OptimizerPro browser hijack

Started by jaycharles, April 05, 2016, 08:09:34 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

jaycharles

I started using my son's laptop for a task and immediately started getting popups and and directed to different websites when
I went online.  I determined that optimizer pro was part of the problem and tried deleting it.  Not found in control panel/add
remove programs.  executed CCleaner, Spybot, Anti-malware, McAfee, Microsoft Essentials, and finally WinPatrol.  WinPatrol
got in a loop advising me it was dangerous to delete from registry.  Spybot listed the Optimzer entries but it advised me that
it failed in trying to delete them.  I was able to delete a related program- Websteriods- with Hirens Linux CD.

Result of Security Analysis by Rocket Grannie (x86) version: 28th March 2016
Running from:C:\Users\user\Desktop (14:23:31 - 04/05/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Professional X86 Service Pack 1
UAC is Enabled!
Internet Explorer 10.0.9200.17457 *Internet Explorer is out of Date*
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
***-----------------Anti-Virus - Firewall-------------------***
Microsoft Security Essentials Enabled - up to Date!
Windows Firewall is Enabled!
Searching for any other Firewall
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe flash Player Plugin (version 11.5.502.146) is *out of Date*
Adobe Flash Player ActiveX (version 21.0.0.197)
Microsoft Security Essentials (version 0)
Microsoft Silverlight -- An older version than '5' is installed.
Mozilla Firefox (version 45)
Windows Live Essentials (version 16.4)
WinPatrol (version 33.6)
Microsoft Silverlight (version 4.1.10111.0) is *out of Date*

***----------------Analysis Complete-------------------------***

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by user (administrator) on USER-PC (05-04-2016 14:16:32)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & Bryan)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\Cuvlofnihu\1.0.1.0\jruiende.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Windows\System32\NILaunch.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\ProgramData\Cuvlofnihu\1.0.1.0\jruiende.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [217088 2009-02-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-16] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [Net-It Launcher] => C:\Windows\system32\NILaunch.exe [24576 1998-02-05] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2978064037-3219182367-2095597647-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272704 2013-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-2978064037-3219182367-2095597647-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-2978064037-3219182367-2095597647-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-2978064037-3219182367-2095597647-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2978064037-3219182367-2095597647-1000\...\MountPoints2: {3ab052b7-d054-11e2-b9c2-0ceee6f157a4} - E:\WINDOWS\FORD_BPN_CO-PILOT.EXE
HKU\S-1-5-21-2978064037-3219182367-2095597647-1000\...\MountPoints2: {cb4af9b8-f094-11e1-945d-806e6f6e6963} - D:\setup.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
AppInit_DLLs:  c:\progra~1\optimi~1\optpro~1.dll => No File
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk [2016-04-05]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B9C81DAF-B24C-438A-B05F-E80A382AA37F}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C981CF8C-C1B0-4D45-9E11-FA488B63064D}: [DhcpNameServer] 172.26.38.1 172.26.38.2

Internet Explorer:
==================
HKU\S-1-5-21-2978064037-3219182367-2095597647-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2978064037-3219182367-2095597647-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-2978064037-3219182367-2095597647-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} hxxp://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_instmodule.exe

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b0esouuz.default
FF Homepage: hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll [2013-01-16] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll [2012-01-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b0esouuz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-05]
FF Extension: AdBlock Ultimate - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b0esouuz.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-04-03]
FF Extension: Video DownloadHelper - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b0esouuz.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-04-03]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-15] [not signed]

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-04-07] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2613200 2015-10-12] (Paramount Software UK Ltd)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe [221266 2009-07-16] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 ca82e1a5; "C:\Windows\system32\rundll32.exe" "c:\progra~1\optimi~1\OptProCrashSvc.dll",ServiceMain
S2 Websteroids; "C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsService.exe" "C:\ProgramData\Websteroids\up\2.6.80\Websteroids.exe"

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NETw5s32; C:\Windows\System32\DRIVERS\NETw5s32.sys [6114816 2009-09-15] (Intel Corporation) [File not signed]
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2013-09-19] (CACE Technologies, Inc.)
R3 O2MDGRDR; C:\Windows\System32\DRIVERS\o2mdg.sys [58528 2009-05-22] (O2Micro )
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdg.sys [41504 2009-05-07] (O2Micro )
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16016 2015-10-12] (Windows (R) Win 7 DDK provider)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S1 MpKsl8f071480; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F2EF6BA-A074-490E-AD91-38BD78340DB5}\MpKsl8f071480.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-05 14:16 - 2016-04-05 14:17 - 00012878 _____ C:\Users\user\Desktop\FRST.txt
2016-04-05 14:16 - 2016-04-05 14:16 - 00000000 ____D C:\FRST
2016-04-05 14:14 - 2016-04-05 13:51 - 00897536 _____ C:\Users\user\Desktop\RGSA.exe
2016-04-05 14:07 - 2016-04-05 13:51 - 00897536 _____ C:\Users\Default\RGSA.exe
2016-04-05 14:06 - 2016-04-05 13:44 - 01725440 _____ (Farbar) C:\Users\Default\FRST.exe
2016-04-05 14:05 - 2016-04-05 13:44 - 01725440 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2016-04-05 13:52 - 2016-04-05 13:52 - 00000000 ____D C:\2016softwr
2016-04-05 11:07 - 2016-04-05 11:07 - 00000000 ____D C:\ProgramData\InstallMate
2016-04-05 11:07 - 2016-04-05 11:07 - 00000000 ____D C:\Program Files\Ruiware
2016-04-05 09:56 - 2016-04-05 09:56 - 00000954 _____ C:\Users\user\Desktop\123w.exe - Shortcut.lnk
2016-04-03 16:04 - 2016-04-03 16:04 - 00001304 _____ C:\Users\user\Desktop\Notepad.lnk
2016-04-03 15:11 - 2016-04-03 15:11 - 00000000 ____D C:\Users\user\AppData\Local\Macromedia
2016-04-03 11:34 - 2016-04-03 11:34 - 00000000 ____D C:\Users\user\Documents\Reflect
2016-04-03 11:27 - 2016-04-03 11:27 - 00000058 _____ C:\Windows\Reflect.INI
2016-04-03 10:47 - 2016-04-05 14:00 - 00032013 _____ C:\Windows\wininit.ini
2016-04-03 10:38 - 2016-04-03 10:38 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium
2016-04-03 10:34 - 2016-04-03 12:25 - 00000000 ____D C:\ProgramData\Macrium
2016-04-03 10:23 - 2016-04-03 10:38 - 00002067 _____ C:\Users\user\Desktop\Reflect.lnk
2016-04-03 10:23 - 2016-04-03 10:23 - 00000000 ____D C:\Program Files\Macrium
2016-04-03 10:09 - 2016-04-03 10:09 - 00961664 _____ (Slimware Utilities, Inc.) C:\Users\user\Downloads\DriverUpdate-setup(1).exe
2016-04-03 10:08 - 2016-04-03 10:08 - 00961664 _____ (Slimware Utilities, Inc.) C:\Users\user\Downloads\DriverUpdate-setup.exe
2016-04-03 10:07 - 2016-04-03 10:07 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-03 10:07 - 2013-09-30 16:26 - 02881848 _____ C:\Windows\system32\pwNative.exe
2016-04-03 10:07 - 2013-09-30 16:26 - 00015688 ____N C:\Windows\system32\pwdrvio.sys
2016-04-03 10:06 - 2016-04-03 10:06 - 00001211 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2016-04-03 10:06 - 2016-04-03 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 8.1.1
2016-04-03 10:06 - 2016-04-03 10:06 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Home Edition 8.1.1
2016-04-03 10:06 - 2013-09-30 16:26 - 00010320 ____N C:\Windows\system32\pwdspio.sys
2016-04-03 10:01 - 2016-04-03 10:07 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla
2016-04-03 09:59 - 2016-04-05 14:03 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-04-03 09:59 - 2016-04-05 14:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-03 09:56 - 2016-04-03 10:47 - 00000000 ____D C:\Users\user\AppData\Local\SearchProtect
2016-04-03 09:56 - 2016-04-03 09:57 - 00000000 ____D C:\Users\user\AppData\Roaming\WinPatrol
2016-04-02 14:27 - 2016-04-02 14:27 - 00000000 ____D C:\ProgramData\Radio
2016-04-01 20:48 - 2016-04-01 20:49 - 00000000 ____D C:\AdwCleaner
2016-04-01 20:16 - 2016-04-01 21:17 - 00000000 ____D C:\Users\Bryan\dwhelper
2016-04-01 19:33 - 2016-04-05 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2016-04-01 19:33 - 2016-04-01 19:56 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\WinPatrol
2016-04-01 19:14 - 2016-04-01 19:14 - 00000000 ____D C:\ProgramData\Browser
2016-04-01 19:02 - 2016-04-01 21:14 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\vlc
2016-04-01 18:55 - 2016-04-01 18:59 - 00000000 ____D C:\Video
2016-04-01 16:48 - 2016-04-01 16:48 - 00000000 ____D C:\Users\Bryan\AppData\LocalLow\Adobe
2016-04-01 16:48 - 2016-04-01 16:48 - 00000000 ____D C:\Users\Bryan\AppData\Local\Adobe
2016-04-01 15:58 - 2016-04-04 20:19 - 00000000 ____D C:\Users\Bryan\Documents\TurboTax
2016-04-01 15:57 - 2016-04-01 15:57 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Intuit
2016-04-01 15:57 - 2016-04-01 15:57 - 00000000 ____D C:\Users\Bryan\AppData\Local\IsolatedStorage
2016-04-01 15:51 - 2016-04-01 15:51 - 00000000 ____D C:\Program Files\Opera
2016-03-30 20:50 - 2016-03-30 20:50 - 00000000 ____D C:\Users\user\AppData\Local\IsolatedStorage
2016-03-30 20:49 - 2016-03-30 20:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Intuit
2016-03-30 20:48 - 2016-04-01 16:12 - 00000451 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-03-30 20:48 - 2016-03-30 20:48 - 00002501 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-03-30 20:48 - 2016-03-30 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-03-30 20:47 - 2016-03-30 20:47 - 00000000 ____D C:\Program Files\TurboTax
2016-03-30 20:47 - 2016-03-30 20:47 - 00000000 ____D C:\Program Files\Common Files\Intuit
2016-03-30 20:46 - 2016-03-30 20:47 - 00000000 ____D C:\ProgramData\Intuit
2016-03-30 20:36 - 2016-03-30 20:36 - 00001417 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-30 19:21 - 2016-03-30 21:02 - 00000000 ____D C:\Users\user\AppData\LocalLow\Adblock Plus for IE
2016-03-30 19:21 - 2016-03-30 19:21 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2016-03-30 19:06 - 2016-03-30 19:06 - 00001226 _____ C:\Users\user\Desktop\Revo Uninstaller.lnk
2016-03-30 19:06 - 2016-03-30 19:06 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-03-30 19:06 - 2016-03-30 19:06 - 00000000 ____D C:\Program Files\VS Revo Group
2016-03-30 18:59 - 2016-03-30 18:59 - 00000000 ____D C:\Users\Bryan\AppData\Local\Macromedia
2016-03-30 18:52 - 2016-03-30 18:52 - 00000000 ____D C:\Users\Bryan\AppData\Local\FreeCommanderXE
2016-03-30 18:51 - 2016-03-30 18:51 - 00001068 _____ C:\Users\Bryan\Desktop\FreeCommander XE.lnk
2016-03-30 18:40 - 2016-03-30 18:40 - 00003430 _____ C:\Users\Bryan\Downloads\wedstk.csv
2016-03-30 18:39 - 2016-03-30 18:40 - 00003430 _____ C:\Users\Bryan\Downloads\quotes(1).csv
2016-03-30 18:39 - 2016-03-30 18:39 - 00003430 _____ C:\Users\Bryan\Downloads\quotes.csv
2016-03-30 17:45 - 2016-03-30 17:45 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Malwarebytes
2016-03-30 17:09 - 2016-03-30 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-30 17:08 - 2016-03-30 17:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-30 17:04 - 2016-03-30 17:04 - 00000000 ____D C:\Windows\Temp43358385-BA8A-BDCF-6C97-B86BC6803984-Signatures
2016-03-30 16:58 - 2016-03-30 16:58 - 00000000 ____D C:\Users\Bryan\AppData\Local\Apple
2016-03-30 16:48 - 2016-03-30 16:48 - 00001050 _____ C:\Users\user\Desktop\FreeCommander XE.lnk
2016-03-30 16:48 - 2016-03-30 16:48 - 00000000 ____D C:\Users\user\AppData\Local\FreeCommanderXE
2016-03-30 16:48 - 2016-03-30 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCommander XE
2016-03-30 16:48 - 2016-03-30 16:48 - 00000000 ____D C:\Program Files\FreeCommander XE
2016-03-30 16:41 - 2016-03-30 18:41 - 00000000 ____D C:\Users\Bryan\AppData\Local\Mozilla
2016-03-30 16:41 - 2016-03-30 18:35 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Mozilla
2016-03-30 16:41 - 2016-03-30 16:41 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-30 16:41 - 2016-03-30 16:41 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-30 16:40 - 2016-03-30 16:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-30 16:40 - 2016-03-30 16:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-30 16:27 - 2016-03-30 16:27 - 14383616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 13774848 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 02865664 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-30 16:27 - 2016-03-30 16:27 - 02056704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-30 16:27 - 2016-03-30 16:27 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2016-03-30 16:27 - 2016-03-30 16:27 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-30 16:27 - 2016-03-30 16:27 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-30 16:27 - 2016-03-30 16:27 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2016-03-30 16:27 - 2016-03-30 16:27 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2016-03-30 16:27 - 2016-03-30 16:27 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-30 16:27 - 2016-03-30 16:27 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2016-03-30 16:27 - 2016-03-30 16:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2016-03-30 16:27 - 2016-03-30 16:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2016-03-30 16:27 - 2016-03-30 16:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-30 16:27 - 2016-03-30 16:27 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2016-03-30 16:27 - 2016-03-30 16:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-03-30 16:27 - 2016-03-30 16:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-03-30 16:26 - 2016-03-30 16:26 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-03-30 16:26 - 2016-03-30 16:26 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-03-30 16:24 - 2016-03-30 16:24 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-03-30 16:22 - 2014-02-06 20:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-30 16:22 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-03-30 16:22 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-03-30 16:22 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-03-30 16:22 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-03-30 16:22 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-03-30 16:22 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2016-03-30 16:22 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2016-03-30 16:22 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-03-30 16:22 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2016-03-30 16:22 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-03-30 16:22 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-03-30 16:22 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2016-03-30 16:22 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2016-03-30 16:22 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-03-30 16:22 - 2013-10-03 20:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-03-30 16:22 - 2013-10-03 20:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-03-30 16:22 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-03-30 16:22 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-30 16:22 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-30 16:22 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-30 16:22 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-30 16:22 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-30 16:22 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-30 16:22 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-30 16:22 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-30 16:22 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-30 16:22 - 2013-08-01 06:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-03-30 16:22 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-30 16:22 - 2013-07-12 05:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2016-03-30 16:22 - 2013-07-12 05:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2016-03-30 16:22 - 2013-07-12 05:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2016-03-30 16:22 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-03-30 16:22 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-03-30 16:22 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-03-30 16:22 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2016-03-30 16:22 - 2013-07-02 23:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2016-03-30 16:22 - 2013-07-02 22:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-03-30 16:22 - 2013-07-02 22:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2016-03-30 16:22 - 2013-06-25 17:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2016-03-30 16:22 - 2013-06-05 23:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-30 16:22 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-30 16:22 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-30 16:22 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-30 16:22 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-30 16:22 - 2013-04-10 00:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-03-30 16:22 - 2012-11-28 17:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2016-03-30 16:22 - 2012-11-28 17:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2016-03-30 16:22 - 2012-11-28 17:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2016-03-30 16:20 - 2013-11-26 20:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-03-30 16:20 - 2013-11-26 20:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-03-30 16:19 - 2013-11-26 20:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-03-30 16:19 - 2013-11-26 20:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-03-30 16:19 - 2013-11-26 20:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-03-30 16:19 - 2013-11-26 20:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-03-30 16:19 - 2013-11-26 20:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-03-30 16:19 - 2012-10-31 23:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-03-30 16:18 - 2013-07-08 23:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-30 16:18 - 2013-04-25 23:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-03-30 16:14 - 2013-02-27 00:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-03-30 16:14 - 2013-02-26 23:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-03-30 16:14 - 2013-02-26 23:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-03-30 16:12 - 2014-05-14 11:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-30 16:12 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-30 16:12 - 2014-05-14 11:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-30 16:12 - 2014-05-14 11:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-30 16:12 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-30 16:12 - 2014-05-14 11:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-30 16:12 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-30 16:12 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-30 16:12 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-30 16:08 - 2016-03-30 16:08 - 00302011 _____ C:\Users\Bryan\Downloads\WindowsUpdateDiagnostic.diagcab
2016-03-30 15:59 - 2016-03-30 15:59 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Macromedia
2016-03-30 15:59 - 2016-03-30 15:59 - 00000000 ____D C:\ProgramData\Cuvlofnihu
2016-03-30 15:58 - 2016-04-01 16:48 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Adobe
2016-03-30 15:57 - 2016-03-30 15:57 - 00001266 _____ C:\Users\Bryan\Desktop\Windows Update.lnk
2016-03-30 15:55 - 2016-03-30 15:55 - 00001304 _____ C:\Users\Bryan\Desktop\Notepad.lnk
2016-03-30 15:53 - 2016-03-30 15:53 - 01161080 _____ C:\Windows\system32\Websteroids.B324755F3F87.2.6.80.dll
2016-03-30 15:50 - 2016-03-30 15:50 - 00001230 _____ C:\Users\Bryan\Desktop\Calculator.lnk
2016-03-30 15:49 - 2016-03-30 21:15 - 00121416 _____ C:\Users\Bryan\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-30 15:49 - 2016-03-30 15:49 - 00001417 _____ C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-30 15:49 - 2016-03-30 15:49 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Apple Computer
2016-03-30 15:48 - 2016-04-03 10:57 - 00000000 ____D C:\Users\Bryan
2016-03-30 15:48 - 2016-03-30 15:48 - 00000020 ___SH C:\Users\Bryan\ntuser.ini
2016-03-30 15:48 - 2016-03-30 15:48 - 00000000 _SHDL C:\Users\Bryan\My Documents
2016-03-30 15:48 - 2016-03-30 15:48 - 00000000 _SHDL C:\Users\Bryan\Documents\My Videos
2016-03-30 15:48 - 2016-03-30 15:48 - 00000000 _SHDL C:\Users\Bryan\Documents\My Pictures
2016-03-30 15:48 - 2016-03-30 15:48 - 00000000 _SHDL C:\Users\Bryan\Documents\My Music
2016-03-30 15:48 - 2016-03-30 15:48 - 00000000 ____D C:\Users\Bryan\AppData\Local\VirtualStore
2016-03-30 15:48 - 2013-01-27 00:44 - 00002062 _____ C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2016-03-30 15:48 - 2012-10-26 03:00 - 00000000 ____D C:\Users\Bryan\AppData\Local\Microsoft Help
2016-03-30 15:48 - 2011-04-11 21:24 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Media Center Programs
2016-03-30 15:46 - 2016-03-30 15:46 - 00001266 _____ C:\Users\user\Desktop\Windows Update.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-05 14:11 - 2009-07-13 23:34 - 00025904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-05 14:11 - 2009-07-13 23:34 - 00025904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-05 14:08 - 2010-11-20 16:01 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-05 14:08 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-04-05 14:04 - 2013-09-21 11:48 - 00000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-04-05 14:03 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-03 22:11 - 2015-03-11 19:26 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2016-04-03 18:51 - 2015-03-11 19:26 - 00000000 ____D C:\Users\user\AppData\Roaming\dvdcss
2016-04-03 10:47 - 2014-03-30 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2016-04-03 10:47 - 2014-03-30 09:49 - 00000000 ____D C:\Program Files\SearchProtect
2016-04-03 10:01 - 2013-05-12 21:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2016-04-03 09:57 - 2012-08-28 11:15 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-03 09:57 - 2012-08-28 11:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-04-01 15:52 - 2012-08-27 18:15 - 00000000 ____D C:\Windows\Panther
2016-03-30 21:15 - 2009-07-13 23:33 - 00444920 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-30 20:49 - 2012-08-28 08:33 - 00121416 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-30 20:40 - 2012-08-28 11:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-30 17:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-30 17:04 - 2012-08-28 11:10 - 00001945 _____ C:\Windows\epplauncher.mif
2016-03-30 17:04 - 2012-08-28 11:08 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-03-30 17:04 - 2012-08-28 11:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-03-30 16:52 - 2012-08-31 14:01 - 00000000 ____D C:\Program Files\Microsoft Works
2016-03-30 16:52 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-30 16:45 - 2009-07-13 21:04 - 00000478 _____ C:\Windows\win.ini
2016-03-30 16:11 - 2012-09-18 16:43 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-03-30 15:39 - 2009-07-13 23:53 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2013-10-31 19:14 - 2013-10-31 19:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-03-30 20:48 - 2016-04-01 16:12 - 0000451 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Default\FRST.exe
C:\Users\Default\RGSA.exe


Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\reflectPatch.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by user (2016-04-05 14:17:34)
Running from C:\Users\user\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2012-08-27 20:29:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2978064037-3219182367-2095597647-500 - Administrator - Disabled)
Bryan (S-1-5-21-2978064037-3219182367-2095597647-1004 - Limited - Enabled) => C:\Users\Bryan
Guest (S-1-5-21-2978064037-3219182367-2095597647-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2978064037-3219182367-2095597647-1003 - Limited - Enabled)
user (S-1-5-21-2978064037-3219182367-2095597647-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit) (HKLM\...\{A243D0E2-D027-4340-AA12-6B13B2A96AC0}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG5300 series On-screen Manual (HKLM\...\Canon MG5300 series On-screen Manual) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.4.102.104 - ALPS ELECTRIC CO., LTD.)
FileParade bundle uninstaller (HKLM\...\FileParade bundle uninstaller) (Version: 2.0.0.3 - FileParade) <==== ATTENTION
FreeCommander XE (HKLM\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6224.0 - IDT)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Lotus SmartSuite Release 9.5 (HKLM\...\SmartSuite V99.0) (Version:  - )
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.1225 - Paramount Software (UK) Ltd.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10111.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2978064037-3219182367-2095597647-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.2.28.24.exe  - NETGEAR Inc.)
O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{B066A843-8978-4501-A900-A28C5EFE148B}) (Version: 2.0.09 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.09 - O2Micro International LTD.) Hidden
PrintKey2000 (HKLM\...\PrintKey2000) (Version:  - )
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
TurboTax 2015 (HKLM\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Update for Office 2007 (KB946691) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A420F522-7395-4872-9882-C591B4B92278}) (Version:  - Microsoft)
Video Converter (Version: 1 - SweetPacks) Hidden <==== ATTENTION
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Websteroids (Version: 2.6.71 - Creative Island Media, LLC) Hidden <==== ATTENTION
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {7AF9F845-468B-4192-AB02-4417ECBCDEA0} - System32\Tasks\{2A215AF6-61C1-448A-BC35-62A023BE16D6} => C:\Program Files\Yoics Inc\Remote Cameras\Remote Cameras .exe
Task: {85CE87F0-226F-4802-BE48-D841CCE8FA68} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E4BA001F-843E-4040-B3A8-389B64B5419D} - System32\Tasks\Cuvlofnihu => C:\ProgramData\Cuvlofnihu\1.0.1.0\jruiende.exe [2016-03-30] () <==== ATTENTION
Task: {EF9EFD68-AEB1-4DA7-AEA5-6440B66E9CAE} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-05-02 04:41 - 2011-05-02 04:41 - 00024064 _____ () C:\Windows\System32\ssm1mlm.dll
2013-02-24 12:32 - 1998-02-05 20:16 - 00018432 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\jDocPrc.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-30 15:59 - 2016-03-30 15:59 - 00159744 _____ () C:\ProgramData\Cuvlofnihu\1.0.1.0\jruiende.exe
2013-02-24 12:32 - 1998-02-05 20:16 - 00024576 _____ () C:\Windows\System32\NILaunch.exe
2013-04-07 06:38 - 2013-04-07 06:38 - 01044224 _____ () C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
2013-02-19 01:46 - 2013-02-19 01:46 - 00011362 _____ () C:\Program Files\NETGEAR Genie\bin\mingwm10.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00043008 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 02537472 _____ () C:\Program Files\NETGEAR Genie\bin\QtCore4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 09814016 _____ () C:\Program Files\NETGEAR Genie\bin\QtGui4.dll
2013-06-04 20:22 - 2013-06-04 20:22 - 00481280 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 01553920 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 01140224 _____ () C:\Program Files\NETGEAR Genie\bin\QtNetwork4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00399360 _____ () C:\Program Files\NETGEAR Genie\bin\QtXml4.dll
2013-05-09 22:12 - 2013-05-09 22:12 - 00229888 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-03-27 03:43 - 2013-03-27 03:43 - 01067520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-05-28 01:21 - 2013-05-28 01:21 - 04334592 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-03-27 03:52 - 2013-03-27 03:52 - 00500736 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-03-27 03:50 - 2013-03-27 03:50 - 00186368 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 01198080 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-05-14 21:56 - 2013-05-14 21:56 - 08432128 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-04-28 01:25 - 2013-04-28 01:25 - 01205760 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 00088064 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 00641536 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-05-14 00:18 - 2013-05-14 00:18 - 00931840 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00438272 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00083456 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00083456 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00287232 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg4.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 00137728 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00139264 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 04:56 - 2012-11-29 04:56 - 03332720 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.DLL
2013-03-26 21:58 - 2013-03-26 21:58 - 00074752 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 00714240 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00485376 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00116224 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2013-04-07 06:42 - 2013-04-07 06:42 - 00123136 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:238AA907 [207]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2016-04-05 13:58 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2978064037-3219182367-2095597647-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{7E96922B-ED0D-45C2-A69D-6DAE0D3F83A6}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4BCB8953-4793-4725-922C-8D11A04613E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4290A0C9-6654-4581-800A-B8666A4BD0D2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BEBA92F4-E5F7-48D6-B9F8-B2F87DE9B5CB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{0EA1418D-D247-4A5A-88B2-91231F93D2B1}C:\program files\yoics inc\remote cameras\remote cameras .exe] => (Allow) C:\program files\yoics inc\remote cameras\remote cameras .exe
FirewallRules: [UDP Query User{AAFEE986-86AD-4B73-93EA-C704C96C7C21}C:\program files\yoics inc\remote cameras\remote cameras .exe] => (Allow) C:\program files\yoics inc\remote cameras\remote cameras .exe
FirewallRules: [{FF6AA96A-043F-4BA2-AAAC-401A3651D181}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E925BAA6-A1F1-4B76-A165-72430EA02025}] => (Allow) C:\Windows\Microsoft.NET\Fra

Corrine

Hi, jaycharles.

The end of the Addition.txt got cut off due to the forum software character limitations.  Please locate the "FirewallRules" section toward the bottom of the log and copy/paste the text below the following line:  FirewallRules: [{FF6AA96A-043F-4BA2-AAAC-401A3651D181}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

Thank you!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jaycharles

Thank you for your time.

FirewallRules: [{FF6AA96A-043F-4BA2-AAAC-401A3651D181}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E925BAA6-A1F1-4B76-A165-72430EA02025}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{5C063ECE-58E8-4A34-936E-388038597079}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C367D844-FE8E-4EC8-BB53-468117A89DC1}] => (Allow) LPort=2869
FirewallRules: [{815AE1C0-DA45-4A2A-B9F6-AB3167960C4F}] => (Allow) LPort=1900
FirewallRules: [{3C774B37-EAE2-4BD4-B3B7-D4904EBDB4B1}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{9EDC9569-D8CD-45C2-BAD3-A055A8FD6B10}C:\program files\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{73D835C4-DF6C-43F2-AC24-E79BEC7FB0D7}C:\program files\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{5A7E86A9-8CBD-4B47-9D2E-A471CBB460EE}C:\program files\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{4CDA3037-859C-47C5-B0BE-A29E11BBECB4}C:\program files\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files\netgear genie\bin\netgeargenie.exe
FirewallRules: [{4B3C7602-B089-4882-AAEE-DEE515F3B85A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{5FED333B-518F-49D6-9045-907A531A5EDF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{C87F7CAA-E07B-4DD3-AF7F-EFC29C41AA6A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{4F2E42E7-02D5-4DCA-87DF-09A609B20ACE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{2B681171-4B8E-4A86-AC5C-DBDD5330FC03}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2704DA98-8D9D-4BA1-B8BA-EE81C7B25D8A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{20324FFF-657E-48E8-8EC3-BB50EA87A234}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{45CCA6DE-6117-405A-87FC-60DCEAF74682}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C5673C67-2983-463F-BCC8-487748C852B8}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{C9794BC6-C49A-4DC7-BF54-D6D8E5F720A0}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2536756E-D80C-40BB-A9D4-9A06025A9BCF}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{096AE9B6-4033-4892-9704-7473CDCC9A72}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1E492DF4-848E-44C4-BDA7-254D693C9318}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{39920E82-26C0-45AD-9986-E2A3CF183337}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

==================== Restore Points =========================

30-03-2014 11:24:35 Windows Update
17-01-2015 22:18:40 Scheduled Checkpoint
29-01-2015 23:34:21 Scheduled Checkpoint
11-03-2015 06:15:12 Scheduled Checkpoint
06-01-2016 23:45:38 Scheduled Checkpoint
18-01-2016 00:27:10 Scheduled Checkpoint
16-02-2016 17:44:35 Scheduled Checkpoint
30-03-2016 16:12:07 Windows Update
30-03-2016 16:23:03 Windows Update
30-03-2016 19:21:18 Installed Adblock Plus for IE (32-bit)
30-03-2016 20:34:07 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.65.1.1000
30-03-2016 20:47:30 Installed TurboTax 2015 wrapper
01-04-2016 16:13:02 Installed TurboTax 2015 winiper
03-04-2016 10:21:48 Installed Macrium Reflect Free Edition
03-04-2016 10:37:13 Installed Macrium Reflect Free Edition
03-04-2016 10:48:31 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges
03-04-2016 10:50:12 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges
03-04-2016 10:53:19 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges
03-04-2016 11:24:27 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: MpKsl8f071480
Description: MpKsl8f071480
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl8f071480
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2016 02:03:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EvtEng.exe, version: 13.0.0.0, time stamp: 0x4ab8042e
Faulting module name: EvtEng.exe, version: 13.0.0.0, time stamp: 0x4ab8042e
Exception code: 0x40000015
Fault offset: 0x0007adce
Faulting process id: 0xd7c
Faulting application start time: 0xEvtEng.exe0
Faulting application path: EvtEng.exe1
Faulting module path: EvtEng.exe2
Report Id: EvtEng.exe3

Error: (04/05/2016 02:03:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2016 02:03:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc89a
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0x40000015
Fault offset: 0x0005620a
Faulting process id: 0x5e4
Faulting application start time: 0xWLANExt.exe0
Faulting application path: WLANExt.exe1
Faulting module path: WLANExt.exe2
Report Id: WLANExt.exe3

Error: (04/05/2016 02:03:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 160.1.168.192.in-addr.arpa. PTR user-PC.local.

Error: (04/05/2016 02:03:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.160:5353   17 160.1.168.192.in-addr.arpa. PTR user-PC-2.local.

Error: (04/05/2016 01:56:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EvtEng.exe, version: 13.0.0.0, time stamp: 0x4ab8042e
Faulting module name: EvtEng.exe, version: 13.0.0.0, time stamp: 0x4ab8042e
Exception code: 0x40000015
Fault offset: 0x0007adce
Faulting process id: 0xdd8
Faulting application start time: 0xEvtEng.exe0
Faulting application path: EvtEng.exe1
Faulting module path: EvtEng.exe2
Report Id: EvtEng.exe3

Error: (04/05/2016 01:56:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2016 01:56:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 160.1.168.192.in-addr.arpa. PTR user-PC.local.

Error: (04/05/2016 01:56:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.160:5353   17 160.1.168.192.in-addr.arpa. PTR user-PC-2.local.

Error: (04/05/2016 01:56:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc89a
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0x40000015
Fault offset: 0x0005620a
Faulting process id: 0x5dc
Faulting application start time: 0xWLANExt.exe0
Faulting application path: WLANExt.exe1
Faulting module path: WLANExt.exe2
Report Id: WLANExt.exe3


System errors:
=============
Error: (04/05/2016 02:04:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/05/2016 02:04:04 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.1.160192.168.137.0255.255.255.0

Error: (04/05/2016 02:04:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/05/2016 02:03:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Websteroids service failed to start due to the following error:
%%2

Error: (04/05/2016 02:03:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

Error: (04/05/2016 02:02:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (04/05/2016 02:02:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (04/05/2016 02:02:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (04/05/2016 01:57:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/05/2016 01:56:49 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.1.160192.168.137.0255.255.255.0


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz
Percentage of memory in use: 71%
Total physical RAM: 3032.96 MB
Available physical RAM: 855.68 MB
Total Virtual: 6064.2 MB
Available Virtual: 3715.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:260.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F6DBA3B9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Corrine

We'll start with the cleanup and then there are some updates that are needed.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.

start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
AppInit_DLLs:  c:\progra~1\optimi~1\optpro~1.dll => No File
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll => No File
Toolbar: HKU\S-1-5-21-2978064037-3219182367-2095597647-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [No File]
S1 MpKsl8f071480; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F2EF6BA-A074-490E-AD91-38BD78340DB5}\MpKsl8f071480.sys [X]
C:\ProgramData\Cuvlofnihu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
C:\Program Files\SearchProtect
Task: {E4BA001F-843E-4040-B3A8-389B64B5419D} - System32\Tasks\Cuvlofnihu => C:\ProgramData\Cuvlofnihu\1.0.1.0\jruiende.exe [2016-03-30] () <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:238AA907 [207]
C:\ProgramData\TEMP:238AA907 [207]
EmptyTemp:
end

  • Click Format and ensure Wordwrap is unchecked.
  • Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.
The two programs listed below are adware.  It may be that the adware components have been removed since I see AdwCleaner was run.  However, if you would like to uninstall them, as I would advise, and are unable to do so let me know and I will include them in the next set of instructions. 

Video Converter (Version: 1 - SweetPacks) Hidden <==== ATTENTION
Websteroids (Version: 2.6.71 - Creative Island Media, LLC) Hidden <==== ATTENTION


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jaycharles

I cannot see/uninstall Video Converter or Websteriods via Control Panel/Uninstall & would appreciate you adding code to do so.

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by user (2016-04-06 05:44:46) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & Bryan)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
AppInit_DLLs:  c:\progra~1\optimi~1\optpro~1.dll => No File
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll => No File
Toolbar: HKU\S-1-5-21-2978064037-3219182367-2095597647-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [No File]
S1 MpKsl8f071480; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F2EF6BA-A074-490E-AD91-38BD78340DB5}\MpKsl8f071480.sys [X]
C:\ProgramData\Cuvlofnihu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
C:\Program Files\SearchProtect
Task: {E4BA001F-843E-4040-B3A8-389B64B5419D} - System32\Tasks\Cuvlofnihu => C:\ProgramData\Cuvlofnihu\1.0.1.0\jruiende.exe [2016-03-30] () <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:238AA907 [207]
C:\ProgramData\TEMP:238AA907 [207]
EmptyTemp:
end


*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
"C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value data removed successfully..
" c:\progra~1\optimi~1\optpro~1.dll" => Value data removed successfully..
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully.
"HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully.
HKU\S-1-5-21-2978064037-3219182367-2095597647-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value removed successfully.
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found.
"HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin" => key removed successfully.
MpKsl8f071480 => service removed successfully.
C:\ProgramData\Cuvlofnihu => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 => moved successfully
C:\Program Files\SearchProtect => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E4BA001F-843E-4040-B3A8-389B64B5419D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4BA001F-843E-4040-B3A8-389B64B5419D}" => key removed successfully.
C:\Windows\System32\Tasks\Cuvlofnihu => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cuvlofnihu" => key removed successfully.
C:\ProgramData\TEMP => ":238AA907" ADS removed successfully..
"C:\ProgramData\TEMP:238AA907 [207]" => not found.
EmptyTemp: => 157.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 05:45:34 ====

Corrine

This should remove the hidden attribute so you can uninstall.  If not, please let me know and I'll take a look at fresh FRST logs.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.

start
CreateRestorePoint:
CloseProcesses:
Video Converter (Version: 1 - SweetPacks) Hidden <==== ATTENTION
Websteroids (Version: 2.6.71 - Creative Island Media, LLC) Hidden <==== ATTENTION
EmptyTemp:
end

  • Click Format and ensure Wordwrap is unchecked.
  • Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.
Updates needed:   

1.  Even though Firefox is your son's default browser, IE still needs to be updated to IE11.  First see Prerequisite updates for Internet Explorer 11.  IE11 can be downloaded from here:  Download Internet Explorer 11 for Windows 7 from Official Microsoft Download Center.

2.  Flash Player:  Particularly with Firefox being his default browser, it is all the more important for Flash Player to be kept up to date.  First, install the "current" latest update from this direct download link for the Non-IE Plugin (Opera, Firefox, Etc.):  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_21_plugin.exe.  Second, since Flash Player was so out of date for FireFox, I suggest changing the update settings.  The instructions to do so are, surprise, under "Changing the update settings" on Introducing Adobe Flash Player Background Updater for Windows | Adobe Developer Connection.

Note:  Adobe issued a Security Advisory for a critical vulnerability being actively exploited on systems running Windows 7 and hopes to issue an update tomorrow (April 7) so be prepared to update Flash Player again.

3.  Although Silverlight isn't used often (and there will be a prompt to install if needed), if it will stay on the computer, it needs to be updated.  So, either uninstall it or update to the latest version from here:  Get Silverlight | Microsoft Silverlight.

Finally:  How is the computer now?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jaycharles

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by user (2016-04-06 12:08:54) Run:2
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & Bryan)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Video Converter (Version: 1 - SweetPacks) Hidden <==== ATTENTION
Websteroids (Version: 2.6.71 - Creative Island Media, LLC) Hidden <==== ATTENTION
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Converter\\SystemComponent => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids\\SystemComponent => value removed successfully.
EmptyTemp: => 1.5 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:09:23 ====

MSFT's Ctl Pgm uninstalled Video Converter.  It did not find Websteriods, saying it must have been uninstalled earlier.  I
deleted the name from the list of pgms.

The computer is running LIKE A FINE SWISS WATCH!  No problems have surfaced.  I performed the updates you suggested.
I thank your very much for all your time and effort in assisting me.  THANK YOU!!!

Corrine

Quote from: jaycharlesThe computer is running LIKE A FINE SWISS WATCH!

Just what I wanted to see!  I'm so glad I was able to help.  Take a look at this after that last run of FRST:  EmptyTemp: => 1.5 GB temporary data Removed..  In comparison, 157.3 MB was removed the first run.

Let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore

  • Click Run
The program will run for a few moments and then notepad will open with a log.   


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jaycharles

Delfix executed, AOK.

# DelFix v1.012 - Logfile created 06/04/2016 at 12:47:36
# Updated 04/03/2015 by Xplode
# Username : user - USER-PC
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\user\Desktop\Addition.txt
Deleted : C:\Users\user\Desktop\Fixlog.txt
Deleted : C:\Users\user\Desktop\FRST.exe
Deleted : C:\Users\user\Desktop\FRST.txt
Deleted : C:\Users\user\Desktop\RGSA.exe
Deleted : C:\Users\user\Desktop\SALog.txt
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #136 [Scheduled Checkpoint | 03/11/2015 11:15:12]
Deleted : RP #137 [Scheduled Checkpoint | 01/07/2016 04:45:38]
Deleted : RP #138 [Scheduled Checkpoint | 01/18/2016 05:27:10]
Deleted : RP #139 [Scheduled Checkpoint | 02/16/2016 22:44:35]
Deleted : RP #140 [Windows Update | 03/30/2016 21:12:07]
Deleted : RP #141 [Windows Update | 03/30/2016 21:23:03]
Deleted : RP #142 [Installed Adblock Plus for IE (32-bit) | 03/31/2016 00:21:18]
Deleted : RP #144 [Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.65.1.1000 | 03/31/2016 01:34:07]
Deleted : RP #145 [Installed TurboTax 2015 wrapper | 03/31/2016 01:47:30]
Deleted : RP #146 [Installed TurboTax 2015 winiper | 04/01/2016 21:13:02]
Deleted : RP #147 [Installed Macrium Reflect Free Edition | 04/03/2016 15:21:48]
Deleted : RP #148 [Installed Macrium Reflect Free Edition | 04/03/2016 15:37:13]
Deleted : RP #150 [Cleaner (Spybot - Search & Destroy 2.4, administrator privileges | 04/03/2016 15:48:31]
Deleted : RP #152 [Cleaner (Spybot - Search & Destroy 2.4, administrator privileges | 04/03/2016 15:50:12]
Deleted : RP #154 [Cleaner (Spybot - Search & Destroy 2.4, administrator privileges | 04/03/2016 15:53:19]
Deleted : RP #156 [Cleaner (Spybot - Search & Destroy 2.4, administrator privileges | 04/03/2016 16:24:27]
Deleted : RP #158 [Restore Point Created by FRST | 04/06/2016 10:44:51]
Deleted : RP #159 [Windows Modules Installer | 04/06/2016 16:47:26]
Deleted : RP #161 [Restore Point Created by FRST | 04/06/2016 17:08:59]

New restore point created !

########## - EOF - ##########

Corrine

Excellent.  Now you just need to teach your son to keep the computer updated and to be careful about the programs he downloads.  :)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.