, how to do so can be read here. If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG
  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Step2 - FRST scan
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs (FRST.txt) & Addition.txt in the same directory the tool is run. Please copy and paste them in your reply.

    Things for your next post.
  • How your computer is running?
  • ESET log.txt
  • FRST.txt
  • Addition.txt

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP