Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

That Nasty AdChoice


  • This topic is locked This topic is locked
24 replies to this topic

#1 pjnewberry

pjnewberry

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 22 August 2014 - 04:25 PM

I am a victim of downloading without paying close attention and have been hit with AdChoice. I've tried using malwarebytes and adwcleaner and thought it was gone but it was not. Please help. It's in all my browsers. I have Windows 8.1

Thanks,

Pam


Edited by pjnewberry, 22 August 2014 - 04:25 PM.


BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 23 August 2014 - 03:03 PM

Hello Pam, and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:


FRST Log

Addition.txt Log

aswMBR Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 pjnewberry

pjnewberry
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 25 August 2014 - 12:28 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by Pamela (administrator) on TOSHIBA on 25-08-2014 13:03:34
Running from C:\Users\Pamela\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
() C:\Program Files (x86)\Microsoft Office 97\Office\OSA.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_6.3.9600.20278_x64__8wekyb3d8bbwe\numbers.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe\KeePass.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [914648 2014-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830104 2014-01-14] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3009154357-2946078869-2494234241-1001\...\Run: [Google Update] => "C:\Users\Pamela\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office 97\Office\FINDFAST.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office 97\Office\OSA.EXE ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9EF8352071B2CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - {296C838C-04C2-4603-A5BE-7A7A7E803E59} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM-x32 - {296C838C-04C2-4603-A5BE-7A7A7E803E59} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKCU - {296C838C-04C2-4603-A5BE-7A7A7E803E59} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Pamela\AppData\Roaming\Mozilla\Firefox\Profiles\xw74g9y3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pamela\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Pamela\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Pamela\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Pamela\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Pamela\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pamela\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: FireFTP - C:\Users\Pamela\AppData\Roaming\Mozilla\Firefox\Profiles\xw74g9y3.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-08-05]
FF Extension: Web Developer - C:\Users\Pamela\AppData\Roaming\Mozilla\Firefox\Profiles\xw74g9y3.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-08-06]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Entanglement Web App) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-07-20]
CHR Extension: (Facebook Full size Profile Pictures) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcgdkfpobnjbhhmmelbojdakpehniof [2014-08-19]
CHR Extension: (Angry Birds) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-07-20]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-07-20]
CHR Extension: (Google Docs) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-20]
CHR Extension: (Google Drive) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-20]
CHR Extension: (Language Immersion for Chrome) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-07-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-20]
CHR Extension: (Web Developer) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-07-20]
CHR Extension: (WOT) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-20]
CHR Extension: (YouTube) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-20]
CHR Extension: (Google Cast) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-20]
CHR Extension: (Google Search) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-20]
CHR Extension: (Google Calendar) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-07-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-07-20]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2014-08-21]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-07-20]
CHR Extension: (Tape) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfleijdbicilompnnombcbkcgidbefb [2014-07-20]
CHR Extension: (Poppit!) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-07-20]
CHR Extension: (Ghostery) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-07-20]
CHR Extension: (Google Wallet) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20]
CHR Extension: (__MSG_extBrowserActionName__) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelggcmknbjmhkpgjfhakedcfnkgbdpg [2014-07-20]
CHR Extension: (Evernote Web Clipper) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-07-20]
CHR Extension: (Gmail) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-21] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-06] (Intel Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [128000 2014-08-05] (Mozilla Foundation) [File not signed]
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [88720 2014-05-05] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-31] (Microsoft Corporation)
R2 w3svc; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-07-31] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-25 13:04 - 2014-08-25 13:04 - 05185536 _____ (AVAST Software) C:\Users\Pamela\Downloads\aswmbr.exe
2014-08-25 13:03 - 2014-08-25 13:03 - 00019697 _____ () C:\Users\Pamela\Downloads\FRST.txt
2014-08-25 13:02 - 2014-08-25 13:02 - 02103296 _____ (Farbar) C:\Users\Pamela\Downloads\FRST64 (1).exe
2014-08-25 13:01 - 2014-08-25 13:03 - 00000000 ____D () C:\FRST
2014-08-25 13:00 - 2014-08-25 13:00 - 02103296 _____ (Farbar) C:\Users\Pamela\Downloads\FRST64.exe
2014-08-25 10:45 - 2014-08-25 13:00 - 00000024 ____H () C:\Users\Pamela\Documents\Database.kdb.lock
2014-08-24 14:48 - 2014-08-25 12:02 - 00000000 ____D () C:\Users\Pamela\Documents\2013_Taxes
2014-08-21 17:41 - 2014-08-21 17:41 - 00000000 ____D () C:\Program Files\runphp
2014-08-21 17:40 - 2014-08-21 17:40 - 00000000 ____D () C:\Users\Pamela\Downloads\runphp
2014-08-21 17:37 - 2014-08-21 17:38 - 00000000 ____D () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86 (1)
2014-08-21 17:37 - 2014-08-21 17:37 - 00000621 _____ () C:\Users\Pamela\Downloads\runphp.zip
2014-08-21 17:36 - 2014-08-21 17:37 - 17025700 _____ () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86 (1).zip
2014-08-21 16:13 - 2014-08-21 16:13 - 00000000 ____D () C:\Users\Pamela\Downloads\creative-company
2014-08-21 16:05 - 2014-08-21 16:05 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Pamela\Downloads\SpyHunter-Installer.exe
2014-08-20 18:34 - 2014-08-21 17:09 - 00000000 ____D () C:\AdwCleaner
2014-08-20 18:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-20 18:33 - 2014-08-20 18:33 - 01364531 _____ () C:\Users\Pamela\Downloads\adwcleaner_3.308.exe
2014-08-19 13:33 - 2014-08-19 13:33 - 00252565 _____ () C:\Users\Pamela\Downloads\iOS reader applications.zip
2014-08-19 13:23 - 2014-08-19 13:23 - 00000000 ____D () C:\Users\Pamela\Downloads\tools_v6.0.9
2014-08-19 13:22 - 2014-08-19 13:22 - 01816358 _____ () C:\Users\Pamela\Downloads\tools_v6.0.9.zip
2014-08-19 13:07 - 2014-08-19 13:07 - 00000000 ____D () C:\Users\Pamela\Downloads\K4MobiDeDRM_v03.5_plugin
2014-08-19 13:05 - 2014-08-19 13:05 - 00049357 _____ () C:\Users\Pamela\Downloads\K4MobiDeDRM_v03.5_plugin.zip
2014-08-19 12:56 - 2014-08-19 13:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-19 12:56 - 2014-08-19 13:02 - 00000000 ____D () C:\ProgramData\625c78502d08bdca
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator
2014-08-19 12:45 - 2014-08-19 13:10 - 00000000 ____D () C:\Users\Pamela\AppData\Local\calibre-cache
2014-08-19 12:44 - 2014-08-19 13:34 - 00000000 ____D () C:\Users\Pamela\Documents\Calibre Library
2014-08-19 12:44 - 2014-08-19 13:28 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\calibre
2014-08-19 12:44 - 2014-08-19 12:44 - 00000943 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-08-19 12:44 - 2014-08-19 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-08-19 12:44 - 2014-08-19 12:44 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-08-19 12:42 - 2014-08-19 12:43 - 56419840 _____ () C:\Users\Pamela\Downloads\calibre-1.48.0.msi
2014-08-19 12:40 - 2014-08-19 13:11 - 00000000 ____D () C:\Users\Pamela\Documents\My Kindle Content
2014-08-19 12:40 - 2014-08-19 12:40 - 38157960 _____ (Amazon.com) C:\Users\Pamela\Downloads\KindleForPC-installer.exe
2014-08-19 12:40 - 2014-08-19 12:40 - 00002301 _____ () C:\Users\Pamela\Desktop\Kindle.lnk
2014-08-19 12:40 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-08-19 12:40 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Amazon
2014-08-18 19:01 - 2014-08-25 12:06 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA.job
2014-08-18 19:01 - 2014-08-24 19:06 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core.job
2014-08-18 19:01 - 2014-08-18 19:01 - 00895120 _____ (Google Inc.) C:\Users\Pamela\Downloads\GoogleVoiceAndVideoSetup (1).exe
2014-08-18 19:01 - 2014-08-18 19:01 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA
2014-08-18 19:01 - 2014-08-18 19:01 - 00003496 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core
2014-08-16 13:02 - 2014-08-16 13:02 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-08-16 13:02 - 2014-08-16 13:02 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-16 12:59 - 2014-01-19 03:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-16 12:00 - 2014-08-21 16:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 12:00 - 2014-08-16 12:01 - 00869456 _____ () C:\Users\Pamela\Downloads\Norton_Removal_Tool.exe
2014-08-16 12:00 - 2014-08-16 12:00 - 00001089 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-16 12:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-16 12:00 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-16 12:00 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-16 11:59 - 2014-08-16 11:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pamela\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-16 10:28 - 2014-08-18 18:23 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-16 10:28 - 2014-08-16 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-16 10:12 - 2014-08-16 10:12 - 00895120 _____ (Google Inc.) C:\Users\Pamela\Downloads\ChromeSetup.exe
2014-08-15 15:15 - 2014-08-15 15:15 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Macromedia
2014-08-15 05:08 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 05:08 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 05:08 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 05:08 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 05:08 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 05:08 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 05:08 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 05:08 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 05:08 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 05:08 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 05:08 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 05:08 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 05:08 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 05:08 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 05:08 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 05:08 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 05:08 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 05:08 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 05:08 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 05:08 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 05:08 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 05:08 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 05:08 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 05:08 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 05:08 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 05:08 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 05:08 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 05:08 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 05:08 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 05:08 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 05:08 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 05:08 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 05:08 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 05:08 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 05:08 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 05:08 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 05:08 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 05:08 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-08-15 05:08 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 05:08 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-08-15 05:08 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-08-15 05:07 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 05:07 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 05:07 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-15 05:05 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-08-15 05:05 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-08-15 05:05 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-08-15 05:05 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-08-15 05:05 - 2014-07-10 00:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-08-15 05:05 - 2014-07-10 00:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-08-15 05:05 - 2014-07-09 23:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-08-15 05:04 - 2014-08-06 22:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 05:04 - 2014-08-06 18:39 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 05:04 - 2014-08-01 23:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 05:04 - 2014-08-01 23:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-15 05:04 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-08-15 05:04 - 2014-06-05 10:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-08-15 05:04 - 2014-06-05 09:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-08-15 05:04 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 05:04 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 05:04 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 05:04 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 05:04 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 05:04 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 05:04 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 05:04 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-08-15 05:04 - 2014-05-31 06:07 - 00467800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-08-15 05:04 - 2014-05-31 06:07 - 00440664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-08-15 05:04 - 2014-05-31 06:07 - 00419672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-08-15 05:04 - 2014-05-31 06:07 - 00089944 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-08-15 05:04 - 2014-05-31 06:07 - 00027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-08-15 05:04 - 2014-05-31 02:30 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-08-15 05:04 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-08-15 05:04 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-08-15 05:04 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-08-15 05:04 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-08-15 05:04 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-08-15 05:04 - 2014-05-27 11:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-15 05:04 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-08-15 05:04 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-08-15 05:04 - 2014-05-17 00:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-08-15 05:04 - 2014-05-17 00:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-08-15 05:04 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-08-15 05:04 - 2014-05-13 01:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-15 05:04 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-08-15 05:04 - 2014-05-13 00:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-08-15 05:04 - 2014-05-12 23:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-15 05:04 - 2014-05-12 23:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-08-15 05:04 - 2014-05-03 07:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-15 05:04 - 2014-05-03 05:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-15 05:04 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-08-15 05:04 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-08-15 05:04 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-08-15 05:04 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-08-15 05:04 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-08-15 05:04 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-08-15 05:04 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-08-15 05:04 - 2014-05-02 19:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-08-15 05:04 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-15 05:04 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-08-15 05:04 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-15 05:04 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-08-15 05:04 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-08-15 05:04 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-15 05:04 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-15 05:04 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-08-15 05:04 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-08-15 05:04 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-08-15 05:04 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-08-15 05:04 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-08-15 05:04 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-15 05:04 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-08-15 05:04 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-08-15 05:04 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-08-15 05:04 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-08-15 05:04 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-08-15 05:04 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-08-15 05:04 - 2014-04-26 18:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-08-15 05:04 - 2014-04-26 16:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-08-15 05:04 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-08-15 05:04 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-08-15 05:04 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-08-15 05:04 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-08-15 05:04 - 2014-04-09 02:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-15 05:04 - 2014-04-09 01:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-08-13 18:26 - 2014-08-16 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beyond Compare 3
2014-08-13 18:26 - 2014-08-16 11:25 - 00000000 ____D () C:\Program Files (x86)\Beyond Compare 3
2014-08-13 18:26 - 2014-08-13 18:26 - 05999792 _____ (Scooter Software ) C:\Users\Pamela\Downloads\BCompare-3.3.12.18414.exe
2014-08-13 18:26 - 2014-08-13 18:26 - 00000970 _____ () C:\Users\Public\Desktop\Beyond Compare 3.lnk
2014-08-13 18:26 - 2014-08-13 18:26 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Scooter Software
2014-08-13 15:42 - 2014-08-13 15:42 - 00218511 _____ () C:\Users\Pamela\Downloads\Tahoma.ttf
2014-08-13 15:38 - 2014-08-13 15:38 - 00035262 _____ () C:\Windows\Pamela.acl
2014-08-11 11:49 - 2014-08-11 11:49 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-11 11:49 - 2014-08-11 11:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-11 09:44 - 2014-08-11 09:44 - 00001799 _____ () C:\Users\Pamela\Downloads\NightCircus9780385534642.acsm
2014-08-07 15:36 - 2014-08-07 15:36 - 00001089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-07 15:36 - 2014-08-07 15:36 - 00001077 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-07 11:33 - 2014-08-07 11:33 - 00000000 ____D () C:\Users\Pamela\Downloads\html5up-strongly-typed
2014-08-07 11:27 - 2014-08-07 11:27 - 00000000 ____D () C:\Users\Pamela\Downloads\html5up-striped
2014-08-06 20:15 - 2014-08-06 20:15 - 00492367 _____ () C:\Users\Pamela\Downloads\html5up-striped.zip
2014-08-06 20:14 - 2014-08-06 20:14 - 00603815 _____ () C:\Users\Pamela\Downloads\html5up-strongly-typed.zip
2014-08-06 20:11 - 2014-08-06 20:11 - 00651375 _____ () C:\Users\Pamela\Downloads\zCumbeton.rar
2014-08-06 19:47 - 2014-08-06 19:47 - 00848491 _____ () C:\Users\Pamela\Downloads\point02.zip
2014-08-06 19:46 - 2014-08-06 19:46 - 01995836 _____ () C:\Users\Pamela\Downloads\caprice.zip
2014-08-06 19:30 - 2014-08-06 19:30 - 17025700 _____ () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86.zip
2014-08-06 19:11 - 2014-08-06 19:11 - 00000000 ____D () C:\Users\Pamela\Downloads\moderna_bt
2014-08-06 17:22 - 2014-08-06 17:22 - 01616261 _____ () C:\Users\Pamela\Downloads\moderna_bt.zip
2014-08-05 14:26 - 2014-08-05 14:29 - 00000000 ____D () C:\Program Files\Nightly
2014-08-05 14:25 - 2014-08-05 14:25 - 39713178 _____ () C:\Users\Pamela\Downloads\firefox-34.0a1.en-US.win64-x86_64.installer.exe
2014-08-05 13:58 - 2014-08-05 14:13 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 13:54 - 2014-08-05 14:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 13:54 - 2014-08-05 14:13 - 00001134 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-05 13:54 - 2014-08-05 13:54 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Mozilla
2014-08-05 13:53 - 2014-08-05 13:53 - 32239888 _____ () C:\Users\Pamela\Downloads\Firefox Setup 31.0.exe
2014-08-05 13:35 - 2014-08-05 13:35 - 00244120 _____ () C:\Users\Pamela\Downloads\Firefox Setup Stub 31.0.exe
2014-08-04 14:53 - 2014-08-04 14:53 - 00000000 ____D () C:\Users\Pamela\Documents\creative-company
2014-08-04 14:51 - 2014-08-04 14:53 - 00580883 _____ () C:\Users\Pamela\Downloads\creative-company.zip
2014-08-04 14:29 - 2014-08-04 14:29 - 00000000 ____D () C:\Users\Pamela\Documents\captivate
2014-08-04 14:24 - 2014-08-04 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-04 14:24 - 2014-08-04 14:24 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-04 14:23 - 2014-08-04 14:23 - 01376768 _____ () C:\Users\Pamela\Downloads\7z920-x64.msi
2014-08-04 14:20 - 2014-08-04 14:20 - 00228839 _____ () C:\Users\Pamela\Downloads\captivate.7z
2014-08-02 19:00 - 2014-08-02 19:00 - 00001777 _____ () C:\Users\Pamela\Downloads\GoldfinchANovel9780316248679.acsm
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Oracle
2014-08-01 15:21 - 2014-08-01 15:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Sun
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 15:20 - 2014-08-01 15:20 - 00918952 _____ (Oracle Corporation) C:\Users\Pamela\Downloads\chromeinstall-7u65.exe
2014-08-01 15:19 - 2014-08-01 15:19 - 00001784 _____ () C:\Users\Pamela\Downloads\Printer-Jumpstart.jnlp
2014-07-31 18:31 - 2014-07-31 18:31 - 00025667 _____ () C:\Users\Pamela\Downloads\NCS_Clients.xlsx
2014-07-31 16:57 - 2014-07-31 16:57 - 00000000 ____D () C:\Users\Pamela\Documents\My Web Sites
2014-07-31 16:57 - 2014-07-31 16:57 - 00000000 ____D () C:\Users\Pamela\Documents\IISExpress
2014-07-31 16:56 - 2014-08-21 17:41 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2014-07-31 16:56 - 2014-08-11 18:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft WebMatrix
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Microsoft Corporation
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft WebMatrix
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files\IIS Express
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files\IIS
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\IIS
2014-07-31 16:55 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-07-31 16:55 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-07-31 16:55 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-31 16:53 - 2014-07-31 16:53 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\WebMatrixWeb.exe
2014-07-31 16:53 - 2014-07-31 16:53 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\WebMatrixWeb (1).exe
2014-07-31 16:45 - 2014-07-31 16:45 - 01017600 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\vns_full.exe
2014-07-31 16:42 - 2014-07-31 16:42 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\VWD2010SP1AzurePack (1).exe
2014-07-31 16:33 - 2014-07-31 16:33 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\VWD2010SP1AzurePack.exe
2014-07-31 16:33 - 2014-07-31 16:33 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2014-07-31 16:15 - 2014-07-31 16:15 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2014-07-31 16:14 - 2014-08-16 11:27 - 00000000 ____D () C:\Users\DefaultAppPool
2014-07-31 16:14 - 2014-07-31 16:14 - 00000020 ___SH () C:\Users\.NET v2.0\ntuser.ini
2014-07-31 16:14 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-31 16:14 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-31 16:14 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Google
2014-07-31 16:14 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-31 16:14 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-31 16:14 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-31 16:14 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-31 16:13 - 2014-08-16 11:27 - 00000000 ____D () C:\Users\.NET v2.0 Classic
2014-07-31 16:13 - 2014-08-16 11:27 - 00000000 ____D () C:\Users\.NET v2.0
2014-07-31 16:13 - 2014-07-31 16:13 - 00000020 ___SH () C:\Users\Classic .NET AppPool\ntuser.ini
2014-07-31 16:13 - 2014-07-31 16:13 - 00000020 ___SH () C:\Users\.NET v2.0 Classic\ntuser.ini
2014-07-31 16:13 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-31 16:13 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-31 16:13 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-31 16:13 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-31 16:13 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Local\Google
2014-07-31 16:13 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Local\Google
2014-07-31 16:13 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-31 16:13 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-31 16:13 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-31 16:13 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-31 16:13 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-31 16:13 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-31 16:13 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-31 16:13 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-31 16:12 - 2014-08-16 11:27 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-07-31 16:12 - 2014-07-31 16:12 - 00974976 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-31 16:12 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-31 16:12 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-31 16:12 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Local\Google
2014-07-31 16:12 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-31 16:12 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-31 16:12 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-31 16:12 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-31 16:11 - 2014-07-31 16:14 - 00052174 _____ () C:\Windows\iis.log
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\inetpub
2014-07-30 18:59 - 2014-08-05 10:19 - 00000000 ____D () C:\Users\Pamela\AppData\Local\CrashDumps
2014-07-30 12:51 - 2014-07-30 13:27 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\TeamViewer
2014-07-30 12:50 - 2014-07-30 12:50 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-30 12:49 - 2014-07-30 12:49 - 06226040 _____ (TeamViewer GmbH) C:\Users\Pamela\Downloads\TeamViewer_Setup_en (1).exe
2014-07-30 12:48 - 2014-07-30 12:49 - 06226040 _____ (TeamViewer GmbH) C:\Users\Pamela\Downloads\TeamViewer_Setup_en.exe
2014-07-29 14:38 - 2014-07-29 14:38 - 00131584 _____ () C:\Windows\SysWOW64\vsflex8d.oca
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-25 13:04 - 2014-08-25 13:04 - 05185536 _____ (AVAST Software) C:\Users\Pamela\Downloads\aswmbr.exe
2014-08-25 13:03 - 2014-08-25 13:03 - 00019697 _____ () C:\Users\Pamela\Downloads\FRST.txt
2014-08-25 13:03 - 2014-08-25 13:01 - 00000000 ____D () C:\FRST
2014-08-25 13:03 - 2014-07-20 18:28 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3114B720-DA75-4FC5-BE52-C11EC9F56BF1}
2014-08-25 13:02 - 2014-08-25 13:02 - 02103296 _____ (Farbar) C:\Users\Pamela\Downloads\FRST64 (1).exe
2014-08-25 13:00 - 2014-08-25 13:00 - 02103296 _____ (Farbar) C:\Users\Pamela\Downloads\FRST64.exe
2014-08-25 13:00 - 2014-08-25 10:45 - 00000024 ____H () C:\Users\Pamela\Documents\Database.kdb.lock
2014-08-25 13:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-08-25 12:58 - 2014-07-21 15:59 - 00000000 ____D () C:\Users\Pamela\Documents\2012_Taxes
2014-08-25 12:23 - 2014-05-21 03:47 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-25 12:06 - 2014-08-18 19:01 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA.job
2014-08-25 12:02 - 2014-08-24 14:48 - 00000000 ____D () C:\Users\Pamela\Documents\2013_Taxes
2014-08-25 11:33 - 2014-07-21 16:01 - 00000000 ____D () C:\Users\Pamela\Documents\Invoices_Spreadsheets
2014-08-25 10:15 - 2014-05-21 03:08 - 01494699 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 04:11 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-08-24 19:06 - 2014-08-18 19:01 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core.job
2014-08-24 18:23 - 2014-05-21 03:47 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-22 19:04 - 2014-07-23 17:57 - 00177660 _____ () C:\Users\Pamela\Documents\Database.kdb
2014-08-22 08:41 - 2014-07-20 18:27 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3009154357-2946078869-2494234241-1001
2014-08-21 19:50 - 2014-07-21 10:33 - 00000035 _____ () C:\Windows\vbaddin.ini
2014-08-21 17:41 - 2014-08-21 17:41 - 00000000 ____D () C:\Program Files\runphp
2014-08-21 17:41 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2014-08-21 17:40 - 2014-08-21 17:40 - 00000000 ____D () C:\Users\Pamela\Downloads\runphp
2014-08-21 17:38 - 2014-08-21 17:37 - 00000000 ____D () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86 (1)
2014-08-21 17:37 - 2014-08-21 17:37 - 00000621 _____ () C:\Users\Pamela\Downloads\runphp.zip
2014-08-21 17:37 - 2014-08-21 17:36 - 17025700 _____ () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86 (1).zip
2014-08-21 17:11 - 2014-07-20 18:24 - 00000000 ___DO () C:\Users\Pamela\OneDrive
2014-08-21 17:10 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 17:10 - 2013-08-22 10:44 - 00479904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-21 17:09 - 2014-08-20 18:34 - 00000000 ____D () C:\AdwCleaner
2014-08-21 17:09 - 2014-04-09 00:06 - 00176696 _____ () C:\Windows\PFRO.log
2014-08-21 17:09 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-21 17:08 - 2014-05-21 03:37 - 00409910 _____ () C:\Users\Public\CAFADEBUG.log
2014-08-21 16:13 - 2014-08-21 16:13 - 00000000 ____D () C:\Users\Pamela\Downloads\creative-company
2014-08-21 16:06 - 2014-08-16 12:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 16:05 - 2014-08-21 16:05 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Pamela\Downloads\SpyHunter-Installer.exe
2014-08-20 18:33 - 2014-08-20 18:33 - 01364531 _____ () C:\Users\Pamela\Downloads\adwcleaner_3.308.exe
2014-08-20 17:25 - 2014-07-20 18:25 - 00002173 _____ () C:\Users\Pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-08-20 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppCompat
2014-08-19 13:34 - 2014-08-19 12:44 - 00000000 ____D () C:\Users\Pamela\Documents\Calibre Library
2014-08-19 13:33 - 2014-08-19 13:33 - 00252565 _____ () C:\Users\Pamela\Downloads\iOS reader applications.zip
2014-08-19 13:28 - 2014-08-19 12:44 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\calibre
2014-08-19 13:23 - 2014-08-19 13:23 - 00000000 ____D () C:\Users\Pamela\Downloads\tools_v6.0.9
2014-08-19 13:22 - 2014-08-19 13:22 - 01816358 _____ () C:\Users\Pamela\Downloads\tools_v6.0.9.zip
2014-08-19 13:11 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\Documents\My Kindle Content
2014-08-19 13:10 - 2014-08-19 12:45 - 00000000 ____D () C:\Users\Pamela\AppData\Local\calibre-cache
2014-08-19 13:07 - 2014-08-19 13:07 - 00000000 ____D () C:\Users\Pamela\Downloads\K4MobiDeDRM_v03.5_plugin
2014-08-19 13:05 - 2014-08-19 13:05 - 00049357 _____ () C:\Users\Pamela\Downloads\K4MobiDeDRM_v03.5_plugin.zip
2014-08-19 13:02 - 2014-08-19 12:56 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-19 13:02 - 2014-08-19 12:56 - 00000000 ____D () C:\ProgramData\625c78502d08bdca
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator
2014-08-19 12:56 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Google
2014-08-19 12:56 - 2014-05-21 03:47 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-19 12:56 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-19 12:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-19 12:44 - 2014-08-19 12:44 - 00000943 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-08-19 12:44 - 2014-08-19 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-08-19 12:44 - 2014-08-19 12:44 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-08-19 12:43 - 2014-08-19 12:42 - 56419840 _____ () C:\Users\Pamela\Downloads\calibre-1.48.0.msi
2014-08-19 12:40 - 2014-08-19 12:40 - 38157960 _____ (Amazon.com) C:\Users\Pamela\Downloads\KindleForPC-installer.exe
2014-08-19 12:40 - 2014-08-19 12:40 - 00002301 _____ () C:\Users\Pamela\Desktop\Kindle.lnk
2014-08-19 12:40 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-08-19 12:40 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Amazon
2014-08-18 19:01 - 2014-08-18 19:01 - 00895120 _____ (Google Inc.) C:\Users\Pamela\Downloads\GoogleVoiceAndVideoSetup (1).exe
2014-08-18 19:01 - 2014-08-18 19:01 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA
2014-08-18 19:01 - 2014-08-18 19:01 - 00003496 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core
2014-08-18 19:01 - 2014-07-20 18:42 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Mozilla
2014-08-18 18:23 - 2014-08-16 10:28 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-18 17:24 - 2014-07-21 14:50 - 00000000 ___RD () C:\Users\Pamela\Google Drive
2014-08-18 17:24 - 2014-05-21 03:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-16 13:02 - 2014-08-16 13:02 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-08-16 13:02 - 2014-08-16 13:02 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-16 13:00 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-16 12:55 - 2014-05-21 03:51 - 00000000 ____D () C:\ProgramData\Norton
2014-08-16 12:54 - 2014-05-21 03:51 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-16 12:33 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-08-16 12:01 - 2014-08-16 12:00 - 00869456 _____ () C:\Users\Pamela\Downloads\Norton_Removal_Tool.exe
2014-08-16 12:00 - 2014-08-16 12:00 - 00001089 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-16 11:59 - 2014-08-16 11:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pamela\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-16 11:47 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-16 11:29 - 2014-07-20 18:20 - 00000000 ____D () C:\Users\Pamela
2014-08-16 11:27 - 2014-07-31 16:14 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-16 11:27 - 2014-07-31 16:13 - 00000000 ____D () C:\Users\.NET v2.0 Classic
2014-08-16 11:27 - 2014-07-31 16:13 - 00000000 ____D () C:\Users\.NET v2.0
2014-08-16 11:27 - 2014-07-31 16:12 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-08-16 11:27 - 2013-08-22 11:36 - 00000000 __RSD () C:\Windows\Media
2014-08-16 11:26 - 2014-05-21 03:51 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SystemResources
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\WindowsInternal.Inbox.Shared
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\WindowsInternal.Inbox.Media.Shared
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2014-08-16 11:26 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-08-16 11:26 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\servicing
2014-08-16 11:25 - 2014-08-16 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-16 11:25 - 2014-08-13 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beyond Compare 3
2014-08-16 11:25 - 2014-08-13 18:26 - 00000000 ____D () C:\Program Files (x86)\Beyond Compare 3
2014-08-16 11:25 - 2014-07-23 18:04 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\KeePass
2014-08-16 11:25 - 2014-07-20 19:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 11:25 - 2014-07-20 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-16 11:25 - 2014-07-20 18:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 97
2014-08-16 11:25 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Globalization
2014-08-16 11:25 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-16 11:15 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\registration
2014-08-16 11:08 - 2014-07-20 18:21 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Adobe
2014-08-16 10:22 - 2014-04-09 00:21 - 00949458 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-16 10:12 - 2014-08-16 10:12 - 00895120 _____ (Google Inc.) C:\Users\Pamela\Downloads\ChromeSetup.exe
2014-08-15 15:18 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-15 15:15 - 2014-08-15 15:15 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Macromedia
2014-08-15 14:06 - 2014-07-21 15:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 14:03 - 2014-07-21 15:34 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 05:04 - 2014-04-09 00:19 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-08-15 05:02 - 2014-07-21 14:48 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-15 05:01 - 2014-04-09 00:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 05:01 - 2014-04-09 00:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 05:01 - 2014-04-09 00:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 05:01 - 2013-08-22 07:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 05:01 - 2013-08-22 07:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 05:01 - 2013-08-22 07:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 05:01 - 2013-08-22 07:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 05:01 - 2013-08-22 07:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 05:01 - 2013-08-22 07:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 05:01 - 2013-08-22 06:32 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 05:01 - 2013-08-22 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 05:01 - 2013-08-21 23:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 05:01 - 2013-08-21 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 05:01 - 2013-08-21 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 05:01 - 2013-08-21 23:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 05:01 - 2013-08-21 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 18:26 - 2014-08-13 18:26 - 05999792 _____ (Scooter Software ) C:\Users\Pamela\Downloads\BCompare-3.3.12.18414.exe
2014-08-13 18:26 - 2014-08-13 18:26 - 00000970 _____ () C:\Users\Public\Desktop\Beyond Compare 3.lnk
2014-08-13 18:26 - 2014-08-13 18:26 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Scooter Software
2014-08-13 15:42 - 2014-08-13 15:42 - 00218511 _____ () C:\Users\Pamela\Downloads\Tahoma.ttf
2014-08-13 15:38 - 2014-08-13 15:38 - 00035262 _____ () C:\Windows\Pamela.acl
2014-08-13 09:15 - 2014-07-21 14:03 - 00000000 ____D () C:\Program Files (x86)\HealthCalls
2014-08-12 14:40 - 2013-08-22 09:25 - 00000188 _____ () C:\Windows\win.ini
2014-08-11 18:28 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft WebMatrix
2014-08-11 11:49 - 2014-08-11 11:49 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-11 11:49 - 2014-08-11 11:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-11 09:44 - 2014-08-11 09:44 - 00001799 _____ () C:\Users\Pamela\Downloads\NightCircus9780385534642.acsm
2014-08-07 15:36 - 2014-08-07 15:36 - 00001089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-07 15:36 - 2014-08-07 15:36 - 00001077 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-07 11:33 - 2014-08-07 11:33 - 00000000 ____D () C:\Users\Pamela\Downloads\html5up-strongly-typed
2014-08-07 11:27 - 2014-08-07 11:27 - 00000000 ____D () C:\Users\Pamela\Downloads\html5up-striped
2014-08-06 22:12 - 2014-08-15 05:04 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-06 20:15 - 2014-08-06 20:15 - 00492367 _____ () C:\Users\Pamela\Downloads\html5up-striped.zip
2014-08-06 20:14 - 2014-08-06 20:14 - 00603815 _____ () C:\Users\Pamela\Downloads\html5up-strongly-typed.zip
2014-08-06 20:11 - 2014-08-06 20:11 - 00651375 _____ () C:\Users\Pamela\Downloads\zCumbeton.rar
2014-08-06 19:47 - 2014-08-06 19:47 - 00848491 _____ () C:\Users\Pamela\Downloads\point02.zip
2014-08-06 19:46 - 2014-08-06 19:46 - 01995836 _____ () C:\Users\Pamela\Downloads\caprice.zip
2014-08-06 19:30 - 2014-08-06 19:30 - 17025700 _____ () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86.zip
2014-08-06 19:11 - 2014-08-06 19:11 - 00000000 ____D () C:\Users\Pamela\Downloads\moderna_bt
2014-08-06 18:39 - 2014-08-15 05:04 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-06 17:22 - 2014-08-06 17:22 - 01616261 _____ () C:\Users\Pamela\Downloads\moderna_bt.zip
2014-08-05 14:29 - 2014-08-05 14:26 - 00000000 ____D () C:\Program Files\Nightly
2014-08-05 14:29 - 2014-07-20 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-05 14:25 - 2014-08-05 14:25 - 39713178 _____ () C:\Users\Pamela\Downloads\firefox-34.0a1.en-US.win64-x86_64.installer.exe
2014-08-05 14:14 - 2014-08-05 13:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 14:13 - 2014-08-05 13:58 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 14:13 - 2014-08-05 13:54 - 00001134 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-05 13:54 - 2014-08-05 13:54 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Mozilla
2014-08-05 13:53 - 2014-08-05 13:53 - 32239888 _____ () C:\Users\Pamela\Downloads\Firefox Setup 31.0.exe
2014-08-05 13:35 - 2014-08-05 13:35 - 00244120 _____ () C:\Users\Pamela\Downloads\Firefox Setup Stub 31.0.exe
2014-08-05 10:19 - 2014-07-30 18:59 - 00000000 ____D () C:\Users\Pamela\AppData\Local\CrashDumps
2014-08-04 14:53 - 2014-08-04 14:53 - 00000000 ____D () C:\Users\Pamela\Documents\creative-company
2014-08-04 14:53 - 2014-08-04 14:51 - 00580883 _____ () C:\Users\Pamela\Downloads\creative-company.zip
2014-08-04 14:29 - 2014-08-04 14:29 - 00000000 ____D () C:\Users\Pamela\Documents\captivate
2014-08-04 14:24 - 2014-08-04 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-04 14:24 - 2014-08-04 14:24 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-04 14:23 - 2014-08-04 14:23 - 01376768 _____ () C:\Users\Pamela\Downloads\7z920-x64.msi
2014-08-04 14:20 - 2014-08-04 14:20 - 00228839 _____ () C:\Users\Pamela\Downloads\captivate.7z
2014-08-04 13:15 - 2014-07-21 16:00 - 00000000 ____D () C:\Users\Pamela\Documents\AutoReports
2014-08-02 19:00 - 2014-08-02 19:00 - 00001777 _____ () C:\Users\Pamela\Downloads\GoldfinchANovel9780316248679.acsm
2014-08-01 23:56 - 2014-08-15 05:04 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-01 23:11 - 2014-08-15 05:04 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-01 20:17 - 2014-07-21 15:42 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 20:17 - 2014-07-21 15:42 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Oracle
2014-08-01 15:21 - 2014-08-01 15:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Sun
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 15:20 - 2014-08-01 15:20 - 00918952 _____ (Oracle Corporation) C:\Users\Pamela\Downloads\chromeinstall-7u65.exe
2014-08-01 15:19 - 2014-08-01 15:19 - 00001784 _____ () C:\Users\Pamela\Downloads\Printer-Jumpstart.jnlp
2014-07-31 18:31 - 2014-07-31 18:31 - 00025667 _____ () C:\Users\Pamela\Downloads\NCS_Clients.xlsx
2014-07-31 16:57 - 2014-07-31 16:57 - 00000000 ____D () C:\Users\Pamela\Documents\My Web Sites
2014-07-31 16:57 - 2014-07-31 16:57 - 00000000 ____D () C:\Users\Pamela\Documents\IISExpress
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Microsoft Corporation
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft WebMatrix
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files\IIS Express
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files\IIS
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\IIS
2014-07-31 16:56 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-07-31 16:55 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-07-31 16:55 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-31 16:53 - 2014-07-31 16:53 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\WebMatrixWeb.exe
2014-07-31 16:53 - 2014-07-31 16:53 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\WebMatrixWeb (1).exe
2014-07-31 16:45 - 2014-07-31 16:45 - 01017600 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\vns_full.exe
2014-07-31 16:42 - 2014-07-31 16:42 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\VWD2010SP1AzurePack (1).exe
2014-07-31 16:33 - 2014-07-31 16:33 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\VWD2010SP1AzurePack.exe
2014-07-31 16:33 - 2014-07-31 16:33 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2014-07-31 16:21 - 2013-08-22 10:46 - 00016885 _____ () C:\Windows\setupact.log
2014-07-31 16:15 - 2014-07-31 16:15 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2014-07-31 16:14 - 2014-07-31 16:14 - 00000020 ___SH () C:\Users\.NET v2.0\ntuser.ini
2014-07-31 16:14 - 2014-07-31 16:11 - 00052174 _____ () C:\Windows\iis.log
2014-07-31 16:14 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-07-31 16:14 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-07-31 16:13 - 2014-07-31 16:13 - 00000020 ___SH () C:\Users\Classic .NET AppPool\ntuser.ini
2014-07-31 16:13 - 2014-07-31 16:13 - 00000020 ___SH () C:\Users\.NET v2.0 Classic\ntuser.ini
2014-07-31 16:12 - 2014-07-31 16:12 - 00974976 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\inetpub
2014-07-31 16:10 - 2014-04-09 00:28 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2014-07-31 16:10 - 2014-04-09 00:28 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2014-07-31 16:10 - 2014-04-09 00:28 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2014-07-31 16:10 - 2013-08-22 07:25 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\aspperf.dll
2014-07-31 16:10 - 2013-08-21 23:59 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspperf.dll
2014-07-30 13:27 - 2014-07-30 12:51 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\TeamViewer
2014-07-30 12:50 - 2014-07-30 12:50 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-30 12:49 - 2014-07-30 12:49 - 06226040 _____ (TeamViewer GmbH) C:\Users\Pamela\Downloads\TeamViewer_Setup_en (1).exe
2014-07-30 12:49 - 2014-07-30 12:48 - 06226040 _____ (TeamViewer GmbH) C:\Users\Pamela\Downloads\TeamViewer_Setup_en.exe
2014-07-29 14:38 - 2014-07-29 14:38 - 00131584 _____ () C:\Windows\SysWOW64\vsflex8d.oca
2014-07-29 14:38 - 2014-07-21 14:01 - 00069120 _____ () C:\Windows\SysWOW64\DBLIST32.oca
2014-07-29 14:38 - 2014-07-21 14:01 - 00048640 _____ () C:\Windows\SysWOW64\MSMASK32.oca
2014-07-29 14:38 - 2014-07-21 14:01 - 00043008 _____ () C:\Windows\SysWOW64\TABCTL32.oca
2014-07-28 19:33 - 2014-07-20 18:20 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Packages
2014-07-28 18:39 - 2014-07-21 13:25 - 00076288 _____ () C:\Windows\SysWOW64\MSFLXGRD.oca
2014-07-28 18:39 - 2014-07-21 13:25 - 00062464 _____ () C:\Windows\SysWOW64\DBGRID32.oca
 
Some content of TEMP:
====================
C:\Users\Pamela\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Pamela\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Pamela\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Pamela\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Pamela\AppData\Local\Temp\optprosetup.exe
C:\Users\Pamela\AppData\Local\Temp\ose00000.exe
C:\Users\Pamela\AppData\Local\Temp\Quarantine.exe
C:\Users\Pamela\AppData\Local\Temp\vs60wiz.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-25 02:34
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by Pamela at 2014-08-25 13:04:25
Running from C:\Users\Pamela\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{893CB813-4179-4BFE-8D33-ABCC38816B48}) (Version: 1.0.6 - Amazon)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Beyond Compare 3.3.12 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.12.18414 - Scooter Software)
calibre (HKLM-x32\...\{DD649DA2-BBD9-4247-85DD-E04F7C1E8552}) (Version: 1.48.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.36.50 - Conexant)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.3920.05 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Digital Pass Launcher (HKLM-x32\...\{2359C6E9-DE4F-4FDA-9C12-AE6EFC2EE330}) (Version: 1.0.0.0 - TOSHIBA America Information Systems, Inc)
DTS Sound (HKLM-x32\...\{5B54DDC3-0ACC-4722-9C23-C3F07AF4825D}) (Version: 1.01.6700 - DTS, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HlthCalls (HKLM-x32\...\ST6UNST #1) (Version:  - )
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Chipset Device Software (Version: 10.0.13 - Intel Corporation) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.9.0.1001 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
KeePass Password Safe 1.27 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.27 - Dominik Reichl)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version:  - )
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version:  - )
Microsoft WebMatrix 3 (HKLM-x32\...\{4C1CB8FA-89A5-476A-89B6-C69BDC668A9F}) (Version: 2.0.1932 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0a1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.0.3.0 - Toshiba Corporation)
TOSHIBA Password Utility (Version: 6.0.3.0 - Toshiba Corporation) Hidden
Toshiba Quality Application (x32 Version: 1.0.9.4B2 - TOSHIBA) Hidden
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3009154357-2946078869-2494234241-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pamela\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3009154357-2946078869-2494234241-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pamela\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
 
==================== Restore Points  =========================
 
19-08-2014 16:43:43 Installed calibre
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CEC0127-DC5D-48FE-8613-E5CC606B641E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {17BADB45-EE00-484C-967F-CCEAC3E74C97} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21BAC06B-7F59-4169-B8D7-0E8B6069B1F4} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2288088E-90B7-4C4F-AACA-E07FEB1EB2A0} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31C8A8ED-2628-4896-AE68-95AE78713CCE} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {38005E53-10A8-47F3-85E8-13411D869249} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {3840739C-82D3-46A9-BD4D-2AC0545DB8AC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {38A5169A-5575-403D-84E2-C023DBDF78BB} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {39214707-E975-45A6-8A84-1908A3BDCB3A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3FE58958-7CCE-42F8-9771-E7FA79650779} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA => C:\Users\Pamela\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {43335F32-97CC-4C4E-958B-4FAF6EA163CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5B29B90B-242C-4152-AC26-122DBD3D4D96} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-15] (Microsoft Corporation)
Task: {6118C4B9-C109-4B92-AAD4-7BEF0662215B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {63DD5B30-7081-46EC-98C1-1B6D82DE4DAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {85E7EE51-F3ED-48BC-937A-66C0D4AD14B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E651716-E211-4AFF-BB5E-6DF5456D51C7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe
Task: {9995C110-ED39-4871-AEC4-710F66CB9EFC} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A093E72A-42BB-407D-B48A-055373D3C46B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {AD2DFB9B-6A2D-411D-AB65-8A9E4167F0F5} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {BB62FECE-8907-4E1E-A05C-29E2D4AD5462} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C53406FA-6B12-4F07-984E-6D263FDDF029} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E4547329-E45F-4AE2-A0AB-E6E1890EB524} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EB82D48B-5948-4DB4-8E47-0C165D44F68B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core => C:\Users\Pamela\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core.job => C:\Users\Pamela\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA.job => C:\Users\Pamela\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-21 17:09 - 2014-03-21 17:09 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
1997-07-11 00:00 - 1997-07-11 00:00 - 00051984 _____ () C:\Program Files (x86)\Microsoft Office 97\Office\OSA.EXE
2012-09-19 02:07 - 2012-09-19 06:07 - 01579520 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\LMADGQ4Z.DLL
1997-07-11 00:00 - 1997-07-11 00:00 - 03782416 _____ () C:\Program Files (x86)\Microsoft Office 97\Office\MSO97.DLL
2014-05-21 03:10 - 2014-03-06 16:15 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2007-03-22 19:29 - 2007-03-22 19:29 - 00099160 _____ () C:\Program Files (x86)\Microsoft Office\OFFICE11\AW.DLL
2014-08-16 10:28 - 2014-08-06 23:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-16 10:28 - 2014-08-06 23:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-16 10:28 - 2014-08-06 23:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-16 10:28 - 2014-08-06 23:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-16 10:28 - 2014-08-06 23:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-07-20 18:42 - 2014-06-10 04:50 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-07-20 18:42 - 2014-06-10 04:50 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-07-20 18:42 - 2014-06-10 04:50 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-08-05 13:54 - 2014-07-17 01:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-16 10:28 - 2014-08-06 23:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Pamela\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/21/2014 05:40:23 PM) (Source: IIS Express) (EventID: 2276) (User: )
Description: The worker process failed to initialize correctly and therefore could not be started.  The data is the error.
 
Error: (08/21/2014 05:40:22 PM) (Source: IIS Express) (EventID: 2269) (User: )
Description: The worker process for app pool 'Clr4IntegratedAppPool', PID='5428', failed to initialize the http.sys communication when asked to start processing http requests and therefore will be considered ill by W3SVC and terminated.  The data field contains the error number.
 
Error: (08/20/2014 03:01:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 36.0.1985.143 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 15e8
 
Start Time: 01cfbca8cc2e5790
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 5c09f92e-289c-11e4-8276-c454446a59a1
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/16/2014 00:00:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (1168) SRUJet: Database recovery/restore failed with unexpected error -539.
 
Error: (08/16/2014 11:50:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 36.0.1985.143 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1620
 
Start Time: 01cfb96959a7298a
 
Termination Time: 60000
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: deeaa489-255c-11e4-8274-c454446a59a1
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/16/2014 11:37:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20573 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a2c
 
Start Time: 01cfb966ed041cbd
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: e2bcd02b-255a-11e4-8274-c454446a59a1
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (08/16/2014 11:03:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 36.0.1985.125, time stamp: 0x53c4dbee
Faulting module name: chrome.dll, version: 36.0.1985.125, time stamp: 0x53c4d8ad
Exception code: 0x80000003
Fault offset: 0x004aa883
Faulting process id: 0xeb0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (08/16/2014 11:03:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 36.0.1985.125, time stamp: 0x53c4dbee
Faulting module name: chrome.dll, version: 36.0.1985.125, time stamp: 0x53c4d8ad
Exception code: 0x80000003
Fault offset: 0x004aa883
Faulting process id: 0x1248
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (08/16/2014 11:02:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 36.0.1985.125, time stamp: 0x53c4dbee
Faulting module name: chrome.dll, version: 36.0.1985.125, time stamp: 0x53c4d8ad
Exception code: 0x80000003
Fault offset: 0x004aa883
Faulting process id: 0x940
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (08/16/2014 11:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1148) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU001B1.log.
 
 
System errors:
=============
Error: (08/25/2014 02:34:51 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a42\SystemRoot\System32\Config\RegBack\SYSTEM
 
Error: (08/24/2014 02:41:59 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a42\SystemRoot\System32\Config\RegBack\SYSTEM
 
Error: (08/21/2014 05:12:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (08/21/2014 05:09:23 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (08/20/2014 06:45:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (08/20/2014 05:26:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (08/16/2014 00:53:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (08/16/2014 11:50:55 AM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (08/16/2014 11:28:04 AM) (Source: NetBT) (EventID: 4300) (User: )
Description: The driver could not be created.
 
Error: (08/16/2014 11:28:04 AM) (Source: NetBT) (EventID: 4300) (User: )
Description: The driver could not be created.
 
 
Microsoft Office Sessions:
=========================
Error: (08/21/2014 05:40:23 PM) (Source: IIS Express) (EventID: 2276) (User: )
Description: 
 
Error: (08/21/2014 05:40:22 PM) (Source: IIS Express) (EventID: 2269) (User: )
Description: Clr4IntegratedAppPool5428
 
Error: (08/20/2014 03:01:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe36.0.1985.14315e801cfbca8cc2e57904294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exe5c09f92e-289c-11e4-8276-c454446a59a1
 
Error: (08/16/2014 00:00:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost1168SRUJet: -539
 
Error: (08/16/2014 11:50:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe36.0.1985.143162001cfb96959a7298a60000C:\Program Files (x86)\Google\Chrome\Application\chrome.exedeeaa489-255c-11e4-8274-c454446a59a1
 
Error: (08/16/2014 11:37:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20573a2c01cfb966ed041cbd4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exee2bcd02b-255a-11e4-8274-c454446a59a1microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (08/16/2014 11:03:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe36.0.1985.12553c4dbeechrome.dll36.0.1985.12553c4d8ad80000003004aa883eb001cfb963490ab892C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\chrome.dll871f0742-2556-11e4-8271-c454446a59a1
 
Error: (08/16/2014 11:03:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe36.0.1985.12553c4dbeechrome.dll36.0.1985.12553c4d8ad80000003004aa883124801cfb9632cce34b8C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\chrome.dll6a83aae1-2556-11e4-8271-c454446a59a1
 
Error: (08/16/2014 11:02:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe36.0.1985.12553c4dbeechrome.dll36.0.1985.12553c4d8ad80000003004aa88394001cfb96310e367c7C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\chrome.dll505cf6ac-2556-11e4-8271-c454446a59a1
 
Error: (08/16/2014 11:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost1148SRUJet: C:\Windows\system32\SRU\SRU001B1.log-1811 (0xfffff8ed)
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-22 03:14:46.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-21 03:50:16.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-16 13:24:07.786
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 30%
Total physical RAM: 8112.14 MB
Available physical RAM: 5651.62 MB
Total Pagefile: 9392.14 MB
Available Pagefile: 6839.39 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (TI10692200C) (Fixed) (Total:921.26 GB) (Free:879.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
When I started aswMBR there was a question about "Virualization Technology" and I answered "Yes"
 
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-25 13:06:30
-----------------------------
13:06:30.979    OS Version: Windows x64 6.2.9200 
13:06:30.979    Number of processors: 4 586 0x4501
13:06:30.979    ComputerName: TOSHIBA  UserName: Pamela
13:06:32.266    Initialize success
13:06:32.335    VM: initialized successfully
13:06:32.357    VM: Intel CPU supported 
13:07:18.033    VM: disk I/O iaStorA.sys
13:08:24.481    AVAST engine defs: 14082500
13:09:34.802    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002e
13:09:34.804    Disk 0 Vendor: HGST_HTS541010A9E680 JA0OA700 Size: 953869MB BusType: 11
13:09:34.927    Disk 0 MBR read successfully
13:09:34.934    Disk 0 MBR scan
13:09:34.943    Disk 0 unknown MBR code
13:09:34.947    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
13:09:35.011    Disk 0 scanning C:\Windows\system32\drivers
13:09:49.409    Service scanning
13:10:38.310    Modules scanning
13:10:38.326    Disk 0 trace - called modules:
13:10:38.762    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
13:10:38.772    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00048d3f060]
13:10:38.785    3 CLASSPNP.SYS[fffff801f000227b] -> nt!IofCallDriver -> [0xffffe0004622c9f0]
13:10:38.796    5 ACPI.sys[fffff801efe8d7aa] -> nt!IofCallDriver -> \Device\0000002e[0xffffe00046f50060]
13:10:39.975    AVAST engine scan C:\Windows
13:10:43.175    AVAST engine scan C:\Windows\system32
13:14:37.182    AVAST engine scan C:\Windows\system32\drivers
13:14:56.628    AVAST engine scan C:\Users\Pamela
13:19:16.163    File: C:\Users\Pamela\AppData\Local\Temp\LiveSupport_setup.exe  **INFECTED** Win32:Malware-gen
13:19:27.857    File: C:\Users\Pamela\AppData\Local\Temp\s4h8\temp\setupespl.exe  **INFECTED** Win32:Dropper-gen [Drp]
13:19:30.643    File: C:\Users\Pamela\AppData\Local\Temp\s4h8\temp\setupnt.exe  **INFECTED** Win32:Dropper-gen [Drp]
13:19:34.193    File: C:\Users\Pamela\AppData\Local\Temp\s6l0\temp\extIE_setup.exe  **INFECTED** Win32:Dropper-gen [Drp]
13:19:39.158    File: C:\Users\Pamela\AppData\Local\Temp\s6l0\temp\setupbc.exe  **INFECTED** Win32:Dropper-gen [Drp]
13:19:41.762    File: C:\Users\Pamela\AppData\Local\Temp\s6l0\temp\setupespl.exe  **INFECTED** Win32:Dropper-gen [Drp]
13:19:44.473    File: C:\Users\Pamela\AppData\Local\Temp\s6l0\temp\setupnt.exe  **INFECTED** Win32:Dropper-gen [Drp]
13:19:47.340    File: C:\Users\Pamela\AppData\Local\Temp\s6l0\temp\setupytb.exe  **INFECTED** Win32:Dropper-gen [Drp]
13:22:03.553    AVAST engine scan C:\ProgramData
13:23:12.023    Scan finished successfully
13:27:05.894    Disk 0 MBR has been saved successfully to "C:\Users\Pamela\Desktop\MBR.dat"
13:27:05.905    The log file has been saved successfully to "C:\Users\Pamela\Desktop\aswMBR.txt"
 
Thanks so much for your help....Pam
 
 
 


#4 pjnewberry

pjnewberry
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 25 August 2014 - 05:25 PM

By the way, your general instructions said to "make sure that the "Received notification" box is checked and set to"Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster." I can not find this option. I only see on the right the 3: Enable emoticons, Enable signature, and Follow this topic. But I don't see the Receive message. I really would like to have the immediate email notification that there is a response waiting so perhaps you can provide me with something that will help me find this option. Again, thanks I really do appreciate your help with this.

Pam



#5 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 25 August 2014 - 07:34 PM

By the way, your general instructions said to "make sure that the "Received notification" box is checked and set to"Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster." I can not find this option. I only see on the right the 3: Enable emoticons, Enable signature, and Follow this topic. But I don't see the Receive message. I really would like to have the immediate email notification that there is a response waiting so perhaps you can provide me with something that will help me find this option. Again, thanks I really do appreciate your help with this.
Pam


That's the one, Follow this topic. It will send you an email every time I respond to the topic. I need to tweak my instructions a bit. :) And your quite welcome for the help, it's my pleasure. :thumbsup:

Let's get started fixing your machine.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Note: Before running these steps, please move FRST64.exe from C:\Users\Pamela\Downloads to your desktop or the fix will not work.

Step 1: Fix with Farbar's Recovery Scan Tool
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
HKLM\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
CustomCLSID: HKU\S-1-5-21-3009154357-2946078869-2494234241-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pamela\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3009154357-2946078869-2494234241-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pamela\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Hosts:
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Scan Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#6 pjnewberry

pjnewberry
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 26 August 2014 - 10:11 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 03
Ran by Pamela at 2014-08-26 10:34:53 Run:1
Running from C:\Users\Pamela\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKLM\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
CustomCLSID: HKU\S-1-5-21-3009154357-2946078869-2494234241-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pamela\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3009154357-2946078869-2494234241-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pamela\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Hosts:
Emptytemp:
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
"HKU\S-1-5-21-3009154357-2946078869-2494234241-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-3009154357-2946078869-2494234241-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Pamela on Tue 08/26/2014 at 10:38:45.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Pamela\AppData\Roaming\mozilla\firefox\profiles\xw74g9y3.default\prefs.js
 
user_pref("extensions.2a_aa6.url", "hxxp://fasten-tech.com/sync2/?q=hfZ9ofV9CShEAen0rHC6tMqLDe49CNU0llrMCMlNhd9Fqda5rjUFqTk7rTaMBzqUojw9rdYFpjsGqjg8qih7hfs0pihPBMn0qjr4rTs6qHs
Emptied folder: C:\Users\Pamela\AppData\Roaming\mozilla\firefox\profiles\xw74g9y3.default\minidumps [1 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/26/2014 at 10:42:29.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v3.308 - Report created 26/08/2014 at 10:51:30
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Pamela - TOSHIBA
# Running from : C:\Users\Pamela\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[ File : C:\Users\Pamela\AppData\Roaming\Mozilla\Firefox\Profiles\xw74g9y3.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [10557 octets] - [20/08/2014 18:34:04]
AdwCleaner[R1].txt - [1707 octets] - [21/08/2014 17:05:22]
AdwCleaner[R2].txt - [1158 octets] - [26/08/2014 10:49:41]
AdwCleaner[S0].txt - [10341 octets] - [20/08/2014 18:39:40]
AdwCleaner[S1].txt - [1774 octets] - [21/08/2014 17:08:57]
AdwCleaner[S2].txt - [1080 octets] - [26/08/2014 10:51:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1140 octets] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by Pamela (administrator) on TOSHIBA on 26-08-2014 11:07:04
Running from C:\Users\Pamela\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
() C:\Program Files (x86)\Microsoft Office 97\Office\OSA.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Pamela\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [914648 2014-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830104 2014-01-14] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3009154357-2946078869-2494234241-1001\...\Run: [Google Update] => "C:\Users\Pamela\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office 97\Office\FINDFAST.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office 97\Office\OSA.EXE ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9EF8352071B2CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - {296C838C-04C2-4603-A5BE-7A7A7E803E59} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM-x32 - {296C838C-04C2-4603-A5BE-7A7A7E803E59} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKCU - {296C838C-04C2-4603-A5BE-7A7A7E803E59} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Pamela\AppData\Roaming\Mozilla\Firefox\Profiles\xw74g9y3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pamela\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Pamela\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Pamela\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Pamela\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Pamela\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pamela\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: FireFTP - C:\Users\Pamela\AppData\Roaming\Mozilla\Firefox\Profiles\xw74g9y3.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-08-05]
FF Extension: Web Developer - C:\Users\Pamela\AppData\Roaming\Mozilla\Firefox\Profiles\xw74g9y3.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-08-06]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Entanglement Web App) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-07-20]
CHR Extension: (Facebook Full size Profile Pictures) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcgdkfpobnjbhhmmelbojdakpehniof [2014-08-19]
CHR Extension: (Angry Birds) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-07-20]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-07-20]
CHR Extension: (Google Docs) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-20]
CHR Extension: (Google Drive) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-20]
CHR Extension: (Language Immersion for Chrome) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-07-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-20]
CHR Extension: (Web Developer) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-07-20]
CHR Extension: (WOT) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-20]
CHR Extension: (YouTube) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-20]
CHR Extension: (Google Cast) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-20]
CHR Extension: (Google Search) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-20]
CHR Extension: (Google Calendar) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-07-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-07-20]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2014-08-21]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-07-20]
CHR Extension: (Tape) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfleijdbicilompnnombcbkcgidbefb [2014-07-20]
CHR Extension: (Poppit!) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-07-20]
CHR Extension: (Ghostery) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-07-20]
CHR Extension: (Google Wallet) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20]
CHR Extension: (__MSG_extBrowserActionName__) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelggcmknbjmhkpgjfhakedcfnkgbdpg [2014-07-20]
CHR Extension: (Evernote Web Clipper) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-07-20]
CHR Extension: (Gmail) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-21] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-06] (Intel Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [128000 2014-08-05] (Mozilla Foundation) [File not signed]
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [88720 2014-05-05] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-31] (Microsoft Corporation)
R2 w3svc; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-07-31] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-26 11:07 - 2014-08-26 11:07 - 00018524 _____ () C:\Users\Pamela\Desktop\FRST.txt
2014-08-26 11:06 - 2014-08-26 11:06 - 00001220 _____ () C:\Users\Pamela\Desktop\AdwCleaner[S2].txt
2014-08-26 10:45 - 2014-08-26 10:45 - 01364531 _____ () C:\Users\Pamela\Downloads\AdwCleaner.exe
2014-08-26 10:45 - 2014-08-26 10:45 - 01364531 _____ () C:\Users\Pamela\Desktop\AdwCleaner.exe
2014-08-26 10:44 - 2014-08-26 10:44 - 00000882 _____ () C:\Users\Pamela\Desktop\fixlist.txt
2014-08-26 10:42 - 2014-08-26 10:42 - 00001058 _____ () C:\Users\Pamela\Desktop\JRT.txt
2014-08-26 10:38 - 2014-08-26 10:38 - 00000000 ____D () C:\Windows\ERUNT
2014-08-26 10:38 - 2014-08-26 10:37 - 01016261 _____ (Thisisu) C:\Users\Pamela\Desktop\JRT.exe
2014-08-26 10:37 - 2014-08-26 10:37 - 01016261 _____ (Thisisu) C:\Users\Pamela\Downloads\JRT.exe
2014-08-26 10:31 - 2014-08-25 13:02 - 02103296 _____ (Farbar) C:\Users\Pamela\Desktop\FRST64 (1).exe
2014-08-25 13:27 - 2014-08-25 13:27 - 00002867 _____ () C:\Users\Pamela\Desktop\aswMBR_20140825.txt
2014-08-25 13:27 - 2014-08-25 13:27 - 00000512 _____ () C:\Users\Pamela\Desktop\MBR.dat
2014-08-25 13:04 - 2014-08-25 13:04 - 05185536 _____ (AVAST Software) C:\Users\Pamela\Downloads\aswmbr.exe
2014-08-25 13:04 - 2014-08-25 13:04 - 00041079 _____ () C:\Users\Pamela\Downloads\Addition.txt
2014-08-25 13:03 - 2014-08-25 13:04 - 00083227 _____ () C:\Users\Pamela\Downloads\FRST.txt
2014-08-25 13:02 - 2014-08-25 13:02 - 02103296 _____ (Farbar) C:\Users\Pamela\Downloads\FRST64 (1).exe
2014-08-25 13:01 - 2014-08-26 11:07 - 00000000 ____D () C:\FRST
2014-08-25 13:00 - 2014-08-25 13:00 - 02103296 _____ (Farbar) C:\Users\Pamela\Downloads\FRST64.exe
2014-08-24 14:48 - 2014-08-25 19:51 - 00000000 ____D () C:\Users\Pamela\Documents\2013_Taxes
2014-08-21 17:41 - 2014-08-21 17:41 - 00000000 ____D () C:\Program Files\runphp
2014-08-21 17:40 - 2014-08-21 17:40 - 00000000 ____D () C:\Users\Pamela\Downloads\runphp
2014-08-21 17:37 - 2014-08-21 17:38 - 00000000 ____D () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86 (1)
2014-08-21 17:37 - 2014-08-21 17:37 - 00000621 _____ () C:\Users\Pamela\Downloads\runphp.zip
2014-08-21 17:36 - 2014-08-21 17:37 - 17025700 _____ () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86 (1).zip
2014-08-21 16:13 - 2014-08-21 16:13 - 00000000 ____D () C:\Users\Pamela\Downloads\creative-company
2014-08-21 16:05 - 2014-08-21 16:05 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Pamela\Downloads\SpyHunter-Installer.exe
2014-08-20 18:34 - 2014-08-26 10:51 - 00000000 ____D () C:\AdwCleaner
2014-08-20 18:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-20 18:33 - 2014-08-20 18:33 - 01364531 _____ () C:\Users\Pamela\Downloads\adwcleaner_3.308.exe
2014-08-19 13:33 - 2014-08-19 13:33 - 00252565 _____ () C:\Users\Pamela\Downloads\iOS reader applications.zip
2014-08-19 13:23 - 2014-08-19 13:23 - 00000000 ____D () C:\Users\Pamela\Downloads\tools_v6.0.9
2014-08-19 13:22 - 2014-08-19 13:22 - 01816358 _____ () C:\Users\Pamela\Downloads\tools_v6.0.9.zip
2014-08-19 13:07 - 2014-08-19 13:07 - 00000000 ____D () C:\Users\Pamela\Downloads\K4MobiDeDRM_v03.5_plugin
2014-08-19 13:05 - 2014-08-19 13:05 - 00049357 _____ () C:\Users\Pamela\Downloads\K4MobiDeDRM_v03.5_plugin.zip
2014-08-19 12:56 - 2014-08-26 10:36 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-19 12:56 - 2014-08-19 13:02 - 00000000 ____D () C:\ProgramData\625c78502d08bdca
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator
2014-08-19 12:45 - 2014-08-19 13:10 - 00000000 ____D () C:\Users\Pamela\AppData\Local\calibre-cache
2014-08-19 12:44 - 2014-08-19 13:34 - 00000000 ____D () C:\Users\Pamela\Documents\Calibre Library
2014-08-19 12:44 - 2014-08-19 13:28 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\calibre
2014-08-19 12:44 - 2014-08-19 12:44 - 00000943 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-08-19 12:44 - 2014-08-19 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-08-19 12:44 - 2014-08-19 12:44 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-08-19 12:42 - 2014-08-19 12:43 - 56419840 _____ () C:\Users\Pamela\Downloads\calibre-1.48.0.msi
2014-08-19 12:40 - 2014-08-19 13:11 - 00000000 ____D () C:\Users\Pamela\Documents\My Kindle Content
2014-08-19 12:40 - 2014-08-19 12:40 - 38157960 _____ (Amazon.com) C:\Users\Pamela\Downloads\KindleForPC-installer.exe
2014-08-19 12:40 - 2014-08-19 12:40 - 00002301 _____ () C:\Users\Pamela\Desktop\Kindle.lnk
2014-08-19 12:40 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-08-19 12:40 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Amazon
2014-08-18 19:01 - 2014-08-26 11:06 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA.job
2014-08-18 19:01 - 2014-08-25 19:06 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core.job
2014-08-18 19:01 - 2014-08-18 19:01 - 00895120 _____ (Google Inc.) C:\Users\Pamela\Downloads\GoogleVoiceAndVideoSetup (1).exe
2014-08-18 19:01 - 2014-08-18 19:01 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA
2014-08-18 19:01 - 2014-08-18 19:01 - 00003496 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core
2014-08-16 13:02 - 2014-08-16 13:02 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-08-16 13:02 - 2014-08-16 13:02 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-16 12:59 - 2014-01-19 03:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-16 12:00 - 2014-08-21 16:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 12:00 - 2014-08-16 12:01 - 00869456 _____ () C:\Users\Pamela\Downloads\Norton_Removal_Tool.exe
2014-08-16 12:00 - 2014-08-16 12:00 - 00001089 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-16 12:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-16 12:00 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-16 12:00 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-16 11:59 - 2014-08-16 11:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pamela\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-16 10:28 - 2014-08-18 18:23 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-16 10:28 - 2014-08-16 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-16 10:12 - 2014-08-16 10:12 - 00895120 _____ (Google Inc.) C:\Users\Pamela\Downloads\ChromeSetup.exe
2014-08-15 15:15 - 2014-08-15 15:15 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Macromedia
2014-08-15 05:08 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 05:08 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 05:08 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 05:08 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 05:08 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 05:08 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 05:08 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 05:08 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 05:08 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 05:08 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 05:08 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 05:08 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 05:08 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 05:08 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 05:08 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 05:08 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 05:08 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 05:08 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 05:08 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 05:08 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 05:08 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 05:08 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 05:08 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 05:08 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 05:08 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 05:08 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 05:08 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 05:08 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 05:08 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 05:08 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 05:08 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 05:08 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 05:08 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 05:08 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 05:08 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 05:08 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 05:08 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 05:08 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-08-15 05:08 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 05:08 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-08-15 05:08 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-08-15 05:07 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 05:07 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 05:07 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-15 05:05 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-08-15 05:05 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-08-15 05:05 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-08-15 05:05 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-08-15 05:05 - 2014-07-10 00:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-08-15 05:05 - 2014-07-10 00:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-08-15 05:05 - 2014-07-09 23:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-08-15 05:04 - 2014-08-06 22:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 05:04 - 2014-08-06 18:39 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 05:04 - 2014-08-01 23:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 05:04 - 2014-08-01 23:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-15 05:04 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-08-15 05:04 - 2014-06-05 10:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-08-15 05:04 - 2014-06-05 09:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-08-15 05:04 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 05:04 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 05:04 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 05:04 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 05:04 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 05:04 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 05:04 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 05:04 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-08-15 05:04 - 2014-05-31 06:07 - 00467800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-08-15 05:04 - 2014-05-31 06:07 - 00440664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-08-15 05:04 - 2014-05-31 06:07 - 00419672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-08-15 05:04 - 2014-05-31 06:07 - 00089944 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-08-15 05:04 - 2014-05-31 06:07 - 00027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-08-15 05:04 - 2014-05-31 02:30 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-08-15 05:04 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-08-15 05:04 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-08-15 05:04 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-08-15 05:04 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-08-15 05:04 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-08-15 05:04 - 2014-05-27 11:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-15 05:04 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-08-15 05:04 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-08-15 05:04 - 2014-05-17 00:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-08-15 05:04 - 2014-05-17 00:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-08-15 05:04 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-08-15 05:04 - 2014-05-13 01:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-15 05:04 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-08-15 05:04 - 2014-05-13 00:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-08-15 05:04 - 2014-05-12 23:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-15 05:04 - 2014-05-12 23:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-08-15 05:04 - 2014-05-03 07:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-15 05:04 - 2014-05-03 05:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-15 05:04 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-08-15 05:04 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-08-15 05:04 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-08-15 05:04 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-08-15 05:04 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-08-15 05:04 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-08-15 05:04 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-08-15 05:04 - 2014-05-02 19:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-08-15 05:04 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-15 05:04 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-08-15 05:04 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-15 05:04 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-08-15 05:04 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-08-15 05:04 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-15 05:04 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-15 05:04 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-08-15 05:04 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-08-15 05:04 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-08-15 05:04 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-08-15 05:04 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-08-15 05:04 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-15 05:04 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-08-15 05:04 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-08-15 05:04 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-08-15 05:04 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-08-15 05:04 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-08-15 05:04 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-08-15 05:04 - 2014-04-26 18:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-08-15 05:04 - 2014-04-26 16:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-08-15 05:04 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-08-15 05:04 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-08-15 05:04 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-08-15 05:04 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-08-15 05:04 - 2014-04-09 02:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-15 05:04 - 2014-04-09 01:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-08-13 18:26 - 2014-08-16 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beyond Compare 3
2014-08-13 18:26 - 2014-08-16 11:25 - 00000000 ____D () C:\Program Files (x86)\Beyond Compare 3
2014-08-13 18:26 - 2014-08-13 18:26 - 05999792 _____ (Scooter Software ) C:\Users\Pamela\Downloads\BCompare-3.3.12.18414.exe
2014-08-13 18:26 - 2014-08-13 18:26 - 00000970 _____ () C:\Users\Public\Desktop\Beyond Compare 3.lnk
2014-08-13 18:26 - 2014-08-13 18:26 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Scooter Software
2014-08-13 15:42 - 2014-08-13 15:42 - 00218511 _____ () C:\Users\Pamela\Downloads\Tahoma.ttf
2014-08-13 15:38 - 2014-08-13 15:38 - 00035262 _____ () C:\Windows\Pamela.acl
2014-08-11 11:49 - 2014-08-11 11:49 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-11 11:49 - 2014-08-11 11:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-11 09:44 - 2014-08-11 09:44 - 00001799 _____ () C:\Users\Pamela\Downloads\NightCircus9780385534642.acsm
2014-08-07 15:36 - 2014-08-07 15:36 - 00001089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-07 15:36 - 2014-08-07 15:36 - 00001077 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-07 11:33 - 2014-08-07 11:33 - 00000000 ____D () C:\Users\Pamela\Downloads\html5up-strongly-typed
2014-08-07 11:27 - 2014-08-07 11:27 - 00000000 ____D () C:\Users\Pamela\Downloads\html5up-striped
2014-08-06 20:15 - 2014-08-06 20:15 - 00492367 _____ () C:\Users\Pamela\Downloads\html5up-striped.zip
2014-08-06 20:14 - 2014-08-06 20:14 - 00603815 _____ () C:\Users\Pamela\Downloads\html5up-strongly-typed.zip
2014-08-06 20:11 - 2014-08-06 20:11 - 00651375 _____ () C:\Users\Pamela\Downloads\zCumbeton.rar
2014-08-06 19:47 - 2014-08-06 19:47 - 00848491 _____ () C:\Users\Pamela\Downloads\point02.zip
2014-08-06 19:46 - 2014-08-06 19:46 - 01995836 _____ () C:\Users\Pamela\Downloads\caprice.zip
2014-08-06 19:30 - 2014-08-06 19:30 - 17025700 _____ () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86.zip
2014-08-06 19:11 - 2014-08-06 19:11 - 00000000 ____D () C:\Users\Pamela\Downloads\moderna_bt
2014-08-06 17:22 - 2014-08-06 17:22 - 01616261 _____ () C:\Users\Pamela\Downloads\moderna_bt.zip
2014-08-05 14:26 - 2014-08-05 14:29 - 00000000 ____D () C:\Program Files\Nightly
2014-08-05 14:25 - 2014-08-05 14:25 - 39713178 _____ () C:\Users\Pamela\Downloads\firefox-34.0a1.en-US.win64-x86_64.installer.exe
2014-08-05 13:58 - 2014-08-05 14:13 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 13:54 - 2014-08-05 14:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 13:54 - 2014-08-05 14:13 - 00001134 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-05 13:54 - 2014-08-05 13:54 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Mozilla
2014-08-05 13:53 - 2014-08-05 13:53 - 32239888 _____ () C:\Users\Pamela\Downloads\Firefox Setup 31.0.exe
2014-08-05 13:35 - 2014-08-05 13:35 - 00244120 _____ () C:\Users\Pamela\Downloads\Firefox Setup Stub 31.0.exe
2014-08-04 14:53 - 2014-08-04 14:53 - 00000000 ____D () C:\Users\Pamela\Documents\creative-company
2014-08-04 14:51 - 2014-08-04 14:53 - 00580883 _____ () C:\Users\Pamela\Downloads\creative-company.zip
2014-08-04 14:29 - 2014-08-04 14:29 - 00000000 ____D () C:\Users\Pamela\Documents\captivate
2014-08-04 14:24 - 2014-08-04 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-04 14:24 - 2014-08-04 14:24 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-04 14:23 - 2014-08-04 14:23 - 01376768 _____ () C:\Users\Pamela\Downloads\7z920-x64.msi
2014-08-04 14:20 - 2014-08-04 14:20 - 00228839 _____ () C:\Users\Pamela\Downloads\captivate.7z
2014-08-02 19:00 - 2014-08-02 19:00 - 00001777 _____ () C:\Users\Pamela\Downloads\GoldfinchANovel9780316248679.acsm
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Oracle
2014-08-01 15:21 - 2014-08-01 15:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Sun
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 15:20 - 2014-08-01 15:20 - 00918952 _____ (Oracle Corporation) C:\Users\Pamela\Downloads\chromeinstall-7u65.exe
2014-08-01 15:19 - 2014-08-01 15:19 - 00001784 _____ () C:\Users\Pamela\Downloads\Printer-Jumpstart.jnlp
2014-07-31 18:31 - 2014-07-31 18:31 - 00025667 _____ () C:\Users\Pamela\Downloads\NCS_Clients.xlsx
2014-07-31 16:57 - 2014-07-31 16:57 - 00000000 ____D () C:\Users\Pamela\Documents\My Web Sites
2014-07-31 16:57 - 2014-07-31 16:57 - 00000000 ____D () C:\Users\Pamela\Documents\IISExpress
2014-07-31 16:56 - 2014-08-21 17:41 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2014-07-31 16:56 - 2014-08-11 18:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft WebMatrix
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Microsoft Corporation
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft WebMatrix
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files\IIS Express
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files\IIS
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\IIS
2014-07-31 16:55 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-07-31 16:55 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-07-31 16:55 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-31 16:53 - 2014-07-31 16:53 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\WebMatrixWeb.exe
2014-07-31 16:53 - 2014-07-31 16:53 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\WebMatrixWeb (1).exe
2014-07-31 16:45 - 2014-07-31 16:45 - 01017600 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\vns_full.exe
2014-07-31 16:42 - 2014-07-31 16:42 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\VWD2010SP1AzurePack (1).exe
2014-07-31 16:33 - 2014-07-31 16:33 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\VWD2010SP1AzurePack.exe
2014-07-31 16:33 - 2014-07-31 16:33 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2014-07-31 16:15 - 2014-07-31 16:15 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2014-07-31 16:14 - 2014-08-16 11:27 - 00000000 ____D () C:\Users\DefaultAppPool
2014-07-31 16:14 - 2014-07-31 16:14 - 00000020 ___SH () C:\Users\.NET v2.0\ntuser.ini
2014-07-31 16:14 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-31 16:14 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-31 16:14 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Google
2014-07-31 16:14 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-31 16:14 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-31 16:14 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-31 16:14 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-31 16:13 - 2014-08-16 11:27 - 00000000 ____D () C:\Users\.NET v2.0 Classic
2014-07-31 16:13 - 2014-08-16 11:27 - 00000000 ____D () C:\Users\.NET v2.0
2014-07-31 16:13 - 2014-07-31 16:13 - 00000020 ___SH () C:\Users\Classic .NET AppPool\ntuser.ini
2014-07-31 16:13 - 2014-07-31 16:13 - 00000020 ___SH () C:\Users\.NET v2.0 Classic\ntuser.ini
2014-07-31 16:13 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-31 16:13 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-31 16:13 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-31 16:13 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-31 16:13 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Local\Google
2014-07-31 16:13 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Local\Google
2014-07-31 16:13 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-31 16:13 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-31 16:13 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-31 16:13 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-31 16:13 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-31 16:13 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-31 16:13 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-31 16:13 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-31 16:12 - 2014-08-16 11:27 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-07-31 16:12 - 2014-07-31 16:12 - 00974976 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-31 16:12 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-31 16:12 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-31 16:12 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Local\Google
2014-07-31 16:12 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-31 16:12 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-31 16:12 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-31 16:12 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-31 16:11 - 2014-07-31 16:14 - 00052174 _____ () C:\Windows\iis.log
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\inetpub
2014-07-30 18:59 - 2014-08-05 10:19 - 00000000 ____D () C:\Users\Pamela\AppData\Local\CrashDumps
2014-07-30 12:51 - 2014-07-30 13:27 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\TeamViewer
2014-07-30 12:50 - 2014-07-30 12:50 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-30 12:49 - 2014-07-30 12:49 - 06226040 _____ (TeamViewer GmbH) C:\Users\Pamela\Downloads\TeamViewer_Setup_en (1).exe
2014-07-30 12:48 - 2014-07-30 12:49 - 06226040 _____ (TeamViewer GmbH) C:\Users\Pamela\Downloads\TeamViewer_Setup_en.exe
2014-07-29 14:38 - 2014-07-29 14:38 - 00131584 _____ () C:\Windows\SysWOW64\vsflex8d.oca
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-26 11:07 - 2014-08-26 11:07 - 00018524 _____ () C:\Users\Pamela\Desktop\FRST.txt
2014-08-26 11:07 - 2014-08-25 13:01 - 00000000 ____D () C:\FRST
2014-08-26 11:06 - 2014-08-26 11:06 - 00001220 _____ () C:\Users\Pamela\Desktop\AdwCleaner[S2].txt
2014-08-26 11:06 - 2014-08-18 19:01 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA.job
2014-08-26 11:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-08-26 10:58 - 2014-07-20 18:28 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3114B720-DA75-4FC5-BE52-C11EC9F56BF1}
2014-08-26 10:53 - 2014-07-20 18:24 - 00000000 ___DO () C:\Users\Pamela\OneDrive
2014-08-26 10:52 - 2014-05-21 03:47 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-26 10:52 - 2014-04-09 00:06 - 00791728 _____ () C:\Windows\PFRO.log
2014-08-26 10:52 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-26 10:52 - 2013-08-22 10:44 - 00479904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 10:52 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-26 10:51 - 2014-08-20 18:34 - 00000000 ____D () C:\AdwCleaner
2014-08-26 10:51 - 2014-05-21 03:37 - 00425486 _____ () C:\Users\Public\CAFADEBUG.log
2014-08-26 10:49 - 2014-05-21 03:08 - 01563283 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 10:45 - 2014-08-26 10:45 - 01364531 _____ () C:\Users\Pamela\Downloads\AdwCleaner.exe
2014-08-26 10:45 - 2014-08-26 10:45 - 01364531 _____ () C:\Users\Pamela\Desktop\AdwCleaner.exe
2014-08-26 10:44 - 2014-08-26 10:44 - 00000882 _____ () C:\Users\Pamela\Desktop\fixlist.txt
2014-08-26 10:42 - 2014-08-26 10:42 - 00001058 _____ () C:\Users\Pamela\Desktop\JRT.txt
2014-08-26 10:38 - 2014-08-26 10:38 - 00000000 ____D () C:\Windows\ERUNT
2014-08-26 10:37 - 2014-08-26 10:38 - 01016261 _____ (Thisisu) C:\Users\Pamela\Desktop\JRT.exe
2014-08-26 10:37 - 2014-08-26 10:37 - 01016261 _____ (Thisisu) C:\Users\Pamela\Downloads\JRT.exe
2014-08-26 10:36 - 2014-08-19 12:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-26 10:34 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-26 10:23 - 2014-05-21 03:47 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-25 19:51 - 2014-08-24 14:48 - 00000000 ____D () C:\Users\Pamela\Documents\2013_Taxes
2014-08-25 19:06 - 2014-08-18 19:01 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core.job
2014-08-25 14:14 - 2014-07-21 10:33 - 00000035 _____ () C:\Windows\vbaddin.ini
2014-08-25 13:52 - 2014-07-20 18:27 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3009154357-2946078869-2494234241-1001
2014-08-25 13:27 - 2014-08-25 13:27 - 00002867 _____ () C:\Users\Pamela\Desktop\aswMBR_20140825.txt
2014-08-25 13:27 - 2014-08-25 13:27 - 00000512 _____ () C:\Users\Pamela\Desktop\MBR.dat
2014-08-25 13:04 - 2014-08-25 13:04 - 05185536 _____ (AVAST Software) C:\Users\Pamela\Downloads\aswmbr.exe
2014-08-25 13:04 - 2014-08-25 13:04 - 00041079 _____ () C:\Users\Pamela\Downloads\Addition.txt
2014-08-25 13:04 - 2014-08-25 13:03 - 00083227 _____ () C:\Users\Pamela\Downloads\FRST.txt
2014-08-25 13:02 - 2014-08-26 10:31 - 02103296 _____ (Farbar) C:\Users\Pamela\Desktop\FRST64 (1).exe
2014-08-25 13:02 - 2014-08-25 13:02 - 02103296 _____ (Farbar) C:\Users\Pamela\Downloads\FRST64 (1).exe
2014-08-25 13:00 - 2014-08-25 13:00 - 02103296 _____ (Farbar) C:\Users\Pamela\Downloads\FRST64.exe
2014-08-25 12:58 - 2014-07-21 15:59 - 00000000 ____D () C:\Users\Pamela\Documents\2012_Taxes
2014-08-25 11:33 - 2014-07-21 16:01 - 00000000 ____D () C:\Users\Pamela\Documents\Invoices_Spreadsheets
2014-08-25 04:11 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-08-22 19:04 - 2014-07-23 17:57 - 00177660 _____ () C:\Users\Pamela\Documents\Database.kdb
2014-08-21 17:41 - 2014-08-21 17:41 - 00000000 ____D () C:\Program Files\runphp
2014-08-21 17:41 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2014-08-21 17:40 - 2014-08-21 17:40 - 00000000 ____D () C:\Users\Pamela\Downloads\runphp
2014-08-21 17:38 - 2014-08-21 17:37 - 00000000 ____D () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86 (1)
2014-08-21 17:37 - 2014-08-21 17:37 - 00000621 _____ () C:\Users\Pamela\Downloads\runphp.zip
2014-08-21 17:37 - 2014-08-21 17:36 - 17025700 _____ () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86 (1).zip
2014-08-21 16:13 - 2014-08-21 16:13 - 00000000 ____D () C:\Users\Pamela\Downloads\creative-company
2014-08-21 16:06 - 2014-08-16 12:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 16:05 - 2014-08-21 16:05 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Pamela\Downloads\SpyHunter-Installer.exe
2014-08-20 18:33 - 2014-08-20 18:33 - 01364531 _____ () C:\Users\Pamela\Downloads\adwcleaner_3.308.exe
2014-08-20 17:25 - 2014-07-20 18:25 - 00002173 _____ () C:\Users\Pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-08-20 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppCompat
2014-08-19 13:34 - 2014-08-19 12:44 - 00000000 ____D () C:\Users\Pamela\Documents\Calibre Library
2014-08-19 13:33 - 2014-08-19 13:33 - 00252565 _____ () C:\Users\Pamela\Downloads\iOS reader applications.zip
2014-08-19 13:28 - 2014-08-19 12:44 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\calibre
2014-08-19 13:23 - 2014-08-19 13:23 - 00000000 ____D () C:\Users\Pamela\Downloads\tools_v6.0.9
2014-08-19 13:22 - 2014-08-19 13:22 - 01816358 _____ () C:\Users\Pamela\Downloads\tools_v6.0.9.zip
2014-08-19 13:11 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\Documents\My Kindle Content
2014-08-19 13:10 - 2014-08-19 12:45 - 00000000 ____D () C:\Users\Pamela\AppData\Local\calibre-cache
2014-08-19 13:07 - 2014-08-19 13:07 - 00000000 ____D () C:\Users\Pamela\Downloads\K4MobiDeDRM_v03.5_plugin
2014-08-19 13:05 - 2014-08-19 13:05 - 00049357 _____ () C:\Users\Pamela\Downloads\K4MobiDeDRM_v03.5_plugin.zip
2014-08-19 13:02 - 2014-08-19 12:56 - 00000000 ____D () C:\ProgramData\625c78502d08bdca
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator
2014-08-19 12:56 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Google
2014-08-19 12:56 - 2014-05-21 03:47 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-19 12:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-19 12:44 - 2014-08-19 12:44 - 00000943 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-08-19 12:44 - 2014-08-19 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-08-19 12:44 - 2014-08-19 12:44 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-08-19 12:43 - 2014-08-19 12:42 - 56419840 _____ () C:\Users\Pamela\Downloads\calibre-1.48.0.msi
2014-08-19 12:40 - 2014-08-19 12:40 - 38157960 _____ (Amazon.com) C:\Users\Pamela\Downloads\KindleForPC-installer.exe
2014-08-19 12:40 - 2014-08-19 12:40 - 00002301 _____ () C:\Users\Pamela\Desktop\Kindle.lnk
2014-08-19 12:40 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-08-19 12:40 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Amazon
2014-08-18 19:01 - 2014-08-18 19:01 - 00895120 _____ (Google Inc.) C:\Users\Pamela\Downloads\GoogleVoiceAndVideoSetup (1).exe
2014-08-18 19:01 - 2014-08-18 19:01 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA
2014-08-18 19:01 - 2014-08-18 19:01 - 00003496 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core
2014-08-18 19:01 - 2014-07-20 18:42 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Mozilla
2014-08-18 18:23 - 2014-08-16 10:28 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-18 17:24 - 2014-07-21 14:50 - 00000000 ___RD () C:\Users\Pamela\Google Drive
2014-08-18 17:24 - 2014-05-21 03:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-16 13:02 - 2014-08-16 13:02 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-08-16 13:02 - 2014-08-16 13:02 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-16 13:00 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-16 12:55 - 2014-05-21 03:51 - 00000000 ____D () C:\ProgramData\Norton
2014-08-16 12:54 - 2014-05-21 03:51 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-16 12:33 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-08-16 12:01 - 2014-08-16 12:00 - 00869456 _____ () C:\Users\Pamela\Downloads\Norton_Removal_Tool.exe
2014-08-16 12:00 - 2014-08-16 12:00 - 00001089 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-16 11:59 - 2014-08-16 11:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pamela\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-16 11:47 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-16 11:29 - 2014-07-20 18:20 - 00000000 ____D () C:\Users\Pamela
2014-08-16 11:27 - 2014-07-31 16:14 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-16 11:27 - 2014-07-31 16:13 - 00000000 ____D () C:\Users\.NET v2.0 Classic
2014-08-16 11:27 - 2014-07-31 16:13 - 00000000 ____D () C:\Users\.NET v2.0
2014-08-16 11:27 - 2014-07-31 16:12 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-08-16 11:27 - 2013-08-22 11:36 - 00000000 __RSD () C:\Windows\Media
2014-08-16 11:26 - 2014-05-21 03:51 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SystemResources
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\WindowsInternal.Inbox.Shared
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\WindowsInternal.Inbox.Media.Shared
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2014-08-16 11:26 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-08-16 11:26 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\servicing
2014-08-16 11:25 - 2014-08-16 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-16 11:25 - 2014-08-13 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beyond Compare 3
2014-08-16 11:25 - 2014-08-13 18:26 - 00000000 ____D () C:\Program Files (x86)\Beyond Compare 3
2014-08-16 11:25 - 2014-07-23 18:04 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\KeePass
2014-08-16 11:25 - 2014-07-20 19:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 11:25 - 2014-07-20 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-16 11:25 - 2014-07-20 18:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 97
2014-08-16 11:25 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Globalization
2014-08-16 11:25 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-16 11:15 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\registration
2014-08-16 11:08 - 2014-07-20 18:21 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Adobe
2014-08-16 10:22 - 2014-04-09 00:21 - 00949458 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-16 10:12 - 2014-08-16 10:12 - 00895120 _____ (Google Inc.) C:\Users\Pamela\Downloads\ChromeSetup.exe
2014-08-15 15:18 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-15 15:15 - 2014-08-15 15:15 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Macromedia
2014-08-15 14:06 - 2014-07-21 15:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 14:03 - 2014-07-21 15:34 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 05:04 - 2014-04-09 00:19 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-08-15 05:02 - 2014-07-21 14:48 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-15 05:01 - 2014-04-09 00:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 05:01 - 2014-04-09 00:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 05:01 - 2014-04-09 00:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 05:01 - 2013-08-22 07:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 05:01 - 2013-08-22 07:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 05:01 - 2013-08-22 07:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 05:01 - 2013-08-22 07:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 05:01 - 2013-08-22 07:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 05:01 - 2013-08-22 07:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 05:01 - 2013-08-22 06:32 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 05:01 - 2013-08-22 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 05:01 - 2013-08-21 23:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 05:01 - 2013-08-21 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 05:01 - 2013-08-21 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 05:01 - 2013-08-21 23:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 05:01 - 2013-08-21 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 18:26 - 2014-08-13 18:26 - 05999792 _____ (Scooter Software ) C:\Users\Pamela\Downloads\BCompare-3.3.12.18414.exe
2014-08-13 18:26 - 2014-08-13 18:26 - 00000970 _____ () C:\Users\Public\Desktop\Beyond Compare 3.lnk
2014-08-13 18:26 - 2014-08-13 18:26 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Scooter Software
2014-08-13 15:42 - 2014-08-13 15:42 - 00218511 _____ () C:\Users\Pamela\Downloads\Tahoma.ttf
2014-08-13 15:38 - 2014-08-13 15:38 - 00035262 _____ () C:\Windows\Pamela.acl
2014-08-13 09:15 - 2014-07-21 14:03 - 00000000 ____D () C:\Program Files (x86)\HealthCalls
2014-08-12 14:40 - 2013-08-22 09:25 - 00000188 _____ () C:\Windows\win.ini
2014-08-11 18:28 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft WebMatrix
2014-08-11 11:49 - 2014-08-11 11:49 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-11 11:49 - 2014-08-11 11:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-11 09:44 - 2014-08-11 09:44 - 00001799 _____ () C:\Users\Pamela\Downloads\NightCircus9780385534642.acsm
2014-08-07 15:36 - 2014-08-07 15:36 - 00001089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-07 15:36 - 2014-08-07 15:36 - 00001077 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-07 11:33 - 2014-08-07 11:33 - 00000000 ____D () C:\Users\Pamela\Downloads\html5up-strongly-typed
2014-08-07 11:27 - 2014-08-07 11:27 - 00000000 ____D () C:\Users\Pamela\Downloads\html5up-striped
2014-08-06 22:12 - 2014-08-15 05:04 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-06 20:15 - 2014-08-06 20:15 - 00492367 _____ () C:\Users\Pamela\Downloads\html5up-striped.zip
2014-08-06 20:14 - 2014-08-06 20:14 - 00603815 _____ () C:\Users\Pamela\Downloads\html5up-strongly-typed.zip
2014-08-06 20:11 - 2014-08-06 20:11 - 00651375 _____ () C:\Users\Pamela\Downloads\zCumbeton.rar
2014-08-06 19:47 - 2014-08-06 19:47 - 00848491 _____ () C:\Users\Pamela\Downloads\point02.zip
2014-08-06 19:46 - 2014-08-06 19:46 - 01995836 _____ () C:\Users\Pamela\Downloads\caprice.zip
2014-08-06 19:30 - 2014-08-06 19:30 - 17025700 _____ () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86.zip
2014-08-06 19:11 - 2014-08-06 19:11 - 00000000 ____D () C:\Users\Pamela\Downloads\moderna_bt
2014-08-06 18:39 - 2014-08-15 05:04 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-06 17:22 - 2014-08-06 17:22 - 01616261 _____ () C:\Users\Pamela\Downloads\moderna_bt.zip
2014-08-05 14:29 - 2014-08-05 14:26 - 00000000 ____D () C:\Program Files\Nightly
2014-08-05 14:29 - 2014-07-20 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-05 14:25 - 2014-08-05 14:25 - 39713178 _____ () C:\Users\Pamela\Downloads\firefox-34.0a1.en-US.win64-x86_64.installer.exe
2014-08-05 14:14 - 2014-08-05 13:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 14:13 - 2014-08-05 13:58 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 14:13 - 2014-08-05 13:54 - 00001134 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-05 13:54 - 2014-08-05 13:54 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Mozilla
2014-08-05 13:53 - 2014-08-05 13:53 - 32239888 _____ () C:\Users\Pamela\Downloads\Firefox Setup 31.0.exe
2014-08-05 13:35 - 2014-08-05 13:35 - 00244120 _____ () C:\Users\Pamela\Downloads\Firefox Setup Stub 31.0.exe
2014-08-05 10:19 - 2014-07-30 18:59 - 00000000 ____D () C:\Users\Pamela\AppData\Local\CrashDumps
2014-08-04 14:53 - 2014-08-04 14:53 - 00000000 ____D () C:\Users\Pamela\Documents\creative-company
2014-08-04 14:53 - 2014-08-04 14:51 - 00580883 _____ () C:\Users\Pamela\Downloads\creative-company.zip
2014-08-04 14:29 - 2014-08-04 14:29 - 00000000 ____D () C:\Users\Pamela\Documents\captivate
2014-08-04 14:24 - 2014-08-04 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-04 14:24 - 2014-08-04 14:24 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-04 14:23 - 2014-08-04 14:23 - 01376768 _____ () C:\Users\Pamela\Downloads\7z920-x64.msi
2014-08-04 14:20 - 2014-08-04 14:20 - 00228839 _____ () C:\Users\Pamela\Downloads\captivate.7z
2014-08-04 13:15 - 2014-07-21 16:00 - 00000000 ____D () C:\Users\Pamela\Documents\AutoReports
2014-08-02 19:00 - 2014-08-02 19:00 - 00001777 _____ () C:\Users\Pamela\Downloads\GoldfinchANovel9780316248679.acsm
2014-08-01 23:56 - 2014-08-15 05:04 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-01 23:11 - 2014-08-15 05:04 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-01 20:17 - 2014-07-21 15:42 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 20:17 - 2014-07-21 15:42 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Oracle
2014-08-01 15:21 - 2014-08-01 15:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Sun
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 15:20 - 2014-08-01 15:20 - 00918952 _____ (Oracle Corporation) C:\Users\Pamela\Downloads\chromeinstall-7u65.exe
2014-08-01 15:19 - 2014-08-01 15:19 - 00001784 _____ () C:\Users\Pamela\Downloads\Printer-Jumpstart.jnlp
2014-07-31 18:31 - 2014-07-31 18:31 - 00025667 _____ () C:\Users\Pamela\Downloads\NCS_Clients.xlsx
2014-07-31 16:57 - 2014-07-31 16:57 - 00000000 ____D () C:\Users\Pamela\Documents\My Web Sites
2014-07-31 16:57 - 2014-07-31 16:57 - 00000000 ____D () C:\Users\Pamela\Documents\IISExpress
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Microsoft Corporation
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft WebMatrix
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files\IIS Express
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files\IIS
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\IIS
2014-07-31 16:56 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-07-31 16:55 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-07-31 16:55 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-31 16:53 - 2014-07-31 16:53 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\WebMatrixWeb.exe
2014-07-31 16:53 - 2014-07-31 16:53 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\WebMatrixWeb (1).exe
2014-07-31 16:45 - 2014-07-31 16:45 - 01017600 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\vns_full.exe
2014-07-31 16:42 - 2014-07-31 16:42 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\VWD2010SP1AzurePack (1).exe
2014-07-31 16:33 - 2014-07-31 16:33 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\VWD2010SP1AzurePack.exe
2014-07-31 16:33 - 2014-07-31 16:33 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2014-07-31 16:21 - 2013-08-22 10:46 - 00016885 _____ () C:\Windows\setupact.log
2014-07-31 16:15 - 2014-07-31 16:15 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2014-07-31 16:14 - 2014-07-31 16:14 - 00000020 ___SH () C:\Users\.NET v2.0\ntuser.ini
2014-07-31 16:14 - 2014-07-31 16:11 - 00052174 _____ () C:\Windows\iis.log
2014-07-31 16:14 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-07-31 16:14 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-07-31 16:13 - 2014-07-31 16:13 - 00000020 ___SH () C:\Users\Classic .NET AppPool\ntuser.ini
2014-07-31 16:13 - 2014-07-31 16:13 - 00000020 ___SH () C:\Users\.NET v2.0 Classic\ntuser.ini
2014-07-31 16:12 - 2014-07-31 16:12 - 00974976 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\inetpub
2014-07-31 16:10 - 2014-04-09 00:28 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2014-07-31 16:10 - 2014-04-09 00:28 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2014-07-31 16:10 - 2014-04-09 00:28 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2014-07-31 16:10 - 2013-08-22 07:25 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\aspperf.dll
2014-07-31 16:10 - 2013-08-21 23:59 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspperf.dll
2014-07-30 13:27 - 2014-07-30 12:51 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\TeamViewer
2014-07-30 12:50 - 2014-07-30 12:50 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-30 12:49 - 2014-07-30 12:49 - 06226040 _____ (TeamViewer GmbH) C:\Users\Pamela\Downloads\TeamViewer_Setup_en (1).exe
2014-07-30 12:49 - 2014-07-30 12:48 - 06226040 _____ (TeamViewer GmbH) C:\Users\Pamela\Downloads\TeamViewer_Setup_en.exe
2014-07-29 14:38 - 2014-07-29 14:38 - 00131584 _____ () C:\Windows\SysWOW64\vsflex8d.oca
2014-07-29 14:38 - 2014-07-21 14:01 - 00069120 _____ () C:\Windows\SysWOW64\DBLIST32.oca
2014-07-29 14:38 - 2014-07-21 14:01 - 00048640 _____ () C:\Windows\SysWOW64\MSMASK32.oca
2014-07-29 14:38 - 2014-07-21 14:01 - 00043008 _____ () C:\Windows\SysWOW64\TABCTL32.oca
2014-07-28 19:33 - 2014-07-20 18:20 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Packages
2014-07-28 18:39 - 2014-07-21 13:25 - 00076288 _____ () C:\Windows\SysWOW64\MSFLXGRD.oca
2014-07-28 18:39 - 2014-07-21 13:25 - 00062464 _____ () C:\Windows\SysWOW64\DBGRID32.oca
 
Some content of TEMP:
====================
C:\Users\Pamela\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-25 02:34
 
==================== End Of Log ============================
 
There's the files. And as always I greatly appreciate your help.
Pam
 
 


#7 pjnewberry

pjnewberry
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 26 August 2014 - 10:17 AM

Pystryker, 

I did want to mention one thing. I thought I had saved the fixlist.txt to my desktop before I started the first FRST program. But when I looked for it, I could not find it. So I saved the file again to my desktop. So there is a chance that the first FRST program ran without the Fixlist.txt file. The last one had the file for sure. If I need to redo the above steps, I'll be glad to do it. I hope this did not mess things up.

Please advise.

Pam



#8 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 26 August 2014 - 06:50 PM

Pystryker, 
I did want to mention one thing. I thought I had saved the fixlist.txt to my desktop before I started the first FRST program. But when I looked for it, I could not find it. So I saved the file again to my desktop. So there is a chance that the first FRST program ran without the Fixlist.txt file. The last one had the file for sure. If I need to redo the above steps, I'll be glad to do it. I hope this did not mess things up.
Please advise.
Pam

No worries :) The fixlog you provided shows that it executed just fine and removed the items that needed to go.

How is the machine running now?

Let's run a sweep for remnants and check for any out of date programs on your machine.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan

Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#9 pjnewberry

pjnewberry
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 27 August 2014 - 08:45 AM


I download the free version of Malwarebytes and that version does not appear to have the functionality to view the log files. So I did my best to give you a text version of the file. It seems the formatting goes away when I copied it to this window. If you know of something I can do to make this easier, I'll be glad to do it. I did notice there was a file that I downloaded listed. I downloaded it but did not install it.
 
2014/08/26 20:02:06 -0400
mbam-log-2014-08-26 (20-02-05).xml
yes
 
<?xml version="1.0" encoding="UTF-16"?>
-<mbam-log>
-<header>
<date>2014/08/26 20:02:06 -0400</date>
<logfile>mbam-log-2014-08-26 (20-02-05).xml</logfile>
<isadmin>yes</isadmin>
</header>
-<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.08.26.09</malware-database>
<rootkit-database>v2014.08.21.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
-<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Pamela</username>
<filesys>NTFS</filesys>
</system>
-<summary>
<type>threat</type>
<result>completed</result>
<objects>483832</objects>
<time>768</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>1</files>
<sectors>0</sectors>
</summary>
-<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
-<items>
-<file>
<path>C:\Users\Pamela\Downloads\rarextractorfree_setup.exe</path>
<vendor>PUP.Optional.OutBrowse</vendor>
<action>success</action>
<hash>37625d6caccf3bfb7d7c026ff30f7b85</hash>
</file>
</items>
</mbam-log>
 
 
*******Note from Pam ******************
The instructions for the ESET online scanner did not exactly match what I saw so I tried my best to make logical choices when presented with things I wasn't sure about. 
When you first load the program (in IE) you are given two options: 1. Enable detection of potentially unwanted applications or 2. Disable detection of potentially unwated application.
I selected the first option.
Then you have to select advanced setting to get the other options.
Just thought you might want to know that the instructions have been revised a bit.
*********End of note from Pam ****************** 
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=77b7eb56f3828341bfa1f52a98900a7d
# engine=19867
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-27 01:21:11
# local_time=2014-08-27 09:21:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.3.9600 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 12603992 0 0
# scanned=189028
# found=4
# cleaned=0
# scan_time=1897
sh=5BB4A35F294E107519D499BAE9FD75ADF0A70F1F ft=1 fh=c71c00118cfdf25e vn="a variant of Win32/AdWare.MultiPlug.BT application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Adblocker\Zqqbz.exe.vir"
sh=558B3249959E3C2FF057C48017C9E35972163940 ft=1 fh=c71c00116e1ca309 vn="a variant of Win32/AdWare.MultiPlug.BT application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\MySearch\9zfeaASy.exe.vir"
sh=1C9B08AA8596ECBF134A6D9C0D0A7A6C6220028E ft=1 fh=c71c0011809b15c9 vn="a variant of Win32/AdWare.MultiPlug.BT application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\MySearch\qVQQk.exe.vir"
sh=840B4C6C91F08BEE6616709E2755915B8F59DCA0 ft=1 fh=c71c001170d0bfc1 vn="a variant of Win32/AdWare.MultiPlug.BT application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\pricechaoop\ZADj.exe.vir"
 
 
 

 Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 65  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.179  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
 Mozilla Thunderbird (24.6.0) 
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
Again,thanks for the help. I'll be interested in knowing what to do to stop this from happening. 

Edited by pjnewberry, 27 August 2014 - 08:55 AM.


#10 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 27 August 2014 - 09:54 PM

The instructions for the ESET online scanner did not exactly match what I saw so I tried my best to make logical choices when presented with things I wasn't sure about.
When you first load the program (in IE) you are given two options: 1. Enable detection of potentially unwanted applications or 2. Disable detection of potentially unwated application.
I selected the first option.
Then you have to select advanced setting to get the other options.
Just thought you might want to know that the instructions have been revised a bit.


I appreciate you letting me know. They tweak those things some times and it's crazy sometimes trying to keep them updated.

 

Again,thanks for the help. I'll be interested in knowing what to do to stop this from happening.


You're quite welcome. :) I've got some information below to help you reduce your chances of getting infected again.



Great news, your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
  • I also have some tips and information to reduce your chances of infection.
Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Java Warning, Program Update, and Installation of Filehippo


A word about Java


Your current version of Java is out of date, however, please read the information below before updating it.


Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser

If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.
  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.
You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa
  • Unzip the files to the directory of your choice.
  • Double click the JavaRa icon in the directory and choose your language preference.
  • Click Remove Older Versions from the menu.
  • Click Yes.
  • If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  • JavaRa will then search for and remove old versions of Java from your machine.
You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 3: Tips, Information, and Optional Installation of Unchecky


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:

Are there any further issues I can assist you with?

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#11 pjnewberry

pjnewberry
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 28 August 2014 - 09:52 AM

I have removed Java and added the programs you suggested. I still seem to have a few issues:
1. When I opened the link to Disable Java, I once again had the AdChoice ad in the middle of the screen.
2. When trying to remove Java from IE, I was not able to complete the instructions. I disabled UAC and then opened Java from the Control Panel. When I tried to uncheck the two checkboxes, I was able to uncheck the Mozilla option but not the Internet Explorer. That box is actually greyed out so will not let me uncheck the box. I did uncheck the Mozilla option, did the apply and ok. But when I returned it was still set. It might have something to do with "run as admin" but I did not see how to do that. And I'm actually running with admin rights. 
 
Other than that everything went great. Thanks for everything and hopefully I'll not get in this again. I DO know to look carefully at all the boxes, etc when installing but I think they are getting very sneaky and putting the options in places where you do not expect them. It's not like it used to be for sure. But I'll redouble my efforts to do a better job of verifying each and every new install. 
 
Again thanks and I look forward to your response to this nagging issue of the AdChoice in Chrome.
Pam
 
# DelFix v10.8 - Logfile created 28/08/2014 at 10:26:22
# Updated 29/07/2014 by Xplode
# Username : Pamela - TOSHIBA
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Pamela\Desktop\AdwCleaner.exe
Deleted : C:\Users\Pamela\Desktop\aswMBR_20140825.txt
Deleted : C:\Users\Pamela\Desktop\FRST64 (1).exe
Deleted : C:\Users\Pamela\Desktop\JRT.exe
Deleted : C:\Users\Pamela\Downloads\Addition.txt
Deleted : C:\Users\Pamela\Downloads\AdwCleaner.exe
Deleted : C:\Users\Pamela\Downloads\adwcleaner_3.308.exe
Deleted : C:\Users\Pamela\Downloads\aswmbr.exe
Deleted : C:\Users\Pamela\Downloads\FRST.txt
Deleted : C:\Users\Pamela\Downloads\FRST64 (1).exe
Deleted : C:\Users\Pamela\Downloads\FRST64.exe
Deleted : C:\Users\Pamela\Downloads\JRT.exe
Deleted : C:\Users\Pamela\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #8 [Installed calibre | 08/19/2014 16:43:43]
Deleted : RP #9 [Windows Update | 08/28/2014 00:04:10]
 
New restore point created !
 
########## - EOF - ##########


#12 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 28 August 2014 - 07:00 PM

1. When I opened the link to Disable Java, I once again had the AdChoice ad in the middle of the screen.

Ok, we'll deal with the Java issue in a bit. Let's get a fresh scan with FRST and see what's going on.


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. Please download the 64-bit version for your machine

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  • Please copy and paste both logs back here.
Things I need to see in your next post

Fresh FRST Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#13 pjnewberry

pjnewberry
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 29 August 2014 - 11:23 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Pamela (administrator) on TOSHIBA on 29-08-2014 12:19:47
Running from C:\Users\Pamela\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
() C:\Program Files (x86)\Microsoft Office 97\Office\OSA.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.3.1407.252_x86__8wekyb3d8bbwe\Solitaire.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [914648 2014-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830104 2014-01-14] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3009154357-2946078869-2494234241-1001\...\Run: [Google Update] => "C:\Users\Pamela\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3009154357-2946078869-2494234241-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office 97\Office\FINDFAST.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office 97\Office\OSA.EXE ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9EF8352071B2CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - {296C838C-04C2-4603-A5BE-7A7A7E803E59} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM-x32 - {296C838C-04C2-4603-A5BE-7A7A7E803E59} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKCU - {296C838C-04C2-4603-A5BE-7A7A7E803E59} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Pamela\AppData\Roaming\Mozilla\Firefox\Profiles\xw74g9y3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pamela\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Pamela\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Pamela\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Pamela\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Pamela\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pamela\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: FireFTP - C:\Users\Pamela\AppData\Roaming\Mozilla\Firefox\Profiles\xw74g9y3.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-08-05]
FF Extension: Web Developer - C:\Users\Pamela\AppData\Roaming\Mozilla\Firefox\Profiles\xw74g9y3.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-08-06]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://mail.google.com/mail/u/0/#inbox"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.669\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.650.20) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U65) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Google Talk Plugin) - C:\Users\Pamela\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Pamela\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
CHR Profile: C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-07-20]
CHR Extension: (Facebook Full size Profile Pictures) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcgdkfpobnjbhhmmelbojdakpehniof [2014-08-19]
CHR Extension: (Angry Birds) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-07-20]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-07-20]
CHR Extension: (Google Docs) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-20]
CHR Extension: (Google Drive) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-20]
CHR Extension: (Language Immersion for Chrome) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-07-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-20]
CHR Extension: (Web Developer) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-07-20]
CHR Extension: (WOT) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-20]
CHR Extension: (YouTube) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-20]
CHR Extension: (Google Cast) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-20]
CHR Extension: (Google Search) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-20]
CHR Extension: (Google Calendar) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-07-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-07-20]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2014-08-21]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-07-20]
CHR Extension: (Tape) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfleijdbicilompnnombcbkcgidbefb [2014-07-20]
CHR Extension: (Poppit!) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-07-20]
CHR Extension: (Ghostery) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-07-20]
CHR Extension: (Google Wallet) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20]
CHR Extension: (__MSG_extBrowserActionName__) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelggcmknbjmhkpgjfhakedcfnkgbdpg [2014-07-20]
CHR Extension: (Evernote Web Clipper) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-07-20]
CHR Extension: (Gmail) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-21] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-06] (Intel Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [128000 2014-08-05] (Mozilla Foundation) [File not signed]
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [88720 2014-05-05] (Microsoft Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [107624 2014-08-28] (RaMMicHaeL)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-31] (Microsoft Corporation)
R2 w3svc; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-07-31] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-29 12:19 - 2014-08-29 12:20 - 00021888 _____ () C:\Users\Pamela\Desktop\FRST.txt
2014-08-29 12:19 - 2014-08-29 12:19 - 00000000 ____D () C:\FRST
2014-08-29 12:18 - 2014-08-29 12:18 - 02103296 _____ (Farbar) C:\Users\Pamela\Desktop\FRST64.exe
2014-08-28 19:50 - 2014-08-28 19:50 - 00664868 _____ () C:\Users\Pamela\Downloads\zCumbeton_zerotheme.com.zip
2014-08-28 19:50 - 2014-08-28 19:50 - 00000000 ____D () C:\Users\Pamela\Downloads\zCumbeton_zerotheme.com
2014-08-28 16:21 - 2014-08-28 18:09 - 00000000 ____D () C:\Users\Pamela\Downloads\responsive-nav
2014-08-28 16:21 - 2014-08-28 16:21 - 00006729 _____ () C:\Users\Pamela\Downloads\responsive-nav.zip
2014-08-28 12:50 - 2014-08-28 12:50 - 00204568 _____ () C:\Users\Pamela\Downloads\bootstrap-3.2.0-dist.zip
2014-08-28 10:53 - 2014-08-28 10:54 - 00000000 ____D () C:\Users\Pamela\Desktop\Needed
2014-08-28 10:39 - 2014-08-28 10:39 - 00695920 _____ (RaMMicHaeL) C:\Users\Pamela\Downloads\unchecky_setup.exe
2014-08-28 10:39 - 2014-08-28 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2014-08-28 10:39 - 2014-08-28 10:39 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2014-08-28 10:38 - 2014-08-28 10:38 - 00001986 _____ () C:\Users\Pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-08-28 10:38 - 2014-08-28 10:38 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-08-28 10:37 - 2014-08-28 10:37 - 00264757 _____ () C:\Users\Pamela\Downloads\FHSetup.exe
2014-08-28 10:28 - 2014-08-28 10:28 - 04901352 _____ (Piriform Ltd) C:\Users\Pamela\Downloads\ccsetup417.exe
2014-08-28 10:26 - 2014-08-28 10:26 - 00001187 _____ () C:\DelFix.txt
2014-08-27 08:46 - 2014-08-27 08:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-26 17:22 - 2014-08-26 18:40 - 00000000 ____D () C:\Users\Pamela\Downloads\Backgrounds
2014-08-26 16:27 - 2014-08-26 16:27 - 01898640 _____ (Irfan Skiljan) C:\Users\Pamela\Downloads\iview438_setup (1).exe
2014-08-26 16:20 - 2014-08-26 16:20 - 01898640 _____ (Irfan Skiljan) C:\Users\Pamela\Downloads\iview438_setup.exe
2014-08-26 13:56 - 2014-08-26 13:56 - 00000000 ____D () C:\Users\Pamela\Downloads\zCumbeton
2014-08-26 10:38 - 2014-08-28 10:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 14:48 - 2014-08-25 19:51 - 00000000 ____D () C:\Users\Pamela\Documents\2013_Taxes
2014-08-21 17:41 - 2014-08-21 17:41 - 00000000 ____D () C:\Program Files\runphp
2014-08-21 17:40 - 2014-08-21 17:40 - 00000000 ____D () C:\Users\Pamela\Downloads\runphp
2014-08-21 17:37 - 2014-08-21 17:38 - 00000000 ____D () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86 (1)
2014-08-21 17:37 - 2014-08-21 17:37 - 00000621 _____ () C:\Users\Pamela\Downloads\runphp.zip
2014-08-21 16:13 - 2014-08-21 16:13 - 00000000 ____D () C:\Users\Pamela\Downloads\creative-company
2014-08-21 16:05 - 2014-08-21 16:05 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Pamela\Downloads\SpyHunter-Installer.exe
2014-08-20 18:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-19 13:33 - 2014-08-19 13:33 - 00252565 _____ () C:\Users\Pamela\Downloads\iOS reader applications.zip
2014-08-19 13:23 - 2014-08-19 13:23 - 00000000 ____D () C:\Users\Pamela\Downloads\tools_v6.0.9
2014-08-19 13:22 - 2014-08-19 13:22 - 01816358 _____ () C:\Users\Pamela\Downloads\tools_v6.0.9.zip
2014-08-19 13:07 - 2014-08-19 13:07 - 00000000 ____D () C:\Users\Pamela\Downloads\K4MobiDeDRM_v03.5_plugin
2014-08-19 13:05 - 2014-08-19 13:05 - 00049357 _____ () C:\Users\Pamela\Downloads\K4MobiDeDRM_v03.5_plugin.zip
2014-08-19 12:56 - 2014-08-26 10:36 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-19 12:56 - 2014-08-19 13:02 - 00000000 ____D () C:\ProgramData\625c78502d08bdca
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator
2014-08-19 12:45 - 2014-08-19 13:10 - 00000000 ____D () C:\Users\Pamela\AppData\Local\calibre-cache
2014-08-19 12:44 - 2014-08-19 13:34 - 00000000 ____D () C:\Users\Pamela\Documents\Calibre Library
2014-08-19 12:44 - 2014-08-19 13:28 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\calibre
2014-08-19 12:44 - 2014-08-19 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-08-19 12:44 - 2014-08-19 12:44 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-08-19 12:42 - 2014-08-19 12:43 - 56419840 _____ () C:\Users\Pamela\Downloads\calibre-1.48.0.msi
2014-08-19 12:40 - 2014-08-19 13:11 - 00000000 ____D () C:\Users\Pamela\Documents\My Kindle Content
2014-08-19 12:40 - 2014-08-19 12:40 - 38157960 _____ (Amazon.com) C:\Users\Pamela\Downloads\KindleForPC-installer.exe
2014-08-19 12:40 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-08-19 12:40 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Amazon
2014-08-18 19:01 - 2014-08-29 12:06 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA.job
2014-08-18 19:01 - 2014-08-28 19:06 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core.job
2014-08-18 19:01 - 2014-08-18 19:01 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA
2014-08-18 19:01 - 2014-08-18 19:01 - 00003496 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core
2014-08-16 13:02 - 2014-08-16 13:02 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-08-16 13:02 - 2014-08-16 13:02 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-16 12:59 - 2014-01-19 03:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-16 12:00 - 2014-08-27 08:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-16 12:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-16 12:00 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-16 12:00 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-16 11:59 - 2014-08-16 11:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pamela\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-16 10:28 - 2014-08-18 18:23 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-16 10:28 - 2014-08-16 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-16 10:12 - 2014-08-16 10:12 - 00895120 _____ (Google Inc.) C:\Users\Pamela\Downloads\ChromeSetup.exe
2014-08-15 15:15 - 2014-08-15 15:15 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Macromedia
2014-08-15 05:08 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 05:08 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 05:08 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 05:08 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 05:08 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 05:08 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 05:08 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 05:08 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 05:08 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 05:08 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 05:08 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 05:08 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 05:08 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 05:08 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 05:08 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 05:08 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 05:08 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 05:08 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 05:08 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 05:08 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 05:08 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 05:08 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 05:08 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 05:08 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 05:08 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 05:08 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 05:08 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 05:08 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 05:08 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 05:08 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 05:08 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 05:08 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 05:08 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 05:08 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 05:08 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 05:08 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 05:08 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 05:08 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-08-15 05:08 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 05:08 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-08-15 05:08 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-08-15 05:07 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 05:07 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 05:07 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-15 05:05 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-08-15 05:05 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-08-15 05:05 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-08-15 05:05 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-08-15 05:05 - 2014-07-10 00:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-08-15 05:05 - 2014-07-10 00:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-08-15 05:05 - 2014-07-09 23:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-08-15 05:04 - 2014-08-06 22:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 05:04 - 2014-08-06 18:39 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 05:04 - 2014-08-01 23:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 05:04 - 2014-08-01 23:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-15 05:04 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-08-15 05:04 - 2014-06-05 10:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-08-15 05:04 - 2014-06-05 09:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-08-15 05:04 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 05:04 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 05:04 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 05:04 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 05:04 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 05:04 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 05:04 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 05:04 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-08-15 05:04 - 2014-05-31 06:07 - 00467800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-08-15 05:04 - 2014-05-31 06:07 - 00440664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-08-15 05:04 - 2014-05-31 06:07 - 00419672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-08-15 05:04 - 2014-05-31 06:07 - 00089944 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-08-15 05:04 - 2014-05-31 06:07 - 00027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-08-15 05:04 - 2014-05-31 02:30 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-08-15 05:04 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-08-15 05:04 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-08-15 05:04 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-08-15 05:04 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-08-15 05:04 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-08-15 05:04 - 2014-05-27 11:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-15 05:04 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-08-15 05:04 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-08-15 05:04 - 2014-05-17 00:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-08-15 05:04 - 2014-05-17 00:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-08-15 05:04 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-08-15 05:04 - 2014-05-13 01:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-15 05:04 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-08-15 05:04 - 2014-05-13 00:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-08-15 05:04 - 2014-05-12 23:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-15 05:04 - 2014-05-12 23:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-08-15 05:04 - 2014-05-03 07:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-15 05:04 - 2014-05-03 05:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-15 05:04 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-08-15 05:04 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-08-15 05:04 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-08-15 05:04 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-08-15 05:04 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-08-15 05:04 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-08-15 05:04 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-08-15 05:04 - 2014-05-02 19:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-08-15 05:04 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-15 05:04 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-08-15 05:04 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-15 05:04 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-08-15 05:04 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-08-15 05:04 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-15 05:04 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-15 05:04 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-08-15 05:04 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-08-15 05:04 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-08-15 05:04 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-08-15 05:04 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-08-15 05:04 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-15 05:04 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-08-15 05:04 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-08-15 05:04 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-08-15 05:04 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-08-15 05:04 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-08-15 05:04 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-08-15 05:04 - 2014-04-26 18:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-08-15 05:04 - 2014-04-26 16:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-08-15 05:04 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-08-15 05:04 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-08-15 05:04 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-08-15 05:04 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-08-15 05:04 - 2014-04-09 02:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-15 05:04 - 2014-04-09 01:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-08-13 18:26 - 2014-08-16 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beyond Compare 3
2014-08-13 18:26 - 2014-08-16 11:25 - 00000000 ____D () C:\Program Files (x86)\Beyond Compare 3
2014-08-13 18:26 - 2014-08-13 18:26 - 05999792 _____ (Scooter Software ) C:\Users\Pamela\Downloads\BCompare-3.3.12.18414.exe
2014-08-13 18:26 - 2014-08-13 18:26 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Scooter Software
2014-08-13 15:42 - 2014-08-13 15:42 - 00218511 _____ () C:\Users\Pamela\Downloads\Tahoma.ttf
2014-08-13 15:38 - 2014-08-13 15:38 - 00035262 _____ () C:\Windows\Pamela.acl
2014-08-11 11:49 - 2014-08-11 11:49 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-11 11:49 - 2014-08-11 11:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-07 15:36 - 2014-08-07 15:36 - 00001089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-07 11:33 - 2014-08-07 11:33 - 00000000 ____D () C:\Users\Pamela\Downloads\html5up-strongly-typed
2014-08-07 11:27 - 2014-08-07 11:27 - 00000000 ____D () C:\Users\Pamela\Downloads\html5up-striped
2014-08-06 20:15 - 2014-08-06 20:15 - 00492367 _____ () C:\Users\Pamela\Downloads\html5up-striped.zip
2014-08-06 20:14 - 2014-08-06 20:14 - 00603815 _____ () C:\Users\Pamela\Downloads\html5up-strongly-typed.zip
2014-08-06 20:11 - 2014-08-06 20:11 - 00651375 _____ () C:\Users\Pamela\Downloads\zCumbeton.rar
2014-08-06 19:30 - 2014-08-06 19:30 - 17025700 _____ () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86.zip
2014-08-06 19:11 - 2014-08-06 19:11 - 00000000 ____D () C:\Users\Pamela\Downloads\moderna_bt
2014-08-06 17:22 - 2014-08-06 17:22 - 01616261 _____ () C:\Users\Pamela\Downloads\moderna_bt.zip
2014-08-05 14:26 - 2014-08-05 14:29 - 00000000 ____D () C:\Program Files\Nightly
2014-08-05 14:25 - 2014-08-05 14:25 - 39713178 _____ () C:\Users\Pamela\Downloads\firefox-34.0a1.en-US.win64-x86_64.installer.exe
2014-08-05 13:58 - 2014-08-05 14:13 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 13:54 - 2014-08-05 14:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 13:54 - 2014-08-05 14:13 - 00001134 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-05 13:54 - 2014-08-05 13:54 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Mozilla
2014-08-05 13:53 - 2014-08-05 13:53 - 32239888 _____ () C:\Users\Pamela\Downloads\Firefox Setup 31.0.exe
2014-08-05 13:35 - 2014-08-05 13:35 - 00244120 _____ () C:\Users\Pamela\Downloads\Firefox Setup Stub 31.0.exe
2014-08-04 14:53 - 2014-08-04 14:53 - 00000000 ____D () C:\Users\Pamela\Documents\creative-company
2014-08-04 14:51 - 2014-08-04 14:53 - 00580883 _____ () C:\Users\Pamela\Downloads\creative-company.zip
2014-08-04 14:29 - 2014-08-04 14:29 - 00000000 ____D () C:\Users\Pamela\Documents\captivate
2014-08-04 14:24 - 2014-08-04 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-04 14:24 - 2014-08-04 14:24 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-04 14:23 - 2014-08-04 14:23 - 01376768 _____ () C:\Users\Pamela\Downloads\7z920-x64.msi
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Oracle
2014-08-01 15:21 - 2014-08-01 15:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Sun
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 15:20 - 2014-08-01 15:20 - 00918952 _____ (Oracle Corporation) C:\Users\Pamela\Downloads\chromeinstall-7u65.exe
2014-08-01 15:19 - 2014-08-01 15:19 - 00001784 _____ () C:\Users\Pamela\Downloads\Printer-Jumpstart.jnlp
2014-07-31 18:31 - 2014-07-31 18:31 - 00025667 _____ () C:\Users\Pamela\Downloads\NCS_Clients.xlsx
2014-07-31 16:57 - 2014-07-31 16:57 - 00000000 ____D () C:\Users\Pamela\Documents\My Web Sites
2014-07-31 16:57 - 2014-07-31 16:57 - 00000000 ____D () C:\Users\Pamela\Documents\IISExpress
2014-07-31 16:56 - 2014-08-21 17:41 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2014-07-31 16:56 - 2014-08-11 18:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft WebMatrix
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Microsoft Corporation
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft WebMatrix
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files\IIS Express
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files\IIS
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\IIS
2014-07-31 16:55 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-07-31 16:55 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-07-31 16:55 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-31 16:53 - 2014-07-31 16:53 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\WebMatrixWeb.exe
2014-07-31 16:45 - 2014-07-31 16:45 - 01017600 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\vns_full.exe
2014-07-31 16:33 - 2014-07-31 16:33 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\VWD2010SP1AzurePack.exe
2014-07-31 16:33 - 2014-07-31 16:33 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2014-07-31 16:15 - 2014-07-31 16:15 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2014-07-31 16:14 - 2014-08-16 11:27 - 00000000 ____D () C:\Users\DefaultAppPool
2014-07-31 16:14 - 2014-07-31 16:14 - 00000020 ___SH () C:\Users\.NET v2.0\ntuser.ini
2014-07-31 16:14 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-31 16:14 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-31 16:14 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Google
2014-07-31 16:14 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-31 16:14 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-31 16:14 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-31 16:14 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-31 16:13 - 2014-08-16 11:27 - 00000000 ____D () C:\Users\.NET v2.0 Classic
2014-07-31 16:13 - 2014-08-16 11:27 - 00000000 ____D () C:\Users\.NET v2.0
2014-07-31 16:13 - 2014-07-31 16:13 - 00000020 ___SH () C:\Users\Classic .NET AppPool\ntuser.ini
2014-07-31 16:13 - 2014-07-31 16:13 - 00000020 ___SH () C:\Users\.NET v2.0 Classic\ntuser.ini
2014-07-31 16:13 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-31 16:13 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-31 16:13 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-31 16:13 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-31 16:13 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Local\Google
2014-07-31 16:13 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Local\Google
2014-07-31 16:13 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-31 16:13 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-31 16:13 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-31 16:13 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-31 16:13 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-31 16:13 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-31 16:13 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-31 16:13 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-31 16:12 - 2014-08-16 11:27 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-07-31 16:12 - 2014-07-31 16:12 - 00974976 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-31 16:12 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-31 16:12 - 2014-07-21 15:39 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-31 16:12 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Local\Google
2014-07-31 16:12 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-31 16:12 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-31 16:12 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-31 16:12 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-31 16:11 - 2014-07-31 16:14 - 00052174 _____ () C:\Windows\iis.log
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\inetpub
2014-07-30 18:59 - 2014-08-26 14:00 - 00000000 ____D () C:\Users\Pamela\AppData\Local\CrashDumps
2014-07-30 12:51 - 2014-07-30 13:27 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\TeamViewer
2014-07-30 12:50 - 2014-07-30 12:50 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-30 12:48 - 2014-07-30 12:49 - 06226040 _____ (TeamViewer GmbH) C:\Users\Pamela\Downloads\TeamViewer_Setup_en.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-29 12:20 - 2014-08-29 12:19 - 00021888 _____ () C:\Users\Pamela\Desktop\FRST.txt
2014-08-29 12:19 - 2014-08-29 12:19 - 00000000 ____D () C:\FRST
2014-08-29 12:18 - 2014-08-29 12:18 - 02103296 _____ (Farbar) C:\Users\Pamela\Desktop\FRST64.exe
2014-08-29 12:16 - 2014-07-20 18:28 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3114B720-DA75-4FC5-BE52-C11EC9F56BF1}
2014-08-29 12:06 - 2014-08-18 19:01 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA.job
2014-08-29 12:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-08-29 11:25 - 2014-07-20 18:27 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3009154357-2946078869-2494234241-1001
2014-08-29 11:23 - 2014-05-21 03:47 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-29 11:17 - 2014-05-21 03:08 - 01884078 _____ () C:\Windows\WindowsUpdate.log
2014-08-29 05:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-08-28 19:58 - 2014-07-21 10:33 - 00000035 _____ () C:\Windows\vbaddin.ini
2014-08-28 19:50 - 2014-08-28 19:50 - 00664868 _____ () C:\Users\Pamela\Downloads\zCumbeton_zerotheme.com.zip
2014-08-28 19:50 - 2014-08-28 19:50 - 00000000 ____D () C:\Users\Pamela\Downloads\zCumbeton_zerotheme.com
2014-08-28 19:06 - 2014-08-18 19:01 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core.job
2014-08-28 18:57 - 2014-07-23 17:57 - 00178284 _____ () C:\Users\Pamela\Documents\Database.kdb
2014-08-28 18:23 - 2014-05-21 03:47 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-28 18:09 - 2014-08-28 16:21 - 00000000 ____D () C:\Users\Pamela\Downloads\responsive-nav
2014-08-28 16:21 - 2014-08-28 16:21 - 00006729 _____ () C:\Users\Pamela\Downloads\responsive-nav.zip
2014-08-28 12:50 - 2014-08-28 12:50 - 00204568 _____ () C:\Users\Pamela\Downloads\bootstrap-3.2.0-dist.zip
2014-08-28 10:54 - 2014-08-28 10:53 - 00000000 ____D () C:\Users\Pamela\Desktop\Needed
2014-08-28 10:39 - 2014-08-28 10:39 - 00695920 _____ (RaMMicHaeL) C:\Users\Pamela\Downloads\unchecky_setup.exe
2014-08-28 10:39 - 2014-08-28 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2014-08-28 10:39 - 2014-08-28 10:39 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2014-08-28 10:38 - 2014-08-28 10:38 - 00001986 _____ () C:\Users\Pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-08-28 10:38 - 2014-08-28 10:38 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-08-28 10:37 - 2014-08-28 10:37 - 00264757 _____ () C:\Users\Pamela\Downloads\FHSetup.exe
2014-08-28 10:28 - 2014-08-28 10:28 - 04901352 _____ (Piriform Ltd) C:\Users\Pamela\Downloads\ccsetup417.exe
2014-08-28 10:28 - 2014-07-22 10:14 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-28 10:28 - 2014-07-22 10:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 10:26 - 2014-08-28 10:26 - 00001187 _____ () C:\DelFix.txt
2014-08-28 10:26 - 2014-08-26 10:38 - 00000000 ____D () C:\Windows\ERUNT
2014-08-27 20:04 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-27 09:58 - 2014-04-09 00:21 - 00949458 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 08:46 - 2014-08-27 08:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-27 08:34 - 2014-08-16 12:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 08:32 - 2014-07-20 18:24 - 00000000 ___DO () C:\Users\Pamela\OneDrive
2014-08-27 08:31 - 2014-04-09 00:06 - 00792076 _____ () C:\Windows\PFRO.log
2014-08-27 08:31 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 08:30 - 2014-05-21 03:37 - 00456064 _____ () C:\Users\Public\CAFADEBUG.log
2014-08-27 08:30 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-26 18:40 - 2014-08-26 17:22 - 00000000 ____D () C:\Users\Pamela\Downloads\Backgrounds
2014-08-26 16:27 - 2014-08-26 16:27 - 01898640 _____ (Irfan Skiljan) C:\Users\Pamela\Downloads\iview438_setup (1).exe
2014-08-26 16:20 - 2014-08-26 16:20 - 01898640 _____ (Irfan Skiljan) C:\Users\Pamela\Downloads\iview438_setup.exe
2014-08-26 14:00 - 2014-07-30 18:59 - 00000000 ____D () C:\Users\Pamela\AppData\Local\CrashDumps
2014-08-26 13:56 - 2014-08-26 13:56 - 00000000 ____D () C:\Users\Pamela\Downloads\zCumbeton
2014-08-26 10:52 - 2013-08-22 10:44 - 00479904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 10:36 - 2014-08-19 12:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-26 10:34 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-25 19:51 - 2014-08-24 14:48 - 00000000 ____D () C:\Users\Pamela\Documents\2013_Taxes
2014-08-25 12:58 - 2014-07-21 15:59 - 00000000 ____D () C:\Users\Pamela\Documents\2012_Taxes
2014-08-25 11:33 - 2014-07-21 16:01 - 00000000 ____D () C:\Users\Pamela\Documents\Invoices_Spreadsheets
2014-08-21 17:41 - 2014-08-21 17:41 - 00000000 ____D () C:\Program Files\runphp
2014-08-21 17:41 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2014-08-21 17:40 - 2014-08-21 17:40 - 00000000 ____D () C:\Users\Pamela\Downloads\runphp
2014-08-21 17:38 - 2014-08-21 17:37 - 00000000 ____D () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86 (1)
2014-08-21 17:37 - 2014-08-21 17:37 - 00000621 _____ () C:\Users\Pamela\Downloads\runphp.zip
2014-08-21 16:13 - 2014-08-21 16:13 - 00000000 ____D () C:\Users\Pamela\Downloads\creative-company
2014-08-21 16:05 - 2014-08-21 16:05 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Pamela\Downloads\SpyHunter-Installer.exe
2014-08-20 17:25 - 2014-07-20 18:25 - 00002173 _____ () C:\Users\Pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-08-20 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppCompat
2014-08-19 13:34 - 2014-08-19 12:44 - 00000000 ____D () C:\Users\Pamela\Documents\Calibre Library
2014-08-19 13:33 - 2014-08-19 13:33 - 00252565 _____ () C:\Users\Pamela\Downloads\iOS reader applications.zip
2014-08-19 13:28 - 2014-08-19 12:44 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\calibre
2014-08-19 13:23 - 2014-08-19 13:23 - 00000000 ____D () C:\Users\Pamela\Downloads\tools_v6.0.9
2014-08-19 13:22 - 2014-08-19 13:22 - 01816358 _____ () C:\Users\Pamela\Downloads\tools_v6.0.9.zip
2014-08-19 13:11 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\Documents\My Kindle Content
2014-08-19 13:10 - 2014-08-19 12:45 - 00000000 ____D () C:\Users\Pamela\AppData\Local\calibre-cache
2014-08-19 13:07 - 2014-08-19 13:07 - 00000000 ____D () C:\Users\Pamela\Downloads\K4MobiDeDRM_v03.5_plugin
2014-08-19 13:05 - 2014-08-19 13:05 - 00049357 _____ () C:\Users\Pamela\Downloads\K4MobiDeDRM_v03.5_plugin.zip
2014-08-19 13:02 - 2014-08-19 12:56 - 00000000 ____D () C:\ProgramData\625c78502d08bdca
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Guest
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-19 12:56 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Administrator
2014-08-19 12:56 - 2014-07-20 18:25 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Google
2014-08-19 12:56 - 2014-05-21 03:47 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-19 12:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-19 12:44 - 2014-08-19 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-08-19 12:44 - 2014-08-19 12:44 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-08-19 12:43 - 2014-08-19 12:42 - 56419840 _____ () C:\Users\Pamela\Downloads\calibre-1.48.0.msi
2014-08-19 12:40 - 2014-08-19 12:40 - 38157960 _____ (Amazon.com) C:\Users\Pamela\Downloads\KindleForPC-installer.exe
2014-08-19 12:40 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-08-19 12:40 - 2014-08-19 12:40 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Amazon
2014-08-18 19:01 - 2014-08-18 19:01 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA
2014-08-18 19:01 - 2014-08-18 19:01 - 00003496 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core
2014-08-18 19:01 - 2014-07-20 18:42 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Mozilla
2014-08-18 18:23 - 2014-08-16 10:28 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-18 17:24 - 2014-07-21 14:50 - 00000000 ___RD () C:\Users\Pamela\Google Drive
2014-08-18 17:24 - 2014-05-21 03:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-16 13:02 - 2014-08-16 13:02 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-16 13:02 - 2014-08-16 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-08-16 13:02 - 2014-08-16 13:02 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-16 13:00 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-16 12:55 - 2014-05-21 03:51 - 00000000 ____D () C:\ProgramData\Norton
2014-08-16 12:54 - 2014-05-21 03:51 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-16 12:33 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 12:00 - 2014-08-16 12:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-16 11:59 - 2014-08-16 11:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pamela\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-16 11:29 - 2014-07-20 18:20 - 00000000 ____D () C:\Users\Pamela
2014-08-16 11:27 - 2014-07-31 16:14 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-16 11:27 - 2014-07-31 16:13 - 00000000 ____D () C:\Users\.NET v2.0 Classic
2014-08-16 11:27 - 2014-07-31 16:13 - 00000000 ____D () C:\Users\.NET v2.0
2014-08-16 11:27 - 2014-07-31 16:12 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-08-16 11:27 - 2013-08-22 11:36 - 00000000 __RSD () C:\Windows\Media
2014-08-16 11:26 - 2014-05-21 03:51 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SystemResources
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\WindowsInternal.Inbox.Shared
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\WindowsInternal.Inbox.Media.Shared
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2014-08-16 11:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2014-08-16 11:26 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-08-16 11:26 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\servicing
2014-08-16 11:25 - 2014-08-16 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-16 11:25 - 2014-08-13 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beyond Compare 3
2014-08-16 11:25 - 2014-08-13 18:26 - 00000000 ____D () C:\Program Files (x86)\Beyond Compare 3
2014-08-16 11:25 - 2014-07-23 18:04 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\KeePass
2014-08-16 11:25 - 2014-07-20 19:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 11:25 - 2014-07-20 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-16 11:25 - 2014-07-20 18:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 97
2014-08-16 11:25 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Globalization
2014-08-16 11:25 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-16 11:15 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\registration
2014-08-16 11:08 - 2014-07-20 18:21 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Adobe
2014-08-16 10:12 - 2014-08-16 10:12 - 00895120 _____ (Google Inc.) C:\Users\Pamela\Downloads\ChromeSetup.exe
2014-08-15 15:18 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-15 15:15 - 2014-08-15 15:15 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Macromedia
2014-08-15 14:06 - 2014-07-21 15:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 14:03 - 2014-07-21 15:34 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 05:04 - 2014-04-09 00:19 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-08-15 05:02 - 2014-07-21 14:48 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-15 05:01 - 2014-04-09 00:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 05:01 - 2014-04-09 00:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 05:01 - 2014-04-09 00:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 05:01 - 2013-08-22 07:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 05:01 - 2013-08-22 07:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 05:01 - 2013-08-22 07:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 05:01 - 2013-08-22 07:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 05:01 - 2013-08-22 07:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 05:01 - 2013-08-22 07:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 05:01 - 2013-08-22 06:32 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 05:01 - 2013-08-22 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 05:01 - 2013-08-21 23:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 05:01 - 2013-08-21 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 05:01 - 2013-08-21 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 05:01 - 2013-08-21 23:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 05:01 - 2013-08-21 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 18:26 - 2014-08-13 18:26 - 05999792 _____ (Scooter Software ) C:\Users\Pamela\Downloads\BCompare-3.3.12.18414.exe
2014-08-13 18:26 - 2014-08-13 18:26 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Scooter Software
2014-08-13 15:42 - 2014-08-13 15:42 - 00218511 _____ () C:\Users\Pamela\Downloads\Tahoma.ttf
2014-08-13 15:38 - 2014-08-13 15:38 - 00035262 _____ () C:\Windows\Pamela.acl
2014-08-13 09:15 - 2014-07-21 14:03 - 00000000 ____D () C:\Program Files (x86)\HealthCalls
2014-08-12 14:40 - 2013-08-22 09:25 - 00000188 _____ () C:\Windows\win.ini
2014-08-11 18:28 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft WebMatrix
2014-08-11 11:49 - 2014-08-11 11:49 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-11 11:49 - 2014-08-11 11:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-07 15:36 - 2014-08-07 15:36 - 00001089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-07 11:33 - 2014-08-07 11:33 - 00000000 ____D () C:\Users\Pamela\Downloads\html5up-strongly-typed
2014-08-07 11:27 - 2014-08-07 11:27 - 00000000 ____D () C:\Users\Pamela\Downloads\html5up-striped
2014-08-06 22:12 - 2014-08-15 05:04 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-06 20:15 - 2014-08-06 20:15 - 00492367 _____ () C:\Users\Pamela\Downloads\html5up-striped.zip
2014-08-06 20:14 - 2014-08-06 20:14 - 00603815 _____ () C:\Users\Pamela\Downloads\html5up-strongly-typed.zip
2014-08-06 20:11 - 2014-08-06 20:11 - 00651375 _____ () C:\Users\Pamela\Downloads\zCumbeton.rar
2014-08-06 19:30 - 2014-08-06 19:30 - 17025700 _____ () C:\Users\Pamela\Downloads\php-5.3.28-nts-Win32-VC9-x86.zip
2014-08-06 19:11 - 2014-08-06 19:11 - 00000000 ____D () C:\Users\Pamela\Downloads\moderna_bt
2014-08-06 18:39 - 2014-08-15 05:04 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-06 17:22 - 2014-08-06 17:22 - 01616261 _____ () C:\Users\Pamela\Downloads\moderna_bt.zip
2014-08-05 14:29 - 2014-08-05 14:26 - 00000000 ____D () C:\Program Files\Nightly
2014-08-05 14:29 - 2014-07-20 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-05 14:25 - 2014-08-05 14:25 - 39713178 _____ () C:\Users\Pamela\Downloads\firefox-34.0a1.en-US.win64-x86_64.installer.exe
2014-08-05 14:14 - 2014-08-05 13:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 14:13 - 2014-08-05 13:58 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 14:13 - 2014-08-05 13:54 - 00001134 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-05 13:54 - 2014-08-05 13:54 - 00000000 ____D () C:\Users\Pamela\AppData\Local\Mozilla
2014-08-05 13:53 - 2014-08-05 13:53 - 32239888 _____ () C:\Users\Pamela\Downloads\Firefox Setup 31.0.exe
2014-08-05 13:35 - 2014-08-05 13:35 - 00244120 _____ () C:\Users\Pamela\Downloads\Firefox Setup Stub 31.0.exe
2014-08-04 14:53 - 2014-08-04 14:53 - 00000000 ____D () C:\Users\Pamela\Documents\creative-company
2014-08-04 14:53 - 2014-08-04 14:51 - 00580883 _____ () C:\Users\Pamela\Downloads\creative-company.zip
2014-08-04 14:29 - 2014-08-04 14:29 - 00000000 ____D () C:\Users\Pamela\Documents\captivate
2014-08-04 14:24 - 2014-08-04 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-04 14:24 - 2014-08-04 14:24 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-04 14:23 - 2014-08-04 14:23 - 01376768 _____ () C:\Users\Pamela\Downloads\7z920-x64.msi
2014-08-04 13:15 - 2014-07-21 16:00 - 00000000 ____D () C:\Users\Pamela\Documents\AutoReports
2014-08-01 23:56 - 2014-08-15 05:04 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-01 23:11 - 2014-08-15 05:04 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-01 20:17 - 2014-07-21 15:42 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 20:17 - 2014-07-21 15:42 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 15:22 - 2014-08-01 15:22 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Oracle
2014-08-01 15:21 - 2014-08-01 15:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 15:21 - 2014-08-01 15:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Sun
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 15:21 - 2014-08-01 15:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 15:20 - 2014-08-01 15:20 - 00918952 _____ (Oracle Corporation) C:\Users\Pamela\Downloads\chromeinstall-7u65.exe
2014-08-01 15:19 - 2014-08-01 15:19 - 00001784 _____ () C:\Users\Pamela\Downloads\Printer-Jumpstart.jnlp
2014-07-31 18:31 - 2014-07-31 18:31 - 00025667 _____ () C:\Users\Pamela\Downloads\NCS_Clients.xlsx
2014-07-31 16:57 - 2014-07-31 16:57 - 00000000 ____D () C:\Users\Pamela\Documents\My Web Sites
2014-07-31 16:57 - 2014-07-31 16:57 - 00000000 ____D () C:\Users\Pamela\Documents\IISExpress
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\Microsoft Corporation
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft WebMatrix
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files\IIS Express
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files\IIS
2014-07-31 16:56 - 2014-07-31 16:56 - 00000000 ____D () C:\Program Files (x86)\IIS
2014-07-31 16:56 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-07-31 16:55 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-07-31 16:55 - 2014-07-31 16:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-31 16:53 - 2014-07-31 16:53 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\WebMatrixWeb.exe
2014-07-31 16:45 - 2014-07-31 16:45 - 01017600 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\vns_full.exe
2014-07-31 16:33 - 2014-07-31 16:33 - 00116384 _____ (Microsoft Corporation) C:\Users\Pamela\Downloads\VWD2010SP1AzurePack.exe
2014-07-31 16:33 - 2014-07-31 16:33 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2014-07-31 16:21 - 2013-08-22 10:46 - 00016885 _____ () C:\Windows\setupact.log
2014-07-31 16:15 - 2014-07-31 16:15 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2014-07-31 16:14 - 2014-07-31 16:14 - 00000020 ___SH () C:\Users\.NET v2.0\ntuser.ini
2014-07-31 16:14 - 2014-07-31 16:11 - 00052174 _____ () C:\Windows\iis.log
2014-07-31 16:14 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-07-31 16:14 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-07-31 16:13 - 2014-07-31 16:13 - 00000020 ___SH () C:\Users\Classic .NET AppPool\ntuser.ini
2014-07-31 16:13 - 2014-07-31 16:13 - 00000020 ___SH () C:\Users\.NET v2.0 Classic\ntuser.ini
2014-07-31 16:12 - 2014-07-31 16:12 - 00974976 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-07-31 16:11 - 2014-07-31 16:11 - 00000000 ____D () C:\inetpub
2014-07-31 16:10 - 2014-04-09 00:28 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2014-07-31 16:10 - 2014-04-09 00:28 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2014-07-31 16:10 - 2014-04-09 00:28 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2014-07-31 16:10 - 2014-04-09 00:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2014-07-31 16:10 - 2013-08-22 07:25 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\aspperf.dll
2014-07-31 16:10 - 2013-08-21 23:59 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspperf.dll
2014-07-30 13:27 - 2014-07-30 12:51 - 00000000 ____D () C:\Users\Pamela\AppData\Roaming\TeamViewer
2014-07-30 12:50 - 2014-07-30 12:50 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-30 12:49 - 2014-07-30 12:48 - 06226040 _____ (TeamViewer GmbH) C:\Users\Pamela\Downloads\TeamViewer_Setup_en.exe
 
Some content of TEMP:
====================
C:\Users\Pamela\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-25 02:34
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by Pamela at 2014-08-29 12:20:23
Running from C:\Users\Pamela\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{893CB813-4179-4BFE-8D33-ABCC38816B48}) (Version: 1.0.6 - Amazon)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Beyond Compare 3.3.12 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.12.18414 - Scooter Software)
calibre (HKLM-x32\...\{DD649DA2-BBD9-4247-85DD-E04F7C1E8552}) (Version: 1.48.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.36.50 - Conexant)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.3920.05 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Digital Pass Launcher (HKLM-x32\...\{2359C6E9-DE4F-4FDA-9C12-AE6EFC2EE330}) (Version: 1.0.0.0 - TOSHIBA America Information Systems, Inc)
DTS Sound (HKLM-x32\...\{5B54DDC3-0ACC-4722-9C23-C3F07AF4825D}) (Version: 1.01.6700 - DTS, Inc.)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HlthCalls (HKLM-x32\...\ST6UNST #1) (Version:  - )
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Chipset Device Software (Version: 10.0.13 - Intel Corporation) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.9.0.1001 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
KeePass Password Safe 1.27 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.27 - Dominik Reichl)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version:  - )
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version:  - )
Microsoft WebMatrix 3 (HKLM-x32\...\{4C1CB8FA-89A5-476A-89B6-C69BDC668A9F}) (Version: 2.0.1932 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0a1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.0.3.0 - Toshiba Corporation)
TOSHIBA Password Utility (Version: 6.0.3.0 - Toshiba Corporation) Hidden
Toshiba Quality Application (x32 Version: 1.0.9.4B2 - TOSHIBA) Hidden
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unchecky v0.2.15 (HKLM-x32\...\Unchecky) (Version: 0.2.15 - RaMMicHaeL)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
28-08-2014 14:26:47 End of disinfection
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2014-08-28 10:39 - 00001138 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
0.0.0.0 cdn.bisrv.com
 
There are 3 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {057F2963-654E-4DF3-90E0-8EA202E79118} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-15] (Microsoft Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CEC0127-DC5D-48FE-8613-E5CC606B641E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {17BADB45-EE00-484C-967F-CCEAC3E74C97} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21BAC06B-7F59-4169-B8D7-0E8B6069B1F4} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2288088E-90B7-4C4F-AACA-E07FEB1EB2A0} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31C8A8ED-2628-4896-AE68-95AE78713CCE} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {38005E53-10A8-47F3-85E8-13411D869249} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {3840739C-82D3-46A9-BD4D-2AC0545DB8AC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {38A5169A-5575-403D-84E2-C023DBDF78BB} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {39214707-E975-45A6-8A84-1908A3BDCB3A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3FE58958-7CCE-42F8-9771-E7FA79650779} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA => C:\Users\Pamela\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {43335F32-97CC-4C4E-958B-4FAF6EA163CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6118C4B9-C109-4B92-AAD4-7BEF0662215B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {63DD5B30-7081-46EC-98C1-1B6D82DE4DAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {85E7EE51-F3ED-48BC-937A-66C0D4AD14B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E651716-E211-4AFF-BB5E-6DF5456D51C7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe
Task: {9995C110-ED39-4871-AEC4-710F66CB9EFC} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A093E72A-42BB-407D-B48A-055373D3C46B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {AD2DFB9B-6A2D-411D-AB65-8A9E4167F0F5} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {BB62FECE-8907-4E1E-A05C-29E2D4AD5462} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C53406FA-6B12-4F07-984E-6D263FDDF029} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E4547329-E45F-4AE2-A0AB-E6E1890EB524} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EB82D48B-5948-4DB4-8E47-0C165D44F68B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core => C:\Users\Pamela\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001Core.job => C:\Users\Pamela\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3009154357-2946078869-2494234241-1001UA.job => C:\Users\Pamela\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-21 17:09 - 2014-03-21 17:09 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
1997-07-11 00:00 - 1997-07-11 00:00 - 00051984 _____ () C:\Program Files (x86)\Microsoft Office 97\Office\OSA.EXE
1997-07-11 00:00 - 1997-07-11 00:00 - 03782416 _____ () C:\Program Files (x86)\Microsoft Office 97\Office\MSO97.DLL
2014-05-21 03:10 - 2014-03-06 16:15 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 03530752 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\f2bf020fc6307e10194fd94e85d52a72\Windows.UI.Xaml.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 01766400 _____ () C:\Users\Pamela\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Dae4911807#\9aa7982f3aa85937f43bcce33b977b26\Arkadium.DailyChallengeModule.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00929792 _____ () C:\Users\Pamela\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi3ea2618e#\8dc4d41112fff09eba5031385bbe363a\Arkadium.Win8.PuzzleMode.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00228864 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cf021988965369c551bb0987fe019862\Windows.Foundation.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 01130496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\224ab0385dc2991b9139bdbf7bcf8e0e\Windows.ApplicationModel.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00960000 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\c95c4deae76420a882bef7161a449d72\Windows.UI.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00122880 _____ () C:\Users\Pamela\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ap4e5cc921#\d37ff81949f545d76ed5cf78c0d9e8fb\Arkadium.ApplicationFramework.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00661504 _____ () C:\Users\Pamela\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ad1735b4ba#\505bfa5725b1ca3bf6c8d999c846bbbb\Arkadium.Advertisement.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00295936 _____ () C:\Users\Pamela\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi4bbc307d#\776742737429410874ef4a0a5c0a63b8\Arkadium.WindowsStoreModule.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00169984 _____ () C:\Users\Pamela\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Acc213f109#\60685fa5be657b3f5fe82a187d72f776\Arkadium.AchievementsModule.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00274432 _____ () C:\Users\Pamela\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Awd4f12c8f#\74fc178c510995e575727da813c3ead2\Arkadium.AwardsModule.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00322560 _____ () C:\Users\Pamela\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Le816657bc#\d6d117ac0a04524d78606bc4f07336be\Arkadium.LeaderboardModule.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00122880 _____ () C:\Users\Pamela\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Xaba8eb3bf#\4fb1946fed71afa8fc8ec63ab0c9ef73\Arkadium.Xaml.Toolkit.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00283136 _____ () C:\Users\Pamela\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.CdnModule\dc5a90556b895cb6b3d33cce8eae408b\Arkadium.CdnModule.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00483840 _____ () C:\Users\Pamela\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\7334cf3cd56e548536e510cce0ed4e14\Microsoft.Xbox.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00770560 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Media\ae986fe3d2717c157eb1eeeb4d99aaa1\Windows.Media.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00227328 _____ () C:\Users\Pamela\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CEServices\5c7c9f4bd1fc9e9f637b2435b69ce105\CEServices.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00808448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f3deb382d1f91df4e2bf1801afb4ea21\Windows.Storage.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00402432 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Security\27136c94fce321fc4e76bccb5fc38fe0\Windows.Security.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00238080 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00797696 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\66db718389f1cd2503053c09b3de857f\Windows.Networking.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00133120 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.System\726121cd59d8545addcd2c64688b5309\Windows.System.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00304128 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00041984 _____ () C:\Users\Pamela\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.G42d2c636#\c9c9d32d102cd8eb4ad7d760ede11f62\Microsoft.Games.Sentient.ni.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 00337920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\95e459fe3e0f12f2dc9f48fb91886621\Windows.Data.ni.dll
2014-07-29 04:26 - 2014-07-29 04:26 - 00012800 _____ () C:\Users\Pamela\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Sh130cfbe4#\9ef21ae2ff95f96dcc5d7181d3ef82d5\Arkadium.SharpDXEngine.AudioLoader.ni.dll
2014-07-28 19:32 - 2014-07-28 19:32 - 00038912 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.3.1407.252_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.AudioLoader.dll
2014-07-29 04:25 - 2014-07-29 04:25 - 01282048 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
2014-07-20 18:42 - 2014-06-10 04:50 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-07-20 18:42 - 2014-06-10 04:50 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-07-20 18:42 - 2014-06-10 04:50 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-08-16 10:28 - 2014-08-06 23:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-16 10:28 - 2014-08-06 23:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-16 10:28 - 2014-08-06 23:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-16 10:28 - 2014-08-06 23:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-16 10:28 - 2014-08-06 23:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Pamela\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/27/2014 09:32:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (08/27/2014 08:46:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (08/27/2014 08:38:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program KNFB.Blio.exe version 2.0.0.3611 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1610
 
Start Time: 01cfc1f3d23e20e3
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.DigitalPassbyToshiba_2.0.3611.0_x64__vwcaa66y1ah8t\KNFB.Blio.exe
 
Report Id: 1a5f9df0-2de7-11e4-827c-c454446a59a1
 
Faulting package full name: K-NFBReadingTechnologiesI.DigitalPassbyToshiba_2.0.3611.0_x64__vwcaa66y1ah8t
 
Faulting package-relative application ID: App
 
Error: (08/27/2014 08:38:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TOSHIBA)
Description: App K-NFBReadingTechnologiesI.DigitalPassbyToshiba_2.0.3611.0_x64__vwcaa66y1ah8t+App did not launch within its allotted time.
 
Error: (08/26/2014 01:59:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17090, time stamp: 0x53413518
Exception code: 0xc0000005
Fault offset: 0x000000000012c274
Faulting process id: 0x5c4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (08/26/2014 11:19:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmamain.exe version 1.4.0.24 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a94
 
Start Time: 01cfc141136767b8
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.4.0.24_x86__v68kp9n051hdp\mmamain.exe
 
Report Id: 5ac857a2-2d34-11e4-827b-c454446a59a1
 
Faulting package full name: SymantecCorporation.NortonStudio_1.4.0.24_x86__v68kp9n051hdp
 
Faulting package-relative application ID: App
 
Error: (08/26/2014 11:19:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TOSHIBA)
Description: App SymantecCorporation.NortonStudio_1.4.0.24_x86__v68kp9n051hdp+App did not launch within its allotted time.
 
 
System errors:
=============
Error: (08/26/2014 10:46:37 AM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (08/26/2014 10:46:07 AM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (08/26/2014 10:45:37 AM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
 
Microsoft Office Sessions:
=========================
Error: (08/27/2014 09:32:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (08/27/2014 08:46:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Pamela\AppData\Local\Temp\ICD1.tmp\ESETSmartInstaller.exe
 
Error: (08/27/2014 08:38:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: KNFB.Blio.exe2.0.0.3611161001cfc1f3d23e20e34294967295C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.DigitalPassbyToshiba_2.0.3611.0_x64__vwcaa66y1ah8t\KNFB.Blio.exe1a5f9df0-2de7-11e4-827c-c454446a59a1K-NFBReadingTechnologiesI.DigitalPassbyToshiba_2.0.3611.0_x64__vwcaa66y1ah8tApp
 
Error: (08/27/2014 08:38:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TOSHIBA)
Description: K-NFBReadingTechnologiesI.DigitalPassbyToshiba_2.0.3611.0_x64__vwcaa66y1ah8t+App
 
Error: (08/26/2014 01:59:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1703953156588SHELL32.dll6.3.9600.1709053413518c0000005000000000012c2745c401cfc13d64163d39C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dllc7ee9722-2d4a-11e4-827b-c454446a59a1
 
Error: (08/26/2014 11:19:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mmamain.exe1.4.0.24a9401cfc141136767b84294967295C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.4.0.24_x86__v68kp9n051hdp\mmamain.exe5ac857a2-2d34-11e4-827b-c454446a59a1SymantecCorporation.NortonStudio_1.4.0.24_x86__v68kp9n051hdpApp
 
Error: (08/26/2014 11:19:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TOSHIBA)
Description: SymantecCorporation.NortonStudio_1.4.0.24_x86__v68kp9n051hdp+App
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-26 12:24:25.991
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-22 03:14:46.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-21 03:50:16.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-16 13:24:07.786
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 31%
Total physical RAM: 8112.14 MB
Available physical RAM: 5554.91 MB
Total Pagefile: 9392.14 MB
Available Pagefile: 6697.36 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (TI10692200C) (Fixed) (Total:921.26 GB) (Free:882.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
Here's the requested items. I sure hope I did not inadvertently do something to screw this up. Believe me when I say, if it was me, it was definitely unintentional. I've tried to do as requested in all cases.
 
As always your help is much appreciated. 
Pam


#14 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 29 August 2014 - 04:04 PM

Here's the requested items. I sure hope I did not inadvertently do something to screw this up. Believe me when I say, if it was me, it was definitely unintentional. I've tried to do as requested in all

You've made no mistakes and have been very easy to work with and instruct. :thumbsup2: I don't see anything in the Chrome settings that would have the Adchoices popup continuing to persist. It looks as though we may have to reset Chrome to it's original default setting and see if that will remove it.

However, before we do that, let's manually check a couple things in Chrome.


Step 1: Check Chrome Extensions

Start Chrome and type this into the address bar: chrome:extensions

This will display a page of all the installed extensions. Please look them over and see if you see any with the name Ad Choices. If you do, press the trash can icon at the end of the line to delete it.

Step 2: Check Chrome Settings

Type this into your Chrome address bar: Chrome:// settings and choose 'Manage search engines'.

Change search engine to Google and delete AdChoices, Search Results and similar entries from the list if they exist.

Go to section On start and make sure you get blank page while creating new tab.


Please let me know if you find anything related to AdChoices in either of those areas.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#15 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 02 September 2014 - 05:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users