Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please help diagnose


  • This topic is locked This topic is locked
28 replies to this topic

#1 ginnyoneal

ginnyoneal

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the woods
  • Local time:03:12 PM

Posted 31 October 2014 - 02:10 AM

It has been along time since I have used Hijackthis. I just don't remember how to read the logs like I use to. I have already removed what I saw as missing files. I had a virus a few days ago, Dropper Generic- AVG took care of it. I tried other antivirus programs for my mother (she is new to the internet, and I needed something "dummiefied" for her).

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:01:34 AM, on 10/31/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17116)

FIREFOX: 33.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Users\Owner\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Users\Owner\Downloads\HijackThis(1).exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1014avt] C:\Users\Owner\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe /PROMPT /mid=237deb57522347d29d1ed1c5bcadd78e-78f03de7de6105bd691e2e5296e1deb216272f4d /CMPID=1014avt
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Classic Shell Service (ClassicShellService) - IvoSoft - C:\Program Files\Classic Shell\ClassicShellService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\windows\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA HDD Accelerator Service (THAccelSvc) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA eco Utility Service - Toshiba Corporation - C:\Program Files\Toshiba\Teco\TecoService.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9852 bytes
 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:12 AM

Posted 01 November 2014 - 07:28 AM

:welcome:

Hello ginnyoneal,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 ginnyoneal

ginnyoneal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the woods
  • Local time:03:12 PM

Posted 02 November 2014 - 01:52 PM

Thank you..

Security Check Scan:

Results of screen317's Security Check version 0.99.89
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Internet Security 2015
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player     15.0.0.152
Mozilla Firefox (33.0)
Mozilla Thunderbird (31.2.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

 

Farbar First Scan:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by Owner (administrator) on GINNY on 02-11-2014 10:32:57
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\ProgramData\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Owner\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3700134658-662236065-3368852867-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3700134658-662236065-3368852867-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-3700134658-662236065-3368852867-1001\...\Run: [AVG-Secure-Search-Update_1014avt] => C:\Users\Owner\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe [2774040 2014-09-23] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_23_ff&cd=2XzuyEtN2Y1L1Qzu0CtD0DzyyCtBzztBtCyEtBtC0B0A0B0CtN0D0Tzu0SzzzzyEtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0BtA0Czz0C0C0AtGyD0EtA0EtGyByCtDzztGtB0BtAtAtGtD0D0FtC0DyB0EzztDtD0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEtCtCyByC0AtAtG0DyDyEyCtGzzyD0E0CtG0Bzy0DyBtGtAyBzy0AtCtB0BtCyD0AyC0B2Q&cr=544123871&ir=
SearchScopes: HKLM - {A509A8E8-BF15-4C2B-8F72-0099C8FCFBCA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_23_ff&cd=2XzuyEtN2Y1L1Qzu0CtD0DzyyCtBzztBtCyEtBtC0B0A0B0CtN0D0Tzu0SzzzzyEtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0BtA0Czz0C0C0AtGyD0EtA0EtGyByCtDzztGtB0BtAtAtGtD0D0FtC0DyB0EzztDtD0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEtCtCyByC0AtAtG0DyDyEyCtGzzyD0E0CtG0Bzy0DyBtGtAyBzy0AtCtB0BtCyD0AyC0B2Q&cr=544123871&ir=
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxp://xfinity.comcast.net/
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinitylcsearch.xml
FF Extension: ColorfulTabs - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-05-27]
FF Extension: XFINITY Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\Extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f} [2014-06-08]
FF Extension: Facebook Ads Block - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\Extensions\jid1-CGxMej0nDJTjwQ@jetpack.xpi [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-20]
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-25] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [50688 2012-07-25] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [45056 2012-07-25] (Microsoft Corporation)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214928 2013-10-17] (TOSHIBA CORPORATION)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [262424 2014-10-07] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-25] (Microsoft Corporation)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 10:32 - 2014-11-02 10:33 - 00018841 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-11-02 10:32 - 2014-11-02 10:33 - 00000000 ____D () C:\FRST
2014-11-01 16:21 - 2014-11-01 16:21 - 00854448 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-11-01 16:19 - 2014-11-01 16:20 - 02114048 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-10-31 18:50 - 2014-11-01 19:35 - 00063734 _____ () C:\windows\WindowsUpdate.log
2014-10-31 03:22 - 2014-10-31 03:22 - 00178079 _____ () C:\Users\Owner\Downloads\orderstorm-wordpress-e-commerce.0.6.2.1-2013.06.12.zip
2014-10-31 01:41 - 2014-10-31 01:41 - 00176766 _____ () C:\Users\Owner\Downloads\woothemes-updater.zip
2014-10-31 01:40 - 2014-10-31 01:40 - 00835777 _____ () C:\Users\Owner\Downloads\mystile.zip
2014-10-31 00:16 - 2014-10-31 00:16 - 00000000 ____D () C:\Program Files\AutoRun
2014-10-31 00:09 - 2014-10-31 00:09 - 00511633 _____ () C:\Users\Owner\Downloads\Autoruns.zip
2014-10-30 22:29 - 2014-10-30 22:33 - 00000000 ____D () C:\Users\Owner\Downloads\backups
2014-10-30 22:27 - 2014-10-30 23:01 - 00009853 _____ () C:\Users\Owner\Downloads\hijackthis.log
2014-10-30 22:26 - 2014-10-30 22:26 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis(1).exe
2014-10-29 13:34 - 2014-10-30 18:55 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
2014-10-28 15:00 - 2014-10-21 19:34 - 00010777 _____ () C:\windows\system32\AutoconfigV2.cab
2014-10-28 15:00 - 2014-10-21 19:33 - 00581016 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-10-28 15:00 - 2014-10-21 19:33 - 00462760 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-10-28 15:00 - 2014-10-21 17:08 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-10-28 15:00 - 2014-10-21 17:08 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 15:00 - 2014-10-21 17:01 - 00695808 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-10-28 15:00 - 2014-10-21 17:01 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-10-28 15:00 - 2014-10-21 17:01 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 15:00 - 2014-10-21 17:00 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2014-10-28 13:50 - 2014-10-28 13:54 - 00000000 ____D () C:\Users\Owner\New PLR
2014-10-28 06:48 - 2014-10-28 13:57 - 00000000 ____D () C:\Users\Owner\PLR Zipped
2014-10-28 05:03 - 2014-10-28 06:49 - 00000000 ____D () C:\Users\Owner\Software Opened
2014-10-28 05:03 - 2014-10-28 05:03 - 00000000 ____D () C:\Users\Owner\eBooks Opened
2014-10-28 04:51 - 2014-10-31 06:44 - 00000000 ____D () C:\Users\Owner\Ready to Send
2014-10-28 03:02 - 2014-10-28 03:04 - 00000000 ____D () C:\Users\Owner\My WooCommerce
2014-10-28 01:52 - 2014-10-28 01:52 - 00010752 ___SH () C:\Users\Owner\Thumbs.db
2014-10-28 00:32 - 2014-11-02 10:18 - 00000544 _____ () C:\windows\Tasks\AVG_SYS_TASK_1014avt.job
2014-10-28 00:32 - 2014-11-02 10:18 - 00000412 _____ () C:\windows\Tasks\AVG_SYS_TASK_1014avt_DELETE.job
2014-10-28 00:32 - 2014-10-31 00:56 - 00002820 _____ () C:\windows\System32\Tasks\AVG_SYS_TASK_1014avt
2014-10-28 00:32 - 2014-10-28 00:32 - 00002894 _____ () C:\windows\System32\Tasks\AVG_SYS_TASK_1014avt_DELETE
2014-10-28 00:32 - 2014-10-28 00:32 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Avg_Update_1014avt
2014-10-27 23:39 - 2014-10-27 23:40 - 00012800 ___SH () C:\Users\Owner\Downloads\Thumbs.db
2014-10-27 21:04 - 2014-10-31 05:30 - 00000000 ____D () C:\Users\Owner\My Busin.. Ebooks-Free
2014-10-27 21:04 - 2014-10-28 15:17 - 00000000 ____D () C:\Users\Owner\My Business Software
2014-10-27 21:03 - 2014-10-28 13:46 - 00000000 ____D () C:\Users\Owner\My Busin.. Ebooks-Sell
2014-10-27 20:58 - 2014-10-28 14:47 - 00000000 ____D () C:\Users\Owner\My WordPress_Plug-ins
2014-10-27 20:52 - 2014-10-31 05:30 - 00000000 ____D () C:\Users\Owner\My Busin.. Ebooks-Needs Editing
2014-10-27 20:52 - 2014-10-28 12:58 - 00000000 ____D () C:\Users\Owner\My WordPress Themes
2014-10-27 17:51 - 2014-10-27 17:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\OpenOffice
2014-10-27 17:50 - 2014-10-27 17:50 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-10-27 17:50 - 2014-10-27 17:50 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-10-27 17:49 - 2014-10-27 17:50 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-10-27 17:48 - 2014-10-27 17:48 - 00000000 ____D () C:\Program Files\OpenOffice
2014-10-27 17:41 - 2014-10-27 17:45 - 140852175 _____ () C:\Users\Owner\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-10-27 16:56 - 2014-10-27 16:56 - 00000000 ____D () C:\Users\Owner\StartupPro2.5.1Package
2014-10-27 00:04 - 2014-10-28 00:32 - 00000000 ____D () C:\ProgramData\Avg_Update_1014avt
2014-10-26 23:38 - 2014-10-26 23:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG
2014-10-26 23:38 - 2014-10-26 23:38 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg
2014-10-26 23:36 - 2014-10-26 23:39 - 00000000 ____D () C:\ProgramData\AVG
2014-10-26 23:34 - 2014-10-26 23:35 - 87520056 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_tuh_stf_all_2015_105_24c4.exe
2014-10-26 22:45 - 2014-10-26 23:10 - 00022863 _____ () C:\windows\diagwrn.xml
2014-10-26 22:45 - 2014-10-26 23:10 - 00022863 _____ () C:\windows\diagerr.xml
2014-10-26 22:19 - 2014-10-26 22:19 - 00000000 ____D () C:\windows\SysWOW64\vbox
2014-10-26 22:19 - 2014-10-26 22:19 - 00000000 ____D () C:\windows\system32\vbox
2014-10-26 20:37 - 2014-10-26 20:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-26 20:34 - 2014-10-26 20:34 - 05004328 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-10-26 15:51 - 2014-10-26 15:51 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-26 15:08 - 2014-10-26 15:08 - 19953976 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2014-10-25 06:01 - 2014-10-09 20:47 - 00693248 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-25 06:01 - 2014-10-09 20:47 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-25 06:01 - 2014-10-07 20:26 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-25 06:01 - 2014-06-30 14:42 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-10-25 06:01 - 2014-06-30 14:42 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-10-25 00:40 - 2014-10-25 00:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG2015
2014-10-25 00:39 - 2014-10-25 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-25 00:39 - 2014-10-25 00:39 - 00000936 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-25 00:39 - 2014-10-25 00:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TuneUp Software
2014-10-25 00:38 - 2014-10-26 23:38 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-25 00:38 - 2014-10-25 09:04 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-25 00:38 - 2014-10-25 00:38 - 00000000 ___HD () C:\$AVG
2014-10-25 00:34 - 2014-10-25 00:34 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-10-25 00:28 - 2014-11-02 10:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-25 00:28 - 2014-10-25 00:44 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg2015
2014-10-25 00:28 - 2014-10-25 00:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\MFAData
2014-10-24 20:48 - 2014-11-02 10:32 - 00000000 ____D () C:\Users\Owner\Ginny's Personal Use
2014-10-24 20:38 - 2014-10-31 04:41 - 00000000 ____D () C:\Users\Owner\My Busin..NotToShare
2014-10-24 20:36 - 2014-10-28 06:32 - 00000000 ____D () C:\Users\Owner\My Busin.. Mine
2014-10-24 13:50 - 2014-10-28 13:56 - 00000000 ____D () C:\Users\Owner\Downloads\Personal
2014-10-24 13:19 - 2014-10-28 14:41 - 00000000 ____D () C:\Users\Owner\EZEBOOKS
2014-10-23 14:56 - 2014-10-23 14:56 - 00000000 ___RD () C:\Users\Owner\Creative Cloud Files
2014-10-23 14:54 - 2014-10-23 14:54 - 00001280 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-10-23 14:54 - 2014-10-23 14:54 - 00001268 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-10-23 14:53 - 2014-10-23 14:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-23 14:49 - 2014-10-23 14:49 - 00672432 _____ (Adobe Systems Incorporated) C:\Users\Owner\Downloads\CreativeCloudSet-Up.exe
2014-10-23 01:02 - 2014-10-23 08:12 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-23 01:02 - 2014-10-23 08:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-10-22 23:49 - 2014-10-22 23:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-10-22 23:49 - 2014-10-22 23:49 - 00000000 ____D () C:\windows\SysWOW64\BestPractices
2014-10-22 23:49 - 2014-10-22 23:49 - 00000000 ____D () C:\windows\system32\msmq
2014-10-22 23:49 - 2014-10-22 23:49 - 00000000 ____D () C:\windows\system32\BestPractices
2014-10-22 23:49 - 2014-10-22 23:49 - 00000000 ____D () C:\inetpub
2014-10-22 12:43 - 2014-10-22 12:44 - 00000000 ____D () C:\Program Files\StartupWP
2014-10-21 04:05 - 2014-10-21 04:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\eBookPro6
2014-10-21 01:12 - 2014-10-29 12:59 - 00000000 ____D () C:\Users\Owner\My Busin..Graphics
2014-10-20 20:20 - 2014-10-20 20:23 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-20 20:19 - 2014-10-23 15:11 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-10-20 20:19 - 2014-10-23 15:11 - 00002181 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-10-20 20:19 - 2014-10-23 15:11 - 00002111 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2014-10-20 20:19 - 2014-10-23 15:11 - 00002020 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-10-20 20:19 - 2014-10-23 15:11 - 00001997 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2014-10-20 19:44 - 2014-10-20 19:44 - 04579176 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_free_stb_all_2015_5315_cnet.exe
2014-10-19 16:24 - 2014-10-21 05:20 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Software Informer
2014-10-18 11:09 - 2014-10-18 11:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe_Systems_Incorporate
2014-10-18 10:54 - 2014-10-20 15:42 - 00000000 ____D () C:\Program Files (x86)\PDF Reader 3
2014-10-18 10:54 - 2014-10-18 10:54 - 00075776 _____ () C:\windows\cadkasdeinst01e.exe
2014-10-18 05:13 - 2014-10-21 04:24 - 00422728 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-16 13:19 - 2014-10-16 13:19 - 00002069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-10-16 13:19 - 2014-10-16 13:19 - 00002057 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-10-16 13:19 - 2014-10-16 13:19 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Thunderbird
2014-10-16 13:19 - 2014-10-16 13:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\Thunderbird
2014-10-16 13:19 - 2014-10-16 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-10-16 12:09 - 2014-09-29 14:49 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-16 12:09 - 2014-09-29 14:49 - 00104904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-15 14:56 - 2014-07-11 20:41 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2014-10-15 14:56 - 2014-07-11 20:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-10-15 14:56 - 2014-07-11 20:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-10-15 14:56 - 2014-07-11 20:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-10-15 14:56 - 2014-07-11 20:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-10-15 14:56 - 2014-07-11 20:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-10-15 14:56 - 2014-07-11 20:16 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2014-10-15 14:56 - 2014-07-11 20:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-10-15 14:56 - 2014-07-11 20:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-10-15 14:56 - 2014-07-11 20:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-10-15 14:56 - 2014-07-11 20:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-10-15 14:56 - 2014-07-11 20:15 - 00006144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-10-15 14:56 - 2014-07-11 16:02 - 00478352 _____ () C:\windows\SysWOW64\locale.nls
2014-10-15 14:56 - 2014-07-11 16:00 - 00478352 _____ () C:\windows\system32\locale.nls
2014-10-15 14:56 - 2014-07-08 14:33 - 00181248 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2014-10-15 14:56 - 2014-07-08 14:32 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2014-10-15 14:56 - 2014-07-08 14:32 - 00340480 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2014-10-15 14:56 - 2014-07-08 14:30 - 01220608 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2014-10-15 14:56 - 2014-07-06 21:52 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2014-10-15 14:56 - 2014-07-06 21:52 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-10-15 14:56 - 2014-07-04 02:52 - 00328000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-10-15 14:56 - 2014-07-02 17:59 - 01824784 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-10-15 14:56 - 2014-07-02 16:30 - 01408952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-10-15 14:56 - 2014-06-27 23:01 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2014-10-15 14:56 - 2014-06-27 22:57 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-10-15 14:56 - 2014-06-27 22:56 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2014-10-15 14:56 - 2014-06-24 23:09 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-10-15 14:56 - 2014-06-24 23:07 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-10-15 14:56 - 2014-06-17 15:27 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-10-15 14:56 - 2014-06-17 15:23 - 02238464 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-10-15 14:56 - 2014-06-11 06:47 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-10-15 14:56 - 2014-06-10 20:40 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-10-15 14:56 - 2014-06-10 14:44 - 01403896 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-10-15 14:56 - 2014-05-29 15:31 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-10-15 14:56 - 2014-05-29 15:03 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-10-15 14:56 - 2014-02-04 02:57 - 01271664 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-10-15 14:55 - 2014-09-12 21:29 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 14:55 - 2014-09-12 20:02 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-15 14:54 - 2014-09-27 20:18 - 04068352 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 14:54 - 2014-07-06 21:53 - 01125376 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-15 14:54 - 2014-07-06 21:52 - 03248128 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-15 14:54 - 2014-07-06 21:52 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 14:54 - 2014-07-06 21:52 - 00300544 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 14:54 - 2014-07-06 21:51 - 05982208 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 14:54 - 2014-07-06 20:01 - 01049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-15 14:54 - 2014-07-06 20:01 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 14:54 - 2014-07-06 20:00 - 05095424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 14:54 - 2014-07-06 19:59 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-15 14:52 - 2014-09-19 21:17 - 02236928 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 14:52 - 2014-09-19 21:17 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 14:52 - 2014-09-19 21:16 - 19280896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 14:52 - 2014-09-19 21:16 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 14:52 - 2014-09-19 21:16 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 14:52 - 2014-09-19 21:16 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 14:52 - 2014-09-19 19:57 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 14:52 - 2014-09-19 19:57 - 13757952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 14:52 - 2014-09-19 19:57 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 14:52 - 2014-09-19 19:57 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 14:52 - 2014-09-19 19:57 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 14:51 - 2014-09-19 21:18 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 14:51 - 2014-09-19 21:17 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-10-15 14:51 - 2014-09-19 21:17 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 14:51 - 2014-09-19 21:15 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 14:51 - 2014-09-19 21:15 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 14:51 - 2014-09-19 21:15 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 14:51 - 2014-09-19 19:56 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 14:51 - 2014-09-19 19:56 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 14:51 - 2014-09-19 19:56 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 14:51 - 2014-09-19 19:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 14:51 - 2014-09-19 19:33 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 14:51 - 2014-09-19 17:06 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-10-15 14:51 - 2014-09-02 18:48 - 00510464 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 14:51 - 2014-09-02 18:21 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 14:51 - 2014-08-01 14:08 - 00388729 _____ () C:\windows\system32\ApnDatabase.xml
2014-10-15 14:51 - 2014-07-24 05:50 - 00447296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-10-15 14:51 - 2014-07-16 15:28 - 00027648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2014-10-15 14:51 - 2014-07-16 14:59 - 00305664 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2014-10-15 14:51 - 2014-07-16 14:59 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2014-10-15 14:51 - 2014-07-11 22:45 - 01549824 _____ (Microsoft Corporation) C:\windows\system32\msdtctm.dll
2014-10-15 14:51 - 2014-07-11 20:36 - 00674304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-10-15 14:51 - 2014-07-11 20:36 - 00211456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-10-15 14:51 - 2014-07-11 20:34 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-10-15 14:51 - 2014-07-11 20:34 - 00250368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-10-15 14:51 - 2014-06-27 22:57 - 01341952 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-10-15 14:51 - 2014-06-27 18:23 - 01126400 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-10-15 14:50 - 2014-09-17 15:24 - 02416128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 14:50 - 2014-09-17 14:56 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 14:50 - 2014-08-29 21:48 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-10-15 14:50 - 2014-08-29 21:46 - 02306560 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-10-15 14:50 - 2014-08-29 20:05 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-10-15 14:50 - 2014-08-29 20:03 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-10-15 14:50 - 2014-06-12 15:34 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-10-15 14:50 - 2014-06-12 15:29 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-10-15 13:07 - 2014-10-18 05:58 - 00000000 ____D () C:\Users\Owner\Documents\AMAZON Store
2014-10-15 13:04 - 2014-10-16 17:00 - 00000000 ____D () C:\Users\Owner\Documents\From Weebly
2014-10-15 12:52 - 2014-10-16 18:01 - 00000000 ____D () C:\Users\Owner\Documents\RECEIPE'S
2014-10-15 12:52 - 2014-10-15 12:52 - 00000000 ____D () C:\Users\Owner\Documents\ORNAMENTS
2014-10-15 12:49 - 2014-10-21 05:55 - 00000000 ____D () C:\Users\Owner\Documents\2007 Files
2014-10-15 02:54 - 2014-10-15 02:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-12 22:46 - 2014-10-12 22:46 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Brother
2014-10-12 22:41 - 2014-10-12 22:41 - 00002026 _____ () C:\Users\Public\Desktop\Brother Utilities.lnk
2014-10-12 22:41 - 2014-10-12 22:41 - 00000419 _____ () C:\windows\BRWMARK.INI
2014-10-12 22:41 - 2014-10-12 22:41 - 00000257 _____ () C:\windows\Brpfx04a.ini
2014-10-12 22:41 - 2014-10-12 22:41 - 00000094 _____ () C:\windows\brpcfx.ini
2014-10-12 22:41 - 2014-10-12 22:41 - 00000027 _____ () C:\windows\BRPP2KA.INI
2014-10-12 22:41 - 2014-10-12 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-10-12 22:40 - 2014-10-12 22:40 - 00000066 _____ () C:\windows\Brfaxrx.ini
2014-10-12 22:40 - 2014-10-12 22:40 - 00000050 _____ () C:\windows\system32\bridf09d.dat
2014-10-12 22:40 - 2014-10-12 22:40 - 00000000 ____D () C:\Users\Public\Documents\BrFaxRx
2014-10-12 22:40 - 2012-07-05 19:32 - 00084480 ____N (Brother Industries, Ltd.) C:\windows\system32\BrNetSti.dll
2014-10-12 22:40 - 2009-07-21 14:32 - 01560064 _____ (Brother Industries, Ltd.) C:\windows\system32\BrWia09b.dll
2014-10-12 22:40 - 2009-02-24 11:52 - 00058368 ____N (Brother Industries,Ltd.) C:\windows\system32\BrWiaNCp.dll
2014-10-12 22:40 - 2009-02-24 11:52 - 00047616 ____N (Brother Industries,Ltd) C:\windows\system32\Brnsplg.dll
2014-10-12 22:40 - 2009-01-15 18:20 - 00003072 ____N (Brother Industries Ltd.) C:\windows\SysWOW64\BrDctF2S.dll
2014-10-12 22:40 - 2008-10-17 19:04 - 00179712 ____N (Brother Industries, Ltd.) C:\windows\system32\BrfxDA5b.dll
2014-10-12 22:40 - 2008-08-23 18:17 - 00118784 ____N (Brother Industries,LTD.) C:\windows\SysWOW64\BrMfNt.dll
2014-10-12 22:40 - 2008-06-17 14:35 - 00207872 ____N (brother) C:\windows\system32\NSSRH64.dll
2014-10-12 22:40 - 2007-12-13 21:16 - 00073728 ____N (Brother Industries Ltd.) C:\windows\SysWOW64\BrDctF2.dll
2014-10-12 22:40 - 2007-12-13 21:16 - 00005120 ____N (Brother Industries Ltd.) C:\windows\SysWOW64\BrDctF2L.dll
2014-10-12 22:40 - 2006-12-28 12:39 - 00176128 ____N (Brother Industries, Ltd.) C:\windows\SysWOW64\BroSNMP.dll
2014-10-12 22:40 - 2006-07-07 11:40 - 00073728 ____N (Brother Industories Ltd. P&S Company) C:\windows\SysWOW64\BRCrypt.dll
2014-10-12 22:40 - 2005-04-22 12:36 - 00143360 ____N () C:\windows\system32\BrSNMP64.dll
2014-10-12 22:40 - 2003-11-28 17:57 - 00000000 _____ () C:\windows\brdfxspd.dat
2014-10-12 22:40 - 2002-11-26 12:43 - 00106496 ____N () C:\windows\SysWOW64\BrMuSNMP.dll
2014-10-12 22:39 - 2014-10-12 22:40 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-10-12 22:39 - 2008-06-17 14:33 - 00167936 ____N (brother) C:\windows\SysWOW64\NSSearch.dll
2014-10-12 22:38 - 2014-10-12 22:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\InstallShield
2014-10-12 22:38 - 2014-10-12 22:38 - 00000000 ____D () C:\ProgramData\Brother
2014-10-12 22:37 - 2014-10-12 22:37 - 00000000 ____D () C:\Users\Owner\Downloads\mflpro
2014-10-11 18:24 - 2014-10-11 18:24 - 00153214 _____ () C:\Users\Owner\My Account.htm
2014-10-11 18:24 - 2014-10-11 18:24 - 00000000 ____D () C:\Users\Owner\My Account_files
2014-10-11 10:35 - 2014-10-26 23:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-10-11 10:35 - 2014-10-11 11:09 - 00000000 ____D () C:\ProgramData\Skype
2014-10-11 10:35 - 2014-10-11 10:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\Skype
2014-10-11 10:13 - 2014-10-11 10:13 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\0D1F2W1G1I1F1T1QyE2W1L1G1Q1F2W1B
2014-10-10 12:02 - 2014-10-30 22:34 - 00000000 ____D () C:\Users\Owner\Ginny SFI Related
2014-10-10 11:46 - 2014-10-12 21:56 - 00000000 ____D () C:\Users\Owner\EXCEL
2014-10-09 11:25 - 2013-10-15 15:03 - 00111488 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\THAccel.sys
2014-10-07 20:43 - 2014-10-07 20:43 - 00262424 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-10-05 20:41 - 2014-10-05 20:41 - 00124184 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2014-10-05 12:41 - 2014-10-05 12:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-10-05 12:41 - 2014-10-05 12:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-10-04 20:20 - 2014-10-09 10:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Communicator
2014-10-04 20:16 - 2014-10-04 20:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Small Business
2014-10-04 20:15 - 2014-10-04 20:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Chart Controls
2014-10-04 20:13 - 2014-10-04 20:13 - 00955306 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-10-04 20:13 - 2009-03-30 20:55 - 00079896 _____ (Microsoft Corporation) C:\windows\SysWOW64\perf-MSSQL$MSSMLBIZ-sqlctr10.1.2531.0.dll
2014-10-04 20:13 - 2009-03-30 20:55 - 00050200 _____ (Microsoft Corporation) C:\windows\SysWOW64\perf-SQLAgent$MSSMLBIZ-sqlagtctr10.1.2531.0.dll
2014-10-04 20:11 - 2014-10-04 20:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-10-04 20:10 - 2014-10-04 20:12 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-10-04 20:10 - 2014-10-04 20:10 - 00000000 ____D () C:\windows\SysWOW64\1033
2014-10-04 20:10 - 2014-10-04 20:10 - 00000000 ____D () C:\windows\system32\1033
2014-10-04 20:08 - 2014-10-04 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-10-04 20:01 - 2014-10-04 20:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-10-04 19:55 - 2014-10-04 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-10-04 19:55 - 2014-10-04 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-04 19:53 - 2014-10-04 19:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-10-04 19:52 - 2014-10-04 19:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-10-04 19:50 - 2014-10-04 19:50 - 00000000 ____D () C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-10-04 19:48 - 2014-10-04 19:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-10-04 19:47 - 2014-10-04 19:47 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-10-04 19:47 - 2014-10-04 19:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-10-04 19:46 - 2014-10-04 19:46 - 00000000 __RHD () C:\MSOCache
2014-10-04 19:40 - 2014-10-26 23:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
2014-10-04 19:40 - 2014-10-15 17:54 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 10:23 - 2013-07-03 20:03 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3700134658-662236065-3368852867-1001
2014-11-02 10:18 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\sru
2014-11-02 07:49 - 2012-07-25 23:28 - 00976010 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-02 07:36 - 2013-07-05 12:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-01 15:54 - 2012-07-25 21:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-30 23:02 - 2013-07-12 19:36 - 00000000 ____D () C:\Users\Owner\Documents\Manuels
2014-10-29 13:35 - 2012-07-25 23:59 - 00000000 ____D () C:\windows\CbsTemp
2014-10-29 13:34 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\WinStore
2014-10-29 12:59 - 2013-07-03 19:38 - 00000000 ____D () C:\Users\Owner
2014-10-29 12:10 - 2013-07-12 11:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-10-28 11:45 - 2014-09-24 07:57 - 00000000 ___HD () C:\$Windows.~BT
2014-10-28 08:20 - 2013-07-03 19:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-10-26 22:53 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\registration
2014-10-26 22:26 - 2013-12-13 00:38 - 00000000 ____D () C:\Users\Owner\Documents\Wondershare DVD Creator
2014-10-26 22:24 - 2012-07-25 23:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-26 18:48 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\rescache
2014-10-26 16:35 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\ias
2014-10-26 16:31 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\NDF
2014-10-25 04:07 - 2013-07-29 05:32 - 00000000 ____D () C:\ProgramData\Trymedia
2014-10-25 04:07 - 2013-07-29 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
2014-10-25 04:06 - 2012-11-14 21:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-25 03:52 - 2013-07-26 16:27 - 00000000 ____D () C:\ProgramData\Big Fish
2014-10-25 03:52 - 2013-07-11 04:40 - 00000000 ____D () C:\BigFishCache
2014-10-25 01:16 - 2014-01-31 06:36 - 00000000 ____D () C:\temp
2014-10-25 00:39 - 2012-07-26 00:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-10-25 00:35 - 2012-07-25 21:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-10-24 22:11 - 2014-01-30 16:19 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-24 22:11 - 2014-01-30 16:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-24 12:04 - 2014-09-04 00:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-10-23 15:09 - 2012-11-14 21:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-23 14:55 - 2013-07-03 19:57 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2014-10-23 14:51 - 2014-01-31 05:14 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-23 08:08 - 2013-07-03 19:38 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-10-23 08:08 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-10-22 23:49 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\SysWOW64\inetsrv
2014-10-22 23:49 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\inetsrv
2014-10-21 05:13 - 2013-07-12 19:35 - 00000000 ____D () C:\Users\Owner\Documents\Download
2014-10-21 04:21 - 2012-11-14 21:30 - 00000000 ____D () C:\Program Files (x86)\Toshiba
2014-10-21 04:21 - 2012-11-14 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2014-10-18 06:00 - 2013-07-12 19:31 - 00000000 ____D () C:\Users\Owner\Documents\ForKids
2014-10-18 05:13 - 2013-07-05 10:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-16 13:00 - 2013-08-23 07:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2014-10-16 12:05 - 2012-07-26 00:12 - 00000000 ___RD () C:\windows\ToastData
2014-10-16 12:05 - 2012-07-26 00:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-15 17:46 - 2013-07-16 19:21 - 00000000 ____D () C:\windows\system32\MRT
2014-10-15 17:33 - 2013-07-05 02:10 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-15 13:34 - 2013-07-12 19:33 - 00000000 ____D () C:\Users\Owner\Documents\COMPUTER STUFF
2014-10-15 12:58 - 2014-05-23 21:58 - 00000000 ____D () C:\Users\Owner\Documents\HEALTH
2014-10-12 22:39 - 2012-11-14 21:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-11 11:15 - 2014-01-30 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-10 12:49 - 2014-01-31 06:48 - 00000000 ____D () C:\Users\Owner\Documents\Misc Stuff
2014-10-10 12:42 - 2013-07-12 19:34 - 00000000 ____D () C:\Users\Owner\Documents\FLOWER SEEDS
2014-10-10 12:40 - 2013-07-12 19:32 - 00000000 ____D () C:\Users\Owner\Documents\Bead Patterns
2014-10-10 12:25 - 2013-07-12 19:34 - 00000000 ____D () C:\Users\Owner\Documents\ERICA WEDDING
2014-10-10 12:23 - 2013-07-12 19:32 - 00000000 ____D () C:\Users\Owner\Documents\Bead Anything
2014-10-10 12:10 - 2013-07-12 19:36 - 00000000 ____D () C:\Users\Owner\Documents\PLANTS & FLOWERS
2014-10-10 12:04 - 2013-07-12 19:32 - 00000000 ____D () C:\Users\Owner\Documents\BeadWorkMagazine
2014-10-10 12:04 - 2013-07-12 19:32 - 00000000 ____D () C:\Users\Owner\Documents\Bead & Button Materials List
2014-10-09 11:26 - 2012-11-14 21:26 - 00000000 ____D () C:\Program Files\Toshiba
2014-10-09 11:10 - 2013-08-03 06:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameMill Entertainment
2014-10-09 11:10 - 2013-07-14 14:21 - 00000000 ____D () C:\Program Files (x86)\Viva Media
2014-10-09 11:06 - 2013-07-11 10:36 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-10-08 02:36 - 2012-11-14 21:55 - 00001068 _____ () C:\Users\Public\Desktop\Desktop Assist.lnk
2014-10-08 02:02 - 2014-01-31 06:38 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-10-07 19:48 - 2014-06-02 13:42 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-06 02:06 - 2012-07-25 21:26 - 00000218 _____ () C:\windows\win.ini
2014-10-04 19:54 - 2012-08-01 02:06 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-10-04 19:54 - 2012-07-25 23:52 - 00000000 ____D () C:\windows\ShellNew
2014-10-04 19:52 - 2012-11-14 22:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-04 19:52 - 2012-11-14 21:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-10-04 19:49 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\TUUUninstallHelper.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-01 15:50

==================== End Of Log ============================

 

 

 

Farbar Additional Scan:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014
Ran by Owner at 2014-11-02 10:35:01
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\ShockwaveFlash) (Version: 9 - Adobe Systems)
AMD Catalyst Install Manager (HKLM\...\{14718008-7D73-53AA-D0FF-88E805958D42}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5557 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5557 - AVG Technologies) Hidden
Brother MFL-Pro Suite MFC-5895CW (HKLM-x32\...\{184BF682-537C-4CAE-8789-6696508A4032}) (Version: 2.0.1.0 - Brother Industries, Ltd.)
Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{BA4DA261-CB60-4690-B202-44998DFC6986}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM-x32\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sql Server Customer Experience Improvement Program (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.2.0000 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0014 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.18.82 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
XFINITY Toolbar (HKLM-x32\...\xfin_portal) (Version: 4.2.0.1 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3700134658-662236065-3368852867-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3700134658-662236065-3368852867-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3700134658-662236065-3368852867-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3700134658-662236065-3368852867-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

21-10-2014 12:20:36 Removed Toshiba App Place
23-10-2014 07:47:59 Windows Modules Installer
25-10-2014 08:37:27 Installed AVG 2015
27-10-2014 04:37:28 avast! antivirus system restore point
31-10-2014 07:42:03 Removed AVG PC TuneUp 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 21:26 - 2012-07-25 21:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {166F64F2-2C2F-49B7-88FC-1E54EAF4FC4D} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install ping => C:\Windows\system32\AutoUpdate.exe [2014-10-21] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1B33AB44-B1F7-4CFB-8836-E441221482B9} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install v2 => C:\windows\system32\AutoUpdate.exe [2014-10-21] (Microsoft Corporation)
Task: {236FBA9C-B489-4427-B479-D6E7A4DFD443} - System32\Tasks\AVG_SYS_TASK_1014avt => C:\ProgramData\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe [2014-09-23] ()
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {28353CD7-70A5-4560-ABB9-0C836B5EA922} - System32\Tasks\AVG_SYS_TASK_1014avt_DELETE => C:\ProgramData\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe [2014-09-23] ()
Task: {36E0E6DB-264B-466A-94D1-0DFA65BEE838} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {456D508C-0EB5-41C0-A8DF-372C4DD59FEE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3700134658-662236065-3368852867-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {67C195B4-DC39-4746-A5BD-767152C5A340} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {6A225EC2-1C7C-41BC-9271-4AA051BD5CF5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-10-15] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A844E86C-893C-422D-B740-8D7D42ED8CEA} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
Task: {ABBDA447-6395-47ED-B990-903113DA7F1A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {ABDE5C53-E0C2-412B-BD1B-304AEE534076} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D0C319EC-3E02-415B-A92C-2925A1D80964} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
Task: {EB389FEB-84DB-42B3-ABBC-5D73665546B0} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3700134658-662236065-3368852867-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EE0665C5-1FC1-4F21-808D-BC80A7DCDA88} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AVG_SYS_TASK_1014avt.job => C:\ProgramData\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
Task: C:\windows\Tasks\AVG_SYS_TASK_1014avt_DELETE.job => C:\ProgramData\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe

==================== Loaded Modules (whitelisted) =============

2014-10-12 22:40 - 2005-04-22 12:36 - 00143360 ____N () C:\windows\system32\BrSNMP64.dll
2014-10-28 00:32 - 2014-09-23 06:00 - 02774040 _____ () C:\ProgramData\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
2014-09-26 13:41 - 2014-09-26 13:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-28 00:32 - 2014-09-23 06:00 - 02774040 _____ () C:\Users\Owner\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
AlternateDataStreams: C:\ProgramData\TEMP:0DACB2B7
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:43A31AEA
AlternateDataStreams: C:\ProgramData\TEMP:581B0446
AlternateDataStreams: C:\ProgramData\TEMP:60C897F3
AlternateDataStreams: C:\ProgramData\TEMP:640EA6E8
AlternateDataStreams: C:\ProgramData\TEMP:78ADFF54
AlternateDataStreams: C:\ProgramData\TEMP:7C412B92
AlternateDataStreams: C:\ProgramData\TEMP:86148D88
AlternateDataStreams: C:\ProgramData\TEMP:A3E39C6A

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ogmservice => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKCU\...\StartupApproved\StartupFolder: => "Microsoft SharePoint Workspace.lnk"
HKCU\...\StartupApproved\Run: => "OfficeSyncProcess"
HKCU\...\StartupApproved\Run: => "CCleaner Monitoring"
HKCU\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKCU\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267"

========================= Accounts: ==========================

Administrator (S-1-5-21-3700134658-662236065-3368852867-500 - Administrator - Disabled)
Guest (S-1-5-21-3700134658-662236065-3368852867-501 - Limited - Disabled)
Owner (S-1-5-21-3700134658-662236065-3368852867-1001 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2014 04:53:10 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: SQLAgent$MSSMLBIZ8

Error: (11/01/2014 04:53:09 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$MSSMLBIZ8

Error: (11/01/2014 04:52:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (10/31/2014 03:57:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (10/31/2014 03:51:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (10/31/2014 03:40:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (10/31/2014 03:36:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (10/31/2014 03:30:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (10/31/2014 03:22:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (10/31/2014 03:18:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (11/01/2014 04:53:10 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: SQLAgent$MSSMLBIZ8

Error: (11/01/2014 04:53:09 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$MSSMLBIZ8

Error: (11/01/2014 04:52:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (10/31/2014 03:57:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (10/31/2014 03:51:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (10/31/2014 03:40:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (10/31/2014 03:36:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (10/31/2014 03:30:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (10/31/2014 03:22:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (10/31/2014 03:18:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe


CodeIntegrity Errors:
===================================
Date: 2014-10-25 01:42:42.696
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-25 01:41:57.060
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 3678.25 MB
Available physical RAM: 2163.77 MB
Total Pagefile: 7245.15 MB
Available Pagefile: 2192.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (TI10657600C) (Fixed) (Total:454.59 GB) (Free:392.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Thank you very much for your help :)



#4 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:12 AM

Posted 02 November 2014 - 03:02 PM

Hello ginnyoneal,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 ginnyoneal

ginnyoneal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the woods
  • Local time:03:12 PM

Posted 02 November 2014 - 04:36 PM

Malwarebytes Anti-Rootkit scan was clean. No malware was detected.

 

This is the AdwCleaner Report:

# AdwCleaner v3.311 - Report created 02/11/2014 at 13:28:27
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Owner - GINNY
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Owner\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r3s96tj8.default-1400497565077\user.js
File Found : C:\windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\Mobogenie
Folder Found : C:\Program Files (x86)\xfin_portal
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Owner\AppData\Local\Conduit
Folder Found : C:\Users\Owner\AppData\Local\globalUpdate
Folder Found : C:\Users\Owner\AppData\LocalLow\xfin_portal
Folder Found : C:\Users\Owner\AppData\Roaming\iWin
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r3s96tj8.default-1400497565077\Extensions\staged\{fa95f577-07cb-4470-ac90-e843f5f83c52}
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\Extensions\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\xfin_portal
Folder Found : C:\Users\Owner\AppData\Roaming\pccustubinstaller
Folder Found : C:\Users\Owner\AppData\Roaming\Systweak
Folder Found : C:\Users\Owner\Favorites\StumbleUpon

***** [ Scheduled Tasks ] *****

Task Found : APSnotifierPP1

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\usyndication.com
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\usyndication.com
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17116

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.toshiba.com

-\\ Mozilla Firefox v33.0 (x86 en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r3s96tj8.default-1400497565077\prefs.js ]


[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\prefs.js ]

Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Found : user_pref("extensions.helperbar.Visibility", false);
Line Found : user_pref("extensions.helperbar.backPageCapacity", 3);
Line Found : user_pref("extensions.helperbar.backPageCounter", 0);
Line Found : user_pref("extensions.helperbar.backPageDay", 2);
Line Found : user_pref("extensions.helperbar.backPageLastEvent", "1401569760579");
Line Found : user_pref("extensions.helperbar.backPageMinInterval", 15);
Line Found : user_pref("extensions.helperbar.barcodeid", "131768");
Line Found : user_pref("extensions.helperbar.countryiso", "us");
Line Found : user_pref("extensions.helperbar.downloadprovider", "muvicambs");
Line Found : user_pref("extensions.helperbar.fromautoupdate", "false");
Line Found : user_pref("extensions.helperbar.installationid", "419b7a7d-9bee-13f9-d7d8-04777e7425dd");
Line Found : user_pref("extensions.helperbar.installdate", "02/06/2014");
Line Found : user_pref("extensions.helperbar.keepAliveLastevent", "1401742554");
Line Found : user_pref("extensions.helperbar.lastExternalJsUpdate", "1401742588331");
Line Found : user_pref("extensions.helperbar.publisher", "muvicambs");
Line Found : user_pref("extensions.quick_start.enable_search1", false);
Line Found : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "gamingwonderland@mindspark.com");

*************************

AdwCleaner[R0].txt - [9036 octets] - [02/11/2014 13:28:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9096 octets] ##########

 

Thank you again for your time & your help.



#6 ginnyoneal

ginnyoneal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the woods
  • Local time:03:12 PM

Posted 02 November 2014 - 05:02 PM

After looking at some of my logs, I realized that I did not disable AVG while I ran the scans..I am sorry, I know better. I can re-run them again without AVG running in the background if that would help? I am sorry for my mistake.



#7 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:12 AM

Posted 02 November 2014 - 05:06 PM

Hello ginnyoneal,

no problem with AVG running during the scans we did before.


Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 ginnyoneal

ginnyoneal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the woods
  • Local time:03:12 PM

Posted 03 November 2014 - 11:18 AM

Thank you again:

 

AdwareCleaner:

# AdwCleaner v3.311 - Report created 02/11/2014 at 13:28:27
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Owner - GINNY
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Owner\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r3s96tj8.default-1400497565077\user.js
File Found : C:\windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\Mobogenie
Folder Found : C:\Program Files (x86)\xfin_portal
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Owner\AppData\Local\Conduit
Folder Found : C:\Users\Owner\AppData\Local\globalUpdate
Folder Found : C:\Users\Owner\AppData\LocalLow\xfin_portal
Folder Found : C:\Users\Owner\AppData\Roaming\iWin
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r3s96tj8.default-1400497565077\Extensions\staged\{fa95f577-07cb-4470-ac90-e843f5f83c52}
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\Extensions\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\xfin_portal
Folder Found : C:\Users\Owner\AppData\Roaming\pccustubinstaller
Folder Found : C:\Users\Owner\AppData\Roaming\Systweak
Folder Found : C:\Users\Owner\Favorites\StumbleUpon

***** [ Scheduled Tasks ] *****

Task Found : APSnotifierPP1

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\usyndication.com
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\usyndication.com
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17116

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.toshiba.com

-\\ Mozilla Firefox v33.0 (x86 en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r3s96tj8.default-1400497565077\prefs.js ]


[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\prefs.js ]

Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Found : user_pref("extensions.helperbar.Visibility", false);
Line Found : user_pref("extensions.helperbar.backPageCapacity", 3);
Line Found : user_pref("extensions.helperbar.backPageCounter", 0);
Line Found : user_pref("extensions.helperbar.backPageDay", 2);
Line Found : user_pref("extensions.helperbar.backPageLastEvent", "1401569760579");
Line Found : user_pref("extensions.helperbar.backPageMinInterval", 15);
Line Found : user_pref("extensions.helperbar.barcodeid", "131768");
Line Found : user_pref("extensions.helperbar.countryiso", "us");
Line Found : user_pref("extensions.helperbar.downloadprovider", "muvicambs");
Line Found : user_pref("extensions.helperbar.fromautoupdate", "false");
Line Found : user_pref("extensions.helperbar.installationid", "419b7a7d-9bee-13f9-d7d8-04777e7425dd");
Line Found : user_pref("extensions.helperbar.installdate", "02/06/2014");
Line Found : user_pref("extensions.helperbar.keepAliveLastevent", "1401742554");
Line Found : user_pref("extensions.helperbar.lastExternalJsUpdate", "1401742588331");
Line Found : user_pref("extensions.helperbar.publisher", "muvicambs");
Line Found : user_pref("extensions.quick_start.enable_search1", false);
Line Found : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "gamingwonderland@mindspark.com");

*************************

AdwCleaner[R0].txt - [9036 octets] - [02/11/2014 13:28:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9096 octets] ##########

 

 

JunkwareRemoval:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 8 x64
Ran by Owner on Mon 11/03/2014 at 7:39:05.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\software informer"



~~~ FireFox

Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\sab514po.default-1394831128093\minidumps [78 files]



~~~ Event Viewer Logs were cleared



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/03/2014 at 7:48:31.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Farbar:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by Owner (administrator) on GINNY on 03-11-2014 07:51:40
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
() C:\ProgramData\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
() C:\Users\Owner\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3700134658-662236065-3368852867-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3700134658-662236065-3368852867-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-3700134658-662236065-3368852867-1001\...\Run: [AVG-Secure-Search-Update_1014avt] => C:\Users\Owner\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe [2774040 2014-09-23] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {A509A8E8-BF15-4C2B-8F72-0099C8FCFBCA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxp://google.com
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinitylcsearch.xml
FF Extension: ColorfulTabs - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-05-27]
FF Extension: Facebook Ads Block - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\Extensions\jid1-CGxMej0nDJTjwQ@jetpack.xpi [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-20]
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-10-16] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-25] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [50688 2012-07-25] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [45056 2012-07-25] (Microsoft Corporation)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214928 2013-10-17] (TOSHIBA CORPORATION)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [262424 2014-10-07] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-25] (Microsoft Corporation)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 07:51 - 2014-11-03 07:52 - 00016121 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-11-03 07:48 - 2014-11-03 07:48 - 00000985 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-11-03 07:39 - 2014-11-03 07:39 - 00000000 ____D () C:\windows\ERUNT
2014-11-03 07:35 - 2014-11-03 07:35 - 01706359 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-11-03 07:29 - 2014-11-03 07:29 - 00004146 _____ () C:\windows\PFRO.log
2014-11-02 13:31 - 2014-11-02 13:32 - 00009260 _____ () C:\Users\Owner\Desktop\AdwCleaner[R0].txt
2014-11-02 13:28 - 2014-11-03 07:34 - 00000000 ____D () C:\AdwCleaner
2014-11-02 13:04 - 2014-11-02 13:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-02 13:04 - 2014-11-02 13:04 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 13:03 - 2014-11-02 13:26 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-11-02 13:03 - 2014-11-02 13:03 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-02 12:55 - 2014-11-02 12:55 - 01375089 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-11-02 12:54 - 2014-11-02 12:54 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.07.0.1012.exe
2014-11-02 10:32 - 2014-11-03 07:51 - 00000000 ____D () C:\FRST
2014-11-01 16:21 - 2014-11-01 16:21 - 00854448 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-11-01 16:19 - 2014-11-01 16:20 - 02114048 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-10-31 18:50 - 2014-11-03 07:09 - 00131717 _____ () C:\windows\WindowsUpdate.log
2014-10-31 03:22 - 2014-10-31 03:22 - 00178079 _____ () C:\Users\Owner\Downloads\orderstorm-wordpress-e-commerce.0.6.2.1-2013.06.12.zip
2014-10-31 01:41 - 2014-10-31 01:41 - 00176766 _____ () C:\Users\Owner\Downloads\woothemes-updater.zip
2014-10-31 01:40 - 2014-10-31 01:40 - 00835777 _____ () C:\Users\Owner\Downloads\mystile.zip
2014-10-31 00:16 - 2014-10-31 00:16 - 00000000 ____D () C:\Program Files\AutoRun
2014-10-31 00:09 - 2014-10-31 00:09 - 00511633 _____ () C:\Users\Owner\Downloads\Autoruns.zip
2014-10-30 22:29 - 2014-10-30 22:33 - 00000000 ____D () C:\Users\Owner\Downloads\backups
2014-10-30 22:27 - 2014-10-30 23:01 - 00009853 _____ () C:\Users\Owner\Downloads\hijackthis.log
2014-10-30 22:26 - 2014-10-30 22:26 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis(1).exe
2014-10-29 13:34 - 2014-10-30 18:55 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
2014-10-28 15:00 - 2014-10-21 19:34 - 00010777 _____ () C:\windows\system32\AutoconfigV2.cab
2014-10-28 15:00 - 2014-10-21 19:33 - 00581016 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-10-28 15:00 - 2014-10-21 19:33 - 00462760 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-10-28 15:00 - 2014-10-21 17:08 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-10-28 15:00 - 2014-10-21 17:08 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 15:00 - 2014-10-21 17:01 - 00695808 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-10-28 15:00 - 2014-10-21 17:01 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-10-28 15:00 - 2014-10-21 17:01 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 15:00 - 2014-10-21 17:00 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2014-10-28 13:50 - 2014-10-28 13:54 - 00000000 ____D () C:\Users\Owner\New PLR
2014-10-28 06:48 - 2014-10-28 13:57 - 00000000 ____D () C:\Users\Owner\PLR Zipped
2014-10-28 05:03 - 2014-10-28 06:49 - 00000000 ____D () C:\Users\Owner\Software Opened
2014-10-28 05:03 - 2014-10-28 05:03 - 00000000 ____D () C:\Users\Owner\eBooks Opened
2014-10-28 04:51 - 2014-10-31 06:44 - 00000000 ____D () C:\Users\Owner\Ready to Send
2014-10-28 03:02 - 2014-10-28 03:04 - 00000000 ____D () C:\Users\Owner\My WooCommerce
2014-10-28 01:52 - 2014-10-28 01:52 - 00010752 ___SH () C:\Users\Owner\Thumbs.db
2014-10-28 00:32 - 2014-11-03 07:30 - 00000544 _____ () C:\windows\Tasks\AVG_SYS_TASK_1014avt.job
2014-10-28 00:32 - 2014-11-03 07:30 - 00000412 _____ () C:\windows\Tasks\AVG_SYS_TASK_1014avt_DELETE.job
2014-10-28 00:32 - 2014-10-31 00:56 - 00002820 _____ () C:\windows\System32\Tasks\AVG_SYS_TASK_1014avt
2014-10-28 00:32 - 2014-10-28 00:32 - 00002894 _____ () C:\windows\System32\Tasks\AVG_SYS_TASK_1014avt_DELETE
2014-10-28 00:32 - 2014-10-28 00:32 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Avg_Update_1014avt
2014-10-27 23:39 - 2014-10-27 23:40 - 00012800 ___SH () C:\Users\Owner\Downloads\Thumbs.db
2014-10-27 21:04 - 2014-10-31 05:30 - 00000000 ____D () C:\Users\Owner\My Busin.. Ebooks-Free
2014-10-27 21:04 - 2014-10-28 15:17 - 00000000 ____D () C:\Users\Owner\My Business Software
2014-10-27 21:03 - 2014-10-28 13:46 - 00000000 ____D () C:\Users\Owner\My Busin.. Ebooks-Sell
2014-10-27 20:58 - 2014-10-28 14:47 - 00000000 ____D () C:\Users\Owner\My WordPress_Plug-ins
2014-10-27 20:52 - 2014-10-31 05:30 - 00000000 ____D () C:\Users\Owner\My Busin.. Ebooks-Needs Editing
2014-10-27 20:52 - 2014-10-28 12:58 - 00000000 ____D () C:\Users\Owner\My WordPress Themes
2014-10-27 17:51 - 2014-10-27 17:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\OpenOffice
2014-10-27 17:50 - 2014-10-27 17:50 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-10-27 17:50 - 2014-10-27 17:50 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-10-27 17:49 - 2014-10-27 17:50 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-10-27 17:48 - 2014-10-27 17:48 - 00000000 ____D () C:\Program Files\OpenOffice
2014-10-27 17:41 - 2014-10-27 17:45 - 140852175 _____ () C:\Users\Owner\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-10-27 16:56 - 2014-10-27 16:56 - 00000000 ____D () C:\Users\Owner\StartupPro2.5.1Package
2014-10-27 00:04 - 2014-10-28 00:32 - 00000000 ____D () C:\ProgramData\Avg_Update_1014avt
2014-10-26 23:38 - 2014-10-26 23:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG
2014-10-26 23:38 - 2014-10-26 23:38 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg
2014-10-26 23:36 - 2014-10-26 23:39 - 00000000 ____D () C:\ProgramData\AVG
2014-10-26 23:34 - 2014-10-26 23:35 - 87520056 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_tuh_stf_all_2015_105_24c4.exe
2014-10-26 22:45 - 2014-10-26 23:10 - 00022863 _____ () C:\windows\diagwrn.xml
2014-10-26 22:45 - 2014-10-26 23:10 - 00022863 _____ () C:\windows\diagerr.xml
2014-10-26 22:19 - 2014-10-26 22:19 - 00000000 ____D () C:\windows\SysWOW64\vbox
2014-10-26 22:19 - 2014-10-26 22:19 - 00000000 ____D () C:\windows\system32\vbox
2014-10-26 20:37 - 2014-10-26 20:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-26 20:34 - 2014-10-26 20:34 - 05004328 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-10-26 15:51 - 2014-10-26 15:51 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-26 15:08 - 2014-10-26 15:08 - 19953976 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2014-10-25 06:01 - 2014-10-09 20:47 - 00693248 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-25 06:01 - 2014-10-09 20:47 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-25 06:01 - 2014-10-07 20:26 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-25 06:01 - 2014-06-30 14:42 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-10-25 06:01 - 2014-06-30 14:42 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-10-25 00:40 - 2014-10-25 00:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG2015
2014-10-25 00:39 - 2014-10-25 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-25 00:39 - 2014-10-25 00:39 - 00000936 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-25 00:39 - 2014-10-25 00:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TuneUp Software
2014-10-25 00:38 - 2014-10-26 23:38 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-25 00:38 - 2014-10-25 09:04 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-25 00:38 - 2014-10-25 00:38 - 00000000 ___HD () C:\$AVG
2014-10-25 00:34 - 2014-10-25 00:34 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-10-25 00:28 - 2014-11-03 07:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-25 00:28 - 2014-10-25 00:44 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg2015
2014-10-25 00:28 - 2014-10-25 00:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\MFAData
2014-10-24 20:48 - 2014-11-03 07:51 - 00000000 ____D () C:\Users\Owner\Ginny's Personal Use
2014-10-24 20:38 - 2014-10-31 04:41 - 00000000 ____D () C:\Users\Owner\My Busin..NotToShare
2014-10-24 20:36 - 2014-10-28 06:32 - 00000000 ____D () C:\Users\Owner\My Busin.. Mine
2014-10-24 13:50 - 2014-10-28 13:56 - 00000000 ____D () C:\Users\Owner\Downloads\Personal
2014-10-24 13:19 - 2014-10-28 14:41 - 00000000 ____D () C:\Users\Owner\EZEBOOKS
2014-10-23 14:56 - 2014-10-23 14:56 - 00000000 ___RD () C:\Users\Owner\Creative Cloud Files
2014-10-23 14:54 - 2014-10-23 14:54 - 00001280 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-10-23 14:54 - 2014-10-23 14:54 - 00001268 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-10-23 14:53 - 2014-10-23 14:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-23 14:49 - 2014-10-23 14:49 - 00672432 _____ (Adobe Systems Incorporated) C:\Users\Owner\Downloads\CreativeCloudSet-Up.exe
2014-10-23 01:02 - 2014-10-23 08:12 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-23 01:02 - 2014-10-23 08:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-10-22 23:49 - 2014-10-22 23:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-10-22 23:49 - 2014-10-22 23:49 - 00000000 ____D () C:\windows\SysWOW64\BestPractices
2014-10-22 23:49 - 2014-10-22 23:49 - 00000000 ____D () C:\windows\system32\msmq
2014-10-22 23:49 - 2014-10-22 23:49 - 00000000 ____D () C:\windows\system32\BestPractices
2014-10-22 23:49 - 2014-10-22 23:49 - 00000000 ____D () C:\inetpub
2014-10-22 12:43 - 2014-10-22 12:44 - 00000000 ____D () C:\Program Files\StartupWP
2014-10-21 04:05 - 2014-10-21 04:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\eBookPro6
2014-10-21 01:12 - 2014-10-29 12:59 - 00000000 ____D () C:\Users\Owner\My Busin..Graphics
2014-10-20 20:20 - 2014-10-20 20:23 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-20 20:19 - 2014-10-23 15:11 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-10-20 20:19 - 2014-10-23 15:11 - 00002181 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-10-20 20:19 - 2014-10-23 15:11 - 00002111 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2014-10-20 20:19 - 2014-10-23 15:11 - 00002020 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-10-20 20:19 - 2014-10-23 15:11 - 00001997 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2014-10-20 19:44 - 2014-10-20 19:44 - 04579176 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_free_stb_all_2015_5315_cnet.exe
2014-10-18 11:09 - 2014-10-18 11:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe_Systems_Incorporate
2014-10-18 10:54 - 2014-10-20 15:42 - 00000000 ____D () C:\Program Files (x86)\PDF Reader 3
2014-10-18 10:54 - 2014-10-18 10:54 - 00075776 _____ () C:\windows\cadkasdeinst01e.exe
2014-10-18 05:13 - 2014-11-03 07:29 - 00450264 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-16 13:19 - 2014-10-16 13:19 - 00002069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-10-16 13:19 - 2014-10-16 13:19 - 00002057 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-10-16 13:19 - 2014-10-16 13:19 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Thunderbird
2014-10-16 13:19 - 2014-10-16 13:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\Thunderbird
2014-10-16 13:19 - 2014-10-16 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-10-16 12:09 - 2014-09-29 14:49 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-16 12:09 - 2014-09-29 14:49 - 00104904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-15 14:56 - 2014-07-11 20:41 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2014-10-15 14:56 - 2014-07-11 20:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-10-15 14:56 - 2014-07-11 20:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-10-15 14:56 - 2014-07-11 20:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-10-15 14:56 - 2014-07-11 20:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-10-15 14:56 - 2014-07-11 20:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-10-15 14:56 - 2014-07-11 20:16 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2014-10-15 14:56 - 2014-07-11 20:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-10-15 14:56 - 2014-07-11 20:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-10-15 14:56 - 2014-07-11 20:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-10-15 14:56 - 2014-07-11 20:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-10-15 14:56 - 2014-07-11 20:15 - 00006144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-10-15 14:56 - 2014-07-11 16:02 - 00478352 _____ () C:\windows\SysWOW64\locale.nls
2014-10-15 14:56 - 2014-07-11 16:00 - 00478352 _____ () C:\windows\system32\locale.nls
2014-10-15 14:56 - 2014-07-08 14:33 - 00181248 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2014-10-15 14:56 - 2014-07-08 14:32 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2014-10-15 14:56 - 2014-07-08 14:32 - 00340480 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2014-10-15 14:56 - 2014-07-08 14:30 - 01220608 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2014-10-15 14:56 - 2014-07-06 21:52 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2014-10-15 14:56 - 2014-07-06 21:52 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-10-15 14:56 - 2014-07-04 02:52 - 00328000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-10-15 14:56 - 2014-07-02 17:59 - 01824784 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-10-15 14:56 - 2014-07-02 16:30 - 01408952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-10-15 14:56 - 2014-06-27 23:01 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2014-10-15 14:56 - 2014-06-27 22:57 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-10-15 14:56 - 2014-06-27 22:56 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2014-10-15 14:56 - 2014-06-24 23:09 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-10-15 14:56 - 2014-06-24 23:07 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-10-15 14:56 - 2014-06-17 15:27 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-10-15 14:56 - 2014-06-17 15:23 - 02238464 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-10-15 14:56 - 2014-06-11 06:47 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-10-15 14:56 - 2014-06-10 20:40 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-10-15 14:56 - 2014-06-10 14:44 - 01403896 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-10-15 14:56 - 2014-05-29 15:31 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-10-15 14:56 - 2014-05-29 15:03 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-10-15 14:56 - 2014-02-04 02:57 - 01271664 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-10-15 14:55 - 2014-09-12 21:29 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 14:55 - 2014-09-12 20:02 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-15 14:54 - 2014-09-27 20:18 - 04068352 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 14:54 - 2014-07-06 21:53 - 01125376 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-15 14:54 - 2014-07-06 21:52 - 03248128 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-15 14:54 - 2014-07-06 21:52 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 14:54 - 2014-07-06 21:52 - 00300544 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 14:54 - 2014-07-06 21:51 - 05982208 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 14:54 - 2014-07-06 20:01 - 01049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-15 14:54 - 2014-07-06 20:01 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 14:54 - 2014-07-06 20:00 - 05095424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 14:54 - 2014-07-06 19:59 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-15 14:52 - 2014-09-19 21:17 - 02236928 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 14:52 - 2014-09-19 21:17 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 14:52 - 2014-09-19 21:16 - 19280896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 14:52 - 2014-09-19 21:16 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 14:52 - 2014-09-19 21:16 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 14:52 - 2014-09-19 21:16 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 14:52 - 2014-09-19 19:57 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 14:52 - 2014-09-19 19:57 - 13757952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 14:52 - 2014-09-19 19:57 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 14:52 - 2014-09-19 19:57 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 14:52 - 2014-09-19 19:57 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 14:51 - 2014-09-19 21:18 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 14:51 - 2014-09-19 21:17 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-10-15 14:51 - 2014-09-19 21:17 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 14:51 - 2014-09-19 21:16 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 14:51 - 2014-09-19 21:15 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 14:51 - 2014-09-19 21:15 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 14:51 - 2014-09-19 21:15 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 14:51 - 2014-09-19 19:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 14:51 - 2014-09-19 19:56 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 14:51 - 2014-09-19 19:56 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 14:51 - 2014-09-19 19:56 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 14:51 - 2014-09-19 19:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 14:51 - 2014-09-19 19:33 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 14:51 - 2014-09-19 17:06 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-10-15 14:51 - 2014-09-02 18:48 - 00510464 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 14:51 - 2014-09-02 18:21 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 14:51 - 2014-08-01 14:08 - 00388729 _____ () C:\windows\system32\ApnDatabase.xml
2014-10-15 14:51 - 2014-07-24 05:50 - 00447296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-10-15 14:51 - 2014-07-16 15:28 - 00027648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2014-10-15 14:51 - 2014-07-16 14:59 - 00305664 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2014-10-15 14:51 - 2014-07-16 14:59 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2014-10-15 14:51 - 2014-07-11 22:45 - 01549824 _____ (Microsoft Corporation) C:\windows\system32\msdtctm.dll
2014-10-15 14:51 - 2014-07-11 20:36 - 00674304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-10-15 14:51 - 2014-07-11 20:36 - 00211456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-10-15 14:51 - 2014-07-11 20:34 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-10-15 14:51 - 2014-07-11 20:34 - 00250368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-10-15 14:51 - 2014-06-27 22:57 - 01341952 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-10-15 14:51 - 2014-06-27 18:23 - 01126400 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-10-15 14:50 - 2014-09-17 15:24 - 02416128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 14:50 - 2014-09-17 14:56 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 14:50 - 2014-08-29 21:48 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-10-15 14:50 - 2014-08-29 21:46 - 02306560 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-10-15 14:50 - 2014-08-29 20:05 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-10-15 14:50 - 2014-08-29 20:03 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-10-15 14:50 - 2014-06-12 15:34 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-10-15 14:50 - 2014-06-12 15:29 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-10-15 13:07 - 2014-10-18 05:58 - 00000000 ____D () C:\Users\Owner\Documents\AMAZON Store
2014-10-15 13:04 - 2014-10-16 17:00 - 00000000 ____D () C:\Users\Owner\Documents\From Weebly
2014-10-15 12:52 - 2014-10-16 18:01 - 00000000 ____D () C:\Users\Owner\Documents\RECEIPE'S
2014-10-15 12:52 - 2014-10-15 12:52 - 00000000 ____D () C:\Users\Owner\Documents\ORNAMENTS
2014-10-15 12:49 - 2014-10-21 05:55 - 00000000 ____D () C:\Users\Owner\Documents\2007 Files
2014-10-15 02:54 - 2014-10-15 02:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-12 22:46 - 2014-10-12 22:46 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Brother
2014-10-12 22:41 - 2014-10-12 22:41 - 00002026 _____ () C:\Users\Public\Desktop\Brother Utilities.lnk
2014-10-12 22:41 - 2014-10-12 22:41 - 00000419 _____ () C:\windows\BRWMARK.INI
2014-10-12 22:41 - 2014-10-12 22:41 - 00000257 _____ () C:\windows\Brpfx04a.ini
2014-10-12 22:41 - 2014-10-12 22:41 - 00000094 _____ () C:\windows\brpcfx.ini
2014-10-12 22:41 - 2014-10-12 22:41 - 00000027 _____ () C:\windows\BRPP2KA.INI
2014-10-12 22:41 - 2014-10-12 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-10-12 22:40 - 2014-10-12 22:40 - 00000066 _____ () C:\windows\Brfaxrx.ini
2014-10-12 22:40 - 2014-10-12 22:40 - 00000050 _____ () C:\windows\system32\bridf09d.dat
2014-10-12 22:40 - 2014-10-12 22:40 - 00000000 ____D () C:\Users\Public\Documents\BrFaxRx
2014-10-12 22:40 - 2012-07-05 19:32 - 00084480 ____N (Brother Industries, Ltd.) C:\windows\system32\BrNetSti.dll
2014-10-12 22:40 - 2009-07-21 14:32 - 01560064 _____ (Brother Industries, Ltd.) C:\windows\system32\BrWia09b.dll
2014-10-12 22:40 - 2009-02-24 11:52 - 00058368 ____N (Brother Industries,Ltd.) C:\windows\system32\BrWiaNCp.dll
2014-10-12 22:40 - 2009-02-24 11:52 - 00047616 ____N (Brother Industries,Ltd) C:\windows\system32\Brnsplg.dll
2014-10-12 22:40 - 2009-01-15 18:20 - 00003072 ____N (Brother Industries Ltd.) C:\windows\SysWOW64\BrDctF2S.dll
2014-10-12 22:40 - 2008-10-17 19:04 - 00179712 ____N (Brother Industries, Ltd.) C:\windows\system32\BrfxDA5b.dll
2014-10-12 22:40 - 2008-08-23 18:17 - 00118784 ____N (Brother Industries,LTD.) C:\windows\SysWOW64\BrMfNt.dll
2014-10-12 22:40 - 2008-06-17 14:35 - 00207872 ____N (brother) C:\windows\system32\NSSRH64.dll
2014-10-12 22:40 - 2007-12-13 21:16 - 00073728 ____N (Brother Industries Ltd.) C:\windows\SysWOW64\BrDctF2.dll
2014-10-12 22:40 - 2007-12-13 21:16 - 00005120 ____N (Brother Industries Ltd.) C:\windows\SysWOW64\BrDctF2L.dll
2014-10-12 22:40 - 2006-12-28 12:39 - 00176128 ____N (Brother Industries, Ltd.) C:\windows\SysWOW64\BroSNMP.dll
2014-10-12 22:40 - 2006-07-07 11:40 - 00073728 ____N (Brother Industories Ltd. P&S Company) C:\windows\SysWOW64\BRCrypt.dll
2014-10-12 22:40 - 2005-04-22 12:36 - 00143360 ____N () C:\windows\system32\BrSNMP64.dll
2014-10-12 22:40 - 2003-11-28 17:57 - 00000000 _____ () C:\windows\brdfxspd.dat
2014-10-12 22:40 - 2002-11-26 12:43 - 00106496 ____N () C:\windows\SysWOW64\BrMuSNMP.dll
2014-10-12 22:39 - 2014-10-12 22:40 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-10-12 22:39 - 2008-06-17 14:33 - 00167936 ____N (brother) C:\windows\SysWOW64\NSSearch.dll
2014-10-12 22:38 - 2014-10-12 22:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\InstallShield
2014-10-12 22:38 - 2014-10-12 22:38 - 00000000 ____D () C:\ProgramData\Brother
2014-10-12 22:37 - 2014-10-12 22:37 - 00000000 ____D () C:\Users\Owner\Downloads\mflpro
2014-10-11 18:24 - 2014-10-11 18:24 - 00153214 _____ () C:\Users\Owner\My Account.htm
2014-10-11 18:24 - 2014-10-11 18:24 - 00000000 ____D () C:\Users\Owner\My Account_files
2014-10-11 10:35 - 2014-10-26 23:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-10-11 10:35 - 2014-10-11 11:09 - 00000000 ____D () C:\ProgramData\Skype
2014-10-11 10:35 - 2014-10-11 10:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\Skype
2014-10-11 10:13 - 2014-10-11 10:13 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\0D1F2W1G1I1F1T1QyE2W1L1G1Q1F2W1B
2014-10-10 12:02 - 2014-10-30 22:34 - 00000000 ____D () C:\Users\Owner\Ginny SFI Related
2014-10-10 11:46 - 2014-10-12 21:56 - 00000000 ____D () C:\Users\Owner\EXCEL
2014-10-09 11:25 - 2013-10-15 15:03 - 00111488 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\THAccel.sys
2014-10-07 20:43 - 2014-10-07 20:43 - 00262424 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-10-05 20:41 - 2014-10-05 20:41 - 00124184 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2014-10-05 12:41 - 2014-10-05 12:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-10-05 12:41 - 2014-10-05 12:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-10-04 20:20 - 2014-10-09 10:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Communicator
2014-10-04 20:16 - 2014-10-04 20:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Small Business
2014-10-04 20:15 - 2014-10-04 20:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Chart Controls
2014-10-04 20:13 - 2014-10-04 20:13 - 00955306 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-10-04 20:13 - 2009-03-30 20:55 - 00079896 _____ (Microsoft Corporation) C:\windows\SysWOW64\perf-MSSQL$MSSMLBIZ-sqlctr10.1.2531.0.dll
2014-10-04 20:13 - 2009-03-30 20:55 - 00050200 _____ (Microsoft Corporation) C:\windows\SysWOW64\perf-SQLAgent$MSSMLBIZ-sqlagtctr10.1.2531.0.dll
2014-10-04 20:11 - 2014-10-04 20:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-10-04 20:10 - 2014-10-04 20:12 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-10-04 20:10 - 2014-10-04 20:10 - 00000000 ____D () C:\windows\SysWOW64\1033
2014-10-04 20:10 - 2014-10-04 20:10 - 00000000 ____D () C:\windows\system32\1033
2014-10-04 20:08 - 2014-10-04 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-10-04 20:01 - 2014-10-04 20:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-10-04 19:55 - 2014-10-04 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-10-04 19:55 - 2014-10-04 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-04 19:53 - 2014-10-04 19:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-10-04 19:52 - 2014-10-04 19:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-10-04 19:50 - 2014-10-04 19:50 - 00000000 ____D () C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-10-04 19:48 - 2014-10-04 19:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-10-04 19:47 - 2014-10-04 19:47 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-10-04 19:47 - 2014-10-04 19:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-10-04 19:46 - 2014-10-04 19:46 - 00000000 __RHD () C:\MSOCache
2014-10-04 19:40 - 2014-10-26 23:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
2014-10-04 19:40 - 2014-10-15 17:54 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 07:36 - 2013-07-05 12:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-03 07:35 - 2013-07-03 20:03 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3700134658-662236065-3368852867-1001
2014-11-03 07:35 - 2012-07-25 23:28 - 00976010 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-03 07:30 - 2012-07-25 23:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-03 07:00 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\sru
2014-11-01 15:54 - 2012-07-25 21:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-30 23:02 - 2013-07-12 19:36 - 00000000 ____D () C:\Users\Owner\Documents\Manuels
2014-10-29 13:35 - 2012-07-25 23:59 - 00000000 ____D () C:\windows\CbsTemp
2014-10-29 13:34 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\WinStore
2014-10-29 12:59 - 2013-07-03 19:38 - 00000000 ____D () C:\Users\Owner
2014-10-29 12:10 - 2013-07-12 11:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-10-28 11:45 - 2014-09-24 07:57 - 00000000 ___HD () C:\$Windows.~BT
2014-10-28 08:20 - 2013-07-03 19:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-10-26 22:53 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\registration
2014-10-26 22:26 - 2013-12-13 00:38 - 00000000 ____D () C:\Users\Owner\Documents\Wondershare DVD Creator
2014-10-26 18:48 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\rescache
2014-10-26 16:35 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\ias
2014-10-26 16:31 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\NDF
2014-10-25 04:07 - 2013-07-29 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
2014-10-25 04:06 - 2012-11-14 21:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-25 03:52 - 2013-07-26 16:27 - 00000000 ____D () C:\ProgramData\Big Fish
2014-10-25 03:52 - 2013-07-11 04:40 - 00000000 ____D () C:\BigFishCache
2014-10-25 01:16 - 2014-01-31 06:36 - 00000000 ____D () C:\temp
2014-10-25 00:39 - 2012-07-26 00:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-10-25 00:35 - 2012-07-25 21:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-10-24 22:11 - 2014-01-30 16:19 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-24 22:11 - 2014-01-30 16:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-24 12:04 - 2014-09-04 00:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-10-23 15:09 - 2012-11-14 21:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-23 14:55 - 2013-07-03 19:57 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2014-10-23 14:51 - 2014-01-31 05:14 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-23 08:08 - 2013-07-03 19:38 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-10-23 08:08 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-10-22 23:49 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\SysWOW64\inetsrv
2014-10-22 23:49 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\inetsrv
2014-10-21 05:13 - 2013-07-12 19:35 - 00000000 ____D () C:\Users\Owner\Documents\Download
2014-10-21 04:21 - 2012-11-14 21:30 - 00000000 ____D () C:\Program Files (x86)\Toshiba
2014-10-21 04:21 - 2012-11-14 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2014-10-18 06:00 - 2013-07-12 19:31 - 00000000 ____D () C:\Users\Owner\Documents\ForKids
2014-10-18 05:13 - 2013-07-05 10:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-16 13:00 - 2013-08-23 07:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2014-10-16 12:05 - 2012-07-26 00:12 - 00000000 ___RD () C:\windows\ToastData
2014-10-16 12:05 - 2012-07-26 00:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-15 17:46 - 2013-07-16 19:21 - 00000000 ____D () C:\windows\system32\MRT
2014-10-15 17:33 - 2013-07-05 02:10 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-15 13:34 - 2013-07-12 19:33 - 00000000 ____D () C:\Users\Owner\Documents\COMPUTER STUFF
2014-10-15 12:58 - 2014-05-23 21:58 - 00000000 ____D () C:\Users\Owner\Documents\HEALTH
2014-10-12 22:39 - 2012-11-14 21:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-11 11:15 - 2014-01-30 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-10 12:49 - 2014-01-31 06:48 - 00000000 ____D () C:\Users\Owner\Documents\Misc Stuff
2014-10-10 12:42 - 2013-07-12 19:34 - 00000000 ____D () C:\Users\Owner\Documents\FLOWER SEEDS
2014-10-10 12:40 - 2013-07-12 19:32 - 00000000 ____D () C:\Users\Owner\Documents\Bead Patterns
2014-10-10 12:25 - 2013-07-12 19:34 - 00000000 ____D () C:\Users\Owner\Documents\ERICA WEDDING
2014-10-10 12:23 - 2013-07-12 19:32 - 00000000 ____D () C:\Users\Owner\Documents\Bead Anything
2014-10-10 12:10 - 2013-07-12 19:36 - 00000000 ____D () C:\Users\Owner\Documents\PLANTS & FLOWERS
2014-10-10 12:04 - 2013-07-12 19:32 - 00000000 ____D () C:\Users\Owner\Documents\BeadWorkMagazine
2014-10-10 12:04 - 2013-07-12 19:32 - 00000000 ____D () C:\Users\Owner\Documents\Bead & Button Materials List
2014-10-09 11:26 - 2012-11-14 21:26 - 00000000 ____D () C:\Program Files\Toshiba
2014-10-09 11:10 - 2013-08-03 06:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameMill Entertainment
2014-10-09 11:10 - 2013-07-14 14:21 - 00000000 ____D () C:\Program Files (x86)\Viva Media
2014-10-09 11:06 - 2013-07-11 10:36 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-10-08 02:36 - 2012-11-14 21:55 - 00001068 _____ () C:\Users\Public\Desktop\Desktop Assist.lnk
2014-10-07 19:48 - 2014-06-02 13:42 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-06 02:06 - 2012-07-25 21:26 - 00000218 _____ () C:\windows\win.ini
2014-10-04 19:54 - 2012-08-01 02:06 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-10-04 19:54 - 2012-07-25 23:52 - 00000000 ____D () C:\windows\ShellNew
2014-10-04 19:52 - 2012-11-14 22:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-04 19:52 - 2012-11-14 21:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-10-04 19:49 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-01 15:50

==================== End Of Log ============================

Thank you very much. The computer seems to be running much better.

 

Having a problem attaching file. I will figure it out.

#9 ginnyoneal

ginnyoneal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the woods
  • Local time:03:12 PM

Posted 03 November 2014 - 11:21 AM

Here is the attached file you asked for. Thank you again for your help



#10 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:12 AM

Posted 03 November 2014 - 12:48 PM

Hello ginnyoneal,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
EmptyTemp:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 ginnyoneal

ginnyoneal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the woods
  • Local time:03:12 PM

Posted 05 November 2014 - 10:48 AM

Thank you. Sorry for the delay in my reply. I am in the middle of setting up a website & if I live through the process, I will consider doing so as one of the greatest accomplishments of my life.

 

Frst scan fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-11-2014
Ran by Owner at 2014-11-05 07:29:44 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
EmptyTemp:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
EmptyTemp: => Removed 760 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#12 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:12 AM

Posted 06 November 2014 - 04:23 AM

Thanks for the fixlog.

 

 

Now we need a fresh log as instructed: 

 

...

FRST / FSRT64: run it again.

  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***

 

 


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:12 AM

Posted 12 November 2014 - 11:52 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 ginnyoneal

ginnyoneal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the woods
  • Local time:03:12 PM

Posted 15 November 2014 - 09:43 AM

Sorry for the delay in my response.I missed the last message in my email.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Owner (administrator) on GINNY on 15-11-2014 06:35:23
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
() C:\ProgramData\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
() C:\Users\Owner\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3700134658-662236065-3368852867-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3700134658-662236065-3368852867-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-3700134658-662236065-3368852867-1001\...\Run: [AVG-Secure-Search-Update_1014avt] => C:\Users\Owner\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe [2774040 2014-09-23] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {A509A8E8-BF15-4C2B-8F72-0099C8FCFBCA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3700134658-662236065-3368852867-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://news.google.com/
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinitylcsearch.xml
FF Extension: ColorfulTabs - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-05-27]
FF Extension: Facebook Ads Block - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sab514po.default-1394831128093\Extensions\jid1-CGxMej0nDJTjwQ@jetpack.xpi [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-20]
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [50688 2012-07-25] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [45056 2012-07-25] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214928 2013-10-17] (TOSHIBA CORPORATION)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2589496 2014-10-17] (AVG Technologies)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-09-09] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 06:35 - 2014-11-15 06:36 - 00016372 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-11-15 06:35 - 2014-11-15 06:35 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-11-14 01:08 - 2014-11-14 01:08 - 00000000 ____D () C:\Users\Owner\Documents\Receipt
2014-11-14 00:24 - 2014-11-14 00:24 - 00002762 _____ () C:\windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-11-13 21:47 - 2014-11-13 21:47 - 00000000 ____D () C:\Users\Owner\.gimp-2.8
2014-11-13 21:45 - 2014-11-13 21:46 - 00000905 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-11-13 18:18 - 2014-11-13 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeoplePak2
2014-11-13 18:18 - 2014-11-13 18:18 - 00000000 ____D () C:\Program Files (x86)\PeoplePak2
2014-11-13 18:08 - 2014-11-13 18:08 - 00001185 _____ () C:\Users\Public\Desktop\The Logo Creator v6.8.lnk
2014-11-13 18:08 - 2014-11-13 18:08 - 00001185 _____ () C:\ProgramData\Desktop\The Logo Creator v6.8.lnk
2014-11-13 18:08 - 2014-11-13 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Logo Creator v6.8
2014-11-13 15:55 - 2014-11-13 15:55 - 00002089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\@Units_TuneUp_Utilities_2014.lnk
2014-11-13 15:55 - 2014-11-13 15:55 - 00002077 _____ () C:\Users\Public\Desktop\@Units_TuneUp_Utilities_2014.lnk
2014-11-13 15:55 - 2014-11-13 15:55 - 00002077 _____ () C:\ProgramData\Desktop\@Units_TuneUp_Utilities_2014.lnk
2014-11-13 15:55 - 2014-11-13 15:55 - 00002053 _____ () C:\Users\Public\Desktop\@OCM_TuneUp_1_Click.lnk
2014-11-13 15:55 - 2014-11-13 15:55 - 00002053 _____ () C:\ProgramData\Desktop\@OCM_TuneUp_1_Click.lnk
2014-11-13 15:55 - 2014-10-17 12:34 - 00040248 _____ (AVG Technologies) C:\windows\system32\TURegOpt.exe
2014-11-13 15:55 - 2014-10-17 12:34 - 00029496 _____ (AVG Technologies) C:\windows\system32\authuitu.dll
2014-11-13 15:55 - 2014-10-17 12:34 - 00025400 _____ (AVG Technologies) C:\windows\SysWOW64\authuitu.dll
2014-11-13 15:29 - 2014-11-13 15:31 - 00000000 ____D () C:\Program Files (x86)\MSECACHE
2014-11-13 14:46 - 2014-11-15 01:56 - 00465095 _____ () C:\windows\WindowsUpdate.log
2014-11-13 14:08 - 2014-11-13 14:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\com.laughingbirdsoftware.TLC6
2014-11-13 14:06 - 2014-11-13 18:08 - 00000000 ____D () C:\Program Files (x86)\The Logo Creator v6.8
2014-11-13 07:33 - 2014-11-13 07:33 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-11-13 07:33 - 2014-11-13 07:33 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-11-12 06:33 - 2014-11-12 06:33 - 00000000 ____D () C:\ProgramData\Avg_Update_1114avt
2014-11-12 00:23 - 2014-11-12 05:21 - 00000000 ____D () C:\Program Files (x86)\FastStone Image Viewer
2014-11-12 00:23 - 2014-11-12 00:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\FastStone
2014-11-12 00:16 - 2014-11-12 00:16 - 00005995 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2014-11-12 00:07 - 2014-11-13 21:45 - 00000000 ____D () C:\Program Files\GIMP 2
2014-11-11 23:43 - 2014-11-13 12:59 - 00000000 ____D () C:\Users\Owner\Tracing
2014-11-11 23:28 - 2014-11-11 23:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\PhotoScape
2014-11-10 09:50 - 2014-11-10 09:50 - 00000000 ____D () C:\Users\Public\Documents\Sothink
2014-11-10 07:49 - 2014-11-10 07:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 02:22 - 2014-11-10 02:22 - 00001317 _____ () C:\Users\Owner\Desktop\Graphics.lnk
2014-11-10 02:06 - 2014-11-14 03:28 - 00000000 ____D () C:\Users\Owner\Graphics
2014-11-09 22:03 - 2014-11-11 23:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\IrfanView
2014-11-09 21:56 - 2014-11-12 05:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\gtk-2.0
2014-11-09 21:50 - 2014-11-09 21:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\gegl-0.2
2014-11-09 19:27 - 2014-11-15 04:06 - 00000000 ____D () C:\Users\Owner\Documents\SassysCreativeDesigns
2014-11-08 08:54 - 2014-11-08 08:56 - 00000000 ____D () C:\Users\Owner\Documents\bigbuyxml_en_demo
2014-11-07 14:51 - 2014-11-14 03:27 - 00000000 ____D () C:\Users\Owner\My Busin..New Stuff
2014-11-07 12:39 - 2014-11-07 14:34 - 00000000 ____D () C:\windows\pss
2014-11-07 11:59 - 2014-11-07 12:25 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-11-05 15:09 - 2014-11-05 15:09 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2014-11-04 12:36 - 2014-11-04 12:36 - 00048925 _____ () C:\Users\Owner\CellPhones_20141104133544.csv
2014-11-04 12:36 - 2014-11-04 12:36 - 00048925 _____ () C:\Users\Owner\CellPhones_2.csv
2014-11-03 10:44 - 2014-11-03 10:44 - 00000000 ____D () C:\Users\Owner\Downloads\TCPView
2014-11-03 10:32 - 2014-11-03 10:32 - 00000000 ____D () C:\Rbackup
2014-11-03 10:30 - 2014-11-03 10:30 - 00000042 _____ () C:\windows\SysWOW64\AK083E209605E394C.lie
2014-11-03 08:43 - 2014-11-03 09:14 - 00000000 ____D () C:\Program Files\TCPView
2014-11-03 07:39 - 2014-11-03 07:39 - 00000000 ____D () C:\windows\ERUNT
2014-11-03 07:35 - 2014-11-03 07:35 - 01706359 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-11-02 13:28 - 2014-11-07 11:31 - 00000000 ____D () C:\AdwCleaner
2014-11-02 13:04 - 2014-11-07 12:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-02 13:04 - 2014-11-07 12:00 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 13:03 - 2014-11-07 11:59 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-02 13:03 - 2014-11-02 13:26 - 00000000 ____D () C:\Users\Owner\Downloads\mbar
2014-11-02 12:55 - 2014-11-02 12:55 - 01375089 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-11-02 12:54 - 2014-11-02 12:54 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.07.0.1012.exe
2014-11-02 10:32 - 2014-11-15 06:35 - 00000000 ____D () C:\FRST
2014-11-01 16:21 - 2014-11-01 16:21 - 00854448 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-11-01 16:19 - 2014-11-15 06:35 - 02116608 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-10-31 03:22 - 2014-10-31 03:22 - 00178079 _____ () C:\Users\Owner\Downloads\orderstorm-wordpress-e-commerce.0.6.2.1-2013.06.12.zip
2014-10-31 01:41 - 2014-10-31 01:41 - 00176766 _____ () C:\Users\Owner\Downloads\woothemes-updater.zip
2014-10-31 01:40 - 2014-11-13 18:39 - 00832070 _____ () C:\Users\Owner\Downloads\mystile.zip
2014-10-31 00:16 - 2014-10-31 00:16 - 00000000 ____D () C:\Program Files\AutoRun
2014-10-30 22:29 - 2014-10-30 22:33 - 00000000 ____D () C:\Users\Owner\Downloads\backups
2014-10-29 21:35 - 2014-10-29 21:35 - 00263960 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-10-29 13:34 - 2014-11-12 05:22 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
2014-10-28 15:00 - 2014-10-21 19:34 - 00010777 _____ () C:\windows\system32\AutoconfigV2.cab
2014-10-28 15:00 - 2014-10-21 19:33 - 00581016 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-10-28 15:00 - 2014-10-21 19:33 - 00462760 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-10-28 15:00 - 2014-10-21 17:08 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-10-28 15:00 - 2014-10-21 17:08 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 15:00 - 2014-10-21 17:01 - 00695808 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-10-28 15:00 - 2014-10-21 17:01 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-10-28 15:00 - 2014-10-21 17:01 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 15:00 - 2014-10-21 17:00 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2014-10-28 05:03 - 2014-11-12 04:18 - 00000000 ____D () C:\Users\Owner\eBooks Opened
2014-10-28 05:03 - 2014-10-28 06:49 - 00000000 ____D () C:\Users\Owner\Software Opened
2014-10-28 04:51 - 2014-11-11 13:19 - 00000000 ____D () C:\Users\Owner\Ready to Send
2014-10-28 03:02 - 2014-11-13 18:39 - 00000000 ____D () C:\Users\Owner\My WooCommerce
2014-10-28 01:52 - 2014-11-04 14:18 - 00010752 ___SH () C:\Users\Owner\Thumbs.db
2014-10-28 00:32 - 2014-11-13 21:13 - 00000544 _____ () C:\windows\Tasks\AVG_SYS_TASK_1014avt.job
2014-10-28 00:32 - 2014-11-13 21:13 - 00000412 _____ () C:\windows\Tasks\AVG_SYS_TASK_1014avt_DELETE.job
2014-10-28 00:32 - 2014-10-31 00:56 - 00002820 _____ () C:\windows\System32\Tasks\AVG_SYS_TASK_1014avt
2014-10-28 00:32 - 2014-10-28 00:32 - 00002894 _____ () C:\windows\System32\Tasks\AVG_SYS_TASK_1014avt_DELETE
2014-10-28 00:32 - 2014-10-28 00:32 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Avg_Update_1014avt
2014-10-27 23:39 - 2014-10-27 23:40 - 00012800 ___SH () C:\Users\Owner\Downloads\Thumbs.db
2014-10-27 21:04 - 2014-11-12 05:22 - 00000000 ____D () C:\Users\Owner\My Business Software
2014-10-27 21:04 - 2014-11-12 04:19 - 00000000 ____D () C:\Users\Owner\My Busin.. Ebooks-Free
2014-10-27 21:03 - 2014-11-13 19:58 - 00000000 ____D () C:\Users\Owner\My Busin.. Ebooks-Sell
2014-10-27 20:58 - 2014-11-10 01:21 - 00000000 ____D () C:\Users\Owner\My WordPress_Plug-ins
2014-10-27 20:52 - 2014-11-11 15:47 - 00000000 ____D () C:\Users\Owner\My Busin.. Ebooks-Needs Editing
2014-10-27 20:52 - 2014-10-28 12:58 - 00000000 ____D () C:\Users\Owner\My WordPress Themes
2014-10-27 17:51 - 2014-10-27 17:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\OpenOffice
2014-10-27 17:50 - 2014-10-27 17:50 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-10-27 17:50 - 2014-10-27 17:50 - 00001112 _____ () C:\ProgramData\Desktop\OpenOffice 4.1.1.lnk
2014-10-27 17:50 - 2014-10-27 17:50 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-10-27 17:49 - 2014-10-27 17:50 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-10-27 17:48 - 2014-10-27 17:48 - 00000000 ____D () C:\Program Files\OpenOffice
2014-10-27 17:41 - 2014-10-27 17:45 - 140852175 _____ () C:\Users\Owner\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-10-27 16:56 - 2014-10-27 16:56 - 00000000 ____D () C:\Users\Owner\StartupPro2.5.1Package
2014-10-27 00:04 - 2014-10-28 00:32 - 00000000 ____D () C:\ProgramData\Avg_Update_1014avt
2014-10-26 23:38 - 2014-10-26 23:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG
2014-10-26 23:38 - 2014-10-26 23:38 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg
2014-10-26 23:36 - 2014-10-26 23:39 - 00000000 ____D () C:\ProgramData\AVG
2014-10-26 23:34 - 2014-10-26 23:35 - 87520056 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_tuh_stf_all_2015_105_24c4.exe
2014-10-26 22:45 - 2014-10-26 23:10 - 00022863 _____ () C:\windows\diagwrn.xml
2014-10-26 22:45 - 2014-10-26 23:10 - 00022863 _____ () C:\windows\diagerr.xml
2014-10-26 22:19 - 2014-10-26 22:19 - 00000000 ____D () C:\windows\SysWOW64\vbox
2014-10-26 22:19 - 2014-10-26 22:19 - 00000000 ____D () C:\windows\system32\vbox
2014-10-26 20:37 - 2014-10-26 20:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-26 20:34 - 2014-10-26 20:34 - 05004328 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-10-26 15:51 - 2014-11-12 05:22 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-26 15:08 - 2014-10-26 15:08 - 19953976 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2014-10-25 06:01 - 2014-10-09 20:47 - 00693248 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-25 06:01 - 2014-10-09 20:47 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-25 06:01 - 2014-10-07 20:26 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-25 06:01 - 2014-06-30 14:42 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-10-25 06:01 - 2014-06-30 14:42 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-10-25 00:40 - 2014-10-25 00:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG2015
2014-10-25 00:39 - 2014-11-13 07:33 - 00000936 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-25 00:39 - 2014-11-13 07:33 - 00000936 _____ () C:\ProgramData\Desktop\AVG 2015.lnk
2014-10-25 00:39 - 2014-11-13 07:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-25 00:39 - 2014-10-25 00:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TuneUp Software
2014-10-25 00:38 - 2014-10-26 23:38 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-25 00:38 - 2014-10-25 09:04 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-25 00:38 - 2014-10-25 00:38 - 00000000 ___HD () C:\$AVG
2014-10-25 00:34 - 2014-10-25 00:34 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-10-25 00:28 - 2014-11-15 06:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-25 00:28 - 2014-10-25 00:44 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg2015
2014-10-25 00:28 - 2014-10-25 00:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\MFAData
2014-10-24 20:48 - 2014-11-15 06:16 - 00000000 ____D () C:\Users\Owner\Ginny's Personal Use
2014-10-24 20:38 - 2014-11-13 21:08 - 00000000 ____D () C:\Users\Owner\My Busin..NotToShare
2014-10-24 20:36 - 2014-11-09 22:10 - 00000000 ____D () C:\Users\Owner\My Busin.. Mine
2014-10-24 13:50 - 2014-10-28 13:56 - 00000000 ____D () C:\Users\Owner\Downloads\Personal
2014-10-23 14:56 - 2014-11-05 20:38 - 00000000 ___RD () C:\Users\Owner\Creative Cloud Files
2014-10-23 14:54 - 2014-10-23 14:54 - 00001280 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-10-23 14:54 - 2014-10-23 14:54 - 00001268 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-10-23 14:54 - 2014-10-23 14:54 - 00001268 _____ () C:\ProgramData\Desktop\Adobe Creative Cloud.lnk
2014-10-23 14:53 - 2014-10-23 14:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-23 14:49 - 2014-10-23 14:49 - 00672432 _____ (Adobe Systems Incorporated) C:\Users\Owner\Downloads\CreativeCloudSet-Up.exe
2014-10-23 01:02 - 2014-10-23 08:12 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-23 01:02 - 2014-10-23 08:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-10-22 23:49 - 2014-10-22 23:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-10-22 23:49 - 2014-10-22 23:49 - 00000000 ____D () C:\windows\SysWOW64\BestPractices
2014-10-22 23:49 - 2014-10-22 23:49 - 00000000 ____D () C:\windows\system32\BestPractices
2014-10-22 23:49 - 2014-10-22 23:49 - 00000000 ____D () C:\inetpub
2014-10-22 12:43 - 2014-10-22 12:44 - 00000000 ____D () C:\Program Files\StartupWP
2014-10-21 04:05 - 2014-10-21 04:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\eBookPro6
2014-10-21 01:12 - 2014-11-13 21:07 - 00000000 ____D () C:\Users\Owner\My Busin..Graphics
2014-10-20 20:20 - 2014-10-20 20:23 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-20 20:19 - 2014-10-23 15:11 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-10-20 20:19 - 2014-10-23 15:11 - 00002181 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-10-20 20:19 - 2014-10-23 15:11 - 00002111 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2014-10-20 20:19 - 2014-10-23 15:11 - 00002111 _____ () C:\ProgramData\Desktop\Adobe FormsCentral.lnk
2014-10-20 20:19 - 2014-10-23 15:11 - 00002020 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-10-20 20:19 - 2014-10-23 15:11 - 00001997 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2014-10-20 20:19 - 2014-10-23 15:11 - 00001997 _____ () C:\ProgramData\Desktop\Adobe Acrobat XI Pro.lnk
2014-10-20 19:44 - 2014-10-20 19:44 - 04579176 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_free_stb_all_2015_5315_cnet.exe
2014-10-18 11:09 - 2014-10-18 11:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe_Systems_Incorporate
2014-10-18 10:54 - 2014-10-20 15:42 - 00000000 ____D () C:\Program Files (x86)\PDF Reader 3
2014-10-18 10:54 - 2014-10-18 10:54 - 00075776 _____ () C:\windows\cadkasdeinst01e.exe
2014-10-18 05:13 - 2014-11-03 07:29 - 00450264 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-16 13:19 - 2014-10-16 13:19 - 00002069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-10-16 13:19 - 2014-10-16 13:19 - 00002057 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-10-16 13:19 - 2014-10-16 13:19 - 00002057 _____ () C:\ProgramData\Desktop\Mozilla Thunderbird.lnk
2014-10-16 13:19 - 2014-10-16 13:19 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Thunderbird
2014-10-16 13:19 - 2014-10-16 13:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\Thunderbird
2014-10-16 13:19 - 2014-10-16 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-10-16 12:09 - 2014-10-29 16:53 - 00713672 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-16 12:09 - 2014-10-29 16:53 - 00106432 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 06:36 - 2013-07-05 12:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 06:32 - 2013-07-12 19:31 - 00000000 ____D () C:\Users\Owner\Documents\ForKids
2014-11-15 05:00 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\sru
2014-11-15 04:42 - 2013-07-12 19:32 - 00000000 ____D () C:\Users\Owner\Documents\Bead & Button Materials List
2014-11-15 04:41 - 2013-07-12 19:34 - 00000000 ____D () C:\Users\Owner\Documents\FLOWER SEEDS
2014-11-15 03:41 - 2014-10-04 19:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-15 01:41 - 2012-07-25 23:28 - 00884342 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-14 04:10 - 2012-07-25 23:59 - 00000000 ____D () C:\windows\CbsTemp
2014-11-14 03:26 - 2013-07-03 19:38 - 00000000 ____D () C:\Users\Owner
2014-11-14 03:21 - 2013-08-23 07:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2014-11-13 18:09 - 2013-07-16 19:21 - 00000000 ____D () C:\windows\system32\MRT
2014-11-13 17:59 - 2013-07-05 02:10 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-13 17:52 - 2013-07-03 20:03 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3700134658-662236065-3368852867-1001
2014-11-13 15:13 - 2012-07-25 23:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-13 14:22 - 2013-07-12 19:35 - 00000000 ____D () C:\Users\Owner\Documents\Download
2014-11-13 12:44 - 2014-10-10 12:02 - 00000000 ____D () C:\Users\Owner\Ginny SFI Related
2014-11-13 10:37 - 2012-07-25 21:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-11-12 05:22 - 2012-11-14 21:58 - 00000000 ____D () C:\windows\en
2014-11-12 05:22 - 2012-11-14 21:57 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-11-12 05:22 - 2012-07-26 00:12 - 00000000 ___RD () C:\windows\ToastData
2014-11-12 05:22 - 2012-07-26 00:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 05:22 - 2012-07-26 00:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 05:22 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\setup
2014-11-12 05:22 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-12 05:21 - 2012-11-14 21:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-11-12 05:20 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\registration
2014-11-11 23:49 - 2013-07-12 11:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-11-11 11:36 - 2013-07-05 12:25 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 09:49 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-11-10 10:20 - 2013-07-05 10:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-09 18:38 - 2012-07-25 21:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-11-05 23:47 - 2013-04-25 15:36 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3700134658-662236065-3368852867-500
2014-11-05 15:10 - 2013-07-03 19:57 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2014-11-05 09:28 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\rescache
2014-11-05 07:35 - 2014-06-02 13:42 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-05 07:29 - 2012-07-26 00:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-11-03 12:56 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\NDF
2014-11-03 09:34 - 2014-10-04 20:10 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-11-03 09:34 - 2014-10-04 20:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-10-30 23:02 - 2013-07-12 19:36 - 00000000 ____D () C:\Users\Owner\Documents\Manuels
2014-10-29 13:34 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\WinStore
2014-10-28 08:20 - 2013-07-03 19:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-10-26 23:46 - 2014-10-11 10:35 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-10-26 23:46 - 2014-10-04 19:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
2014-10-26 22:26 - 2013-12-13 00:38 - 00000000 ____D () C:\Users\Owner\Documents\Wondershare DVD Creator
2014-10-26 16:35 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\ias
2014-10-25 04:07 - 2013-07-29 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
2014-10-25 04:06 - 2012-11-14 21:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-25 03:52 - 2013-07-26 16:27 - 00000000 ____D () C:\ProgramData\Big Fish
2014-10-25 03:52 - 2013-07-11 04:40 - 00000000 ____D () C:\BigFishCache
2014-10-25 01:16 - 2014-01-31 06:36 - 00000000 ____D () C:\temp
2014-10-25 00:39 - 2012-07-26 00:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-10-24 12:04 - 2014-09-04 00:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-10-23 15:09 - 2012-11-14 21:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-23 14:51 - 2014-01-31 05:14 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-23 08:08 - 2013-07-03 19:38 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-10-22 23:49 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\SysWOW64\inetsrv
2014-10-22 23:49 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\inetsrv
2014-10-21 05:55 - 2014-10-15 12:49 - 00000000 ____D () C:\Users\Owner\Documents\2007 Files
2014-10-21 04:21 - 2012-11-14 21:30 - 00000000 ____D () C:\Program Files (x86)\Toshiba
2014-10-21 04:21 - 2012-11-14 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2014-10-18 05:58 - 2014-10-15 13:07 - 00000000 ____D () C:\Users\Owner\Documents\AMAZON Store
2014-10-16 18:01 - 2014-10-15 12:52 - 00000000 ____D () C:\Users\Owner\Documents\RECEIPE'S
2014-10-16 12:05 - 2012-07-26 00:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Owner\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Owner\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Owner\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Owner\AppData\Local\Temp\TUUUninstallHelper.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-10 03:47

==================== End Of Log ============================



#15 ginnyoneal

ginnyoneal
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the woods
  • Local time:03:12 PM

Posted 15 November 2014 - 09:44 AM

Is it possible for me to uninstall the software I have used to clean up my computer? I do not like a cluttered desktop.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users