Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02 Ran by SHARON (administrator) on TOMMYTUCKER on 16-05-2015 16:15:43 Running from C:\Users\SHARON\Desktop Loaded Profiles: SHARON & tracy_000 (Available profiles: SHARON & tracy_000) Platform: Windows 8.1 (X64) OS Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () C:\Users\SHARON\AppData\Local\StormWatch\StormWatchApp.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (www.BitComet.com) C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com) C:\Program Files (x86)\BitComet\tools\BitCometService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] () HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\K-Lite Codec Pack\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3480854019-250065186-1690203289-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-3480854019-250065186-1690203289-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-3480854019-250065186-1690203289-1001\...\MountPoints2: {174740f4-56d0-11e3-bea6-2016d839e01b} - "D:\LaunchU3.exe" -a HKU\S-1-5-21-3480854019-250065186-1690203289-1003\...\MountPoints2: {174740f4-56d0-11e3-bea6-2016d839e01b} - "D:\LaunchU3.exe" -a HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries) AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-03-12] ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () Startup: C:\Users\SHARON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk [2014-11-25] ShortcutTarget: StormWatchApp.lnk -> C:\Users\SHARON\AppData\Local\StormWatch\StormWatchApp.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3480854019-250065186-1690203289-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/ HKU\S-1-5-21-3480854019-250065186-1690203289-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com HKU\S-1-5-21-3480854019-250065186-1690203289-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?babsrc=HP_ss&mntrId=66152016D83995BB&affID=119982&tsp=5038 HKU\S-1-5-21-3480854019-250065186-1690203289-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com HKU\S-1-5-21-3480854019-250065186-1690203289-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\S-1-5-21-3480854019-250065186-1690203289-1001 -> DefaultScope {6F5548DC-956A-4BE7-AF90-DAD9CF264BDB} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_14_48_ch&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByEtByD0F0C0EyBzzzyyBtN0D0Tzu0StCtDyDzytN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0EyCyE0E0D0DzytG0B0A0DtDtGyC0B0BtCtGyCyCzztAtGtDzzyBtCtCyEyE0FtB0EyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztByCyD0AyDtC0AtG0EyCyE0CtGyE0A0FtDtGzz0A0D0CtGyByEzy0ByE0B0E0CyC0E0C0C2Q&cr=1005845444&ir= SearchScopes: HKU\S-1-5-21-3480854019-250065186-1690203289-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKU\S-1-5-21-3480854019-250065186-1690203289-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKU\S-1-5-21-3480854019-250065186-1690203289-1001 -> {6F5548DC-956A-4BE7-AF90-DAD9CF264BDB} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_14_48_ch&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByEtByD0F0C0EyBzzzyyBtN0D0Tzu0StCtDyDzytN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0EyCyE0E0D0DzytG0B0A0DtDtGyC0B0BtCtGyCyCzztAtGtDzzyBtCtCyEyE0FtB0EyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztByCyD0AyDtC0AtG0EyCyE0CtGyE0A0FtDtGzz0A0D0CtGyByEzy0ByE0B0E0CyC0E0C0C2Q&cr=1005845444&ir= SearchScopes: HKU\S-1-5-21-3480854019-250065186-1690203289-1001 -> {756E3821-B2F6-4EFE-9B85-81F4BDBA19D4} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll No File Toolbar: HKU\S-1-5-21-3480854019-250065186-1690203289-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG) FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2061 -> C:\Program Files (x86)\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll [2004-11-25] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1059 -> C:\Program Files (x86)\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll [2004-11-25] (RealNetworks, Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR HKU\S-1-5-21-3480854019-250065186-1690203289-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\SHARON\AppData\Roaming\BabSolution\CR\Delta.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.) R3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries) R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-04-07] (AVG Technologies CZ, s.r.o.) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics) S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1578128 2012-12-05] (Realtek Semiconductor Corporation ) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider) S3 Tosrfcom; No ImagePath S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-16 16:15 - 2015-05-16 16:15 - 00017164 _____ () C:\Users\SHARON\Desktop\FRST.txt 2015-05-16 15:58 - 2015-05-16 15:58 - 02107392 _____ (Farbar) C:\Users\SHARON\Desktop\FRST64.exe 2015-05-16 15:55 - 2015-05-16 15:57 - 02107392 _____ (Farbar) C:\Users\SHARON\Downloads\FRST64.exe 2015-05-16 15:44 - 2015-05-16 16:15 - 00000000 ____D () C:\FRST 2015-05-13 02:38 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 02:38 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-12 21:41 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2015-05-12 21:41 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2015-05-12 21:41 - 2015-03-17 18:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-05-12 21:41 - 2015-03-09 03:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys 2015-05-12 21:40 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-05-12 21:40 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-05-12 21:40 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-05-12 21:40 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-05-12 21:40 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-05-12 21:40 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-05-12 21:40 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-05-12 21:40 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-05-12 21:40 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-05-12 21:40 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-05-12 21:40 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll 2015-05-12 21:40 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-05-12 21:40 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-05-12 21:40 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-05-12 21:40 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-05-12 21:40 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-05-12 21:40 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-05-12 21:40 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-05-12 21:40 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-05-12 21:40 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-05-12 21:40 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-05-12 21:40 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-05-12 21:40 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-05-12 21:40 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-05-12 21:40 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-05-12 21:40 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-05-12 21:40 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-05-12 21:40 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-05-12 21:40 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-05-12 21:40 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-05-12 21:40 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-05-12 21:40 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-05-12 21:40 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-05-12 21:40 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-05-12 21:40 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-05-12 21:40 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-05-12 21:40 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-05-12 21:40 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-05-12 21:40 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-05-12 21:40 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-05-12 21:40 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-05-12 21:40 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-05-12 21:40 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-05-12 21:40 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-05-12 21:40 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-05-12 21:40 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2015-05-12 21:40 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll 2015-05-12 21:40 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll 2015-05-12 21:40 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2015-05-12 21:40 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2015-05-12 21:40 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll 2015-05-12 21:40 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll 2015-05-12 21:40 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-05-12 21:40 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2015-05-12 21:40 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-05-12 21:40 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-05-12 21:40 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe 2015-05-12 21:40 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe 2015-05-12 21:40 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2015-05-12 21:40 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2015-05-12 21:40 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2015-05-12 21:40 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-05-12 21:40 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-05-12 21:40 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-05-12 21:39 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-05-12 21:39 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-05-12 21:39 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-05-12 21:39 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-05-12 21:39 - 2015-03-13 05:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-05-12 21:39 - 2015-03-13 05:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-05-12 21:39 - 2015-03-13 01:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-05-12 21:39 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll 2015-05-12 21:39 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll 2015-05-06 11:54 - 2015-05-06 11:58 - 00000000 ____D () C:\Users\SHARON\Desktop\Harry Potter 2015-05-02 15:32 - 2015-05-02 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2015-04-18 18:53 - 2015-05-15 22:18 - 00000000 ____D () C:\Users\SHARON\Desktop\24 Season 1, 2, 3, 4, 5, 6, 7, & 8 Deluxe DVD Boxset in HD + Extras (Extra Episode, Deleted Scenes etc) 2015-04-16 16:54 - 2015-04-16 16:54 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-04-16 16:37 - 2015-04-16 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-04-16 16:36 - 2015-04-16 16:37 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-04-16 16:36 - 2015-04-16 16:37 - 00000000 ____D () C:\Program Files\iTunes 2015-04-16 16:36 - 2015-04-16 16:36 - 00000000 ____D () C:\Program Files\iPod ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-16 16:15 - 2013-09-30 16:52 - 00000000 ____D () C:\Users\SHARON\AppData\Roaming\BitComet 2015-05-16 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-05-16 15:52 - 2013-11-25 22:13 - 01186878 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-16 15:38 - 2013-03-05 20:18 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3480854019-250065186-1690203289-1001 2015-05-16 15:33 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-05-16 15:24 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-05-16 15:23 - 2013-09-30 05:11 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-05-16 15:22 - 2013-11-25 23:16 - 00000000 ___DO () C:\Users\SHARON\SkyDrive 2015-05-16 13:10 - 2013-03-07 14:16 - 00000000 ____D () C:\ProgramData\MFAData 2015-05-16 13:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-05-15 20:24 - 2013-08-22 15:46 - 00342141 _____ () C:\WINDOWS\setupact.log 2015-05-15 15:49 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-05-14 13:58 - 2014-08-29 18:31 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar 2015-05-14 13:51 - 2014-01-10 13:48 - 00000000 ____D () C:\Program Files (x86)\Google 2015-05-14 13:13 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-14 13:12 - 2014-01-10 13:49 - 00000000 ____D () C:\Program Files\Google 2015-05-14 13:12 - 2013-09-29 21:03 - 00140438 _____ () C:\WINDOWS\PFRO.log 2015-05-14 13:10 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-05-14 13:07 - 2014-08-29 18:31 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar 2015-05-14 13:05 - 2014-01-10 13:48 - 00000000 ____D () C:\Users\SHARON\AppData\Local\Google 2015-05-13 17:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp 2015-05-13 03:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-05-13 02:39 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-05-13 02:38 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers 2015-05-12 23:45 - 2013-08-22 15:44 - 00481120 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-05-12 23:40 - 2013-09-30 04:59 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-12 23:39 - 2013-03-06 15:26 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-12 23:38 - 2013-07-28 13:51 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-05-12 23:33 - 2013-03-19 11:59 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-05-12 21:51 - 2014-04-26 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-05-12 21:51 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2015-05-12 21:38 - 2014-01-10 13:48 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-05 18:59 - 2014-12-19 12:45 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-05-05 18:59 - 2014-12-19 12:45 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-05 13:23 - 2014-11-25 15:55 - 00000000 ____D () C:\Users\SHARON\AppData\Local\StormWatch 2015-04-16 17:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2015-04-16 16:54 - 2015-03-07 17:36 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-04-16 16:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB 2015-04-16 16:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB 2015-04-16 16:53 - 2013-11-25 21:55 - 00000000 ____D () C:\Users\SHARON 2015-04-16 16:36 - 2014-10-26 17:21 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-04-16 16:36 - 2013-10-01 16:17 - 00000000 ____D () C:\Program Files\Common Files\Apple Some content of TEMP: ==================== C:\Users\SHARON\AppData\Local\Temp\UNINSTALL.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-14 13:29 ==================== End Of Log ============================