[pystryker]

Did you reboot the machine after the fix? If not, please reboot and let me know if they are still there. If so, please take a screenshot and post it so I can take a look at it.

[Advertisements]

Scratch that, it seems to have helped. Even without a restart.

Things seem back to usual at the moment. But was that all of it?

I also got old timer to finish.

Edited by gmcube, 02 March 2014 - 11:15 PM.

[gmcube]

Scratch that, it seems to have helped. Even without a restart.

Things seem back to usual at the moment. But was that all of it?

I also got old timer to finish.

Edited by gmcube, 02 March 2014 - 11:15 PM.

[pystryker]

Scratch that, it seems to have helped. Even without a restart.

Things seem back to usual at the moment. But was that all of it?

Good to hear

I believe we've killed the active infections, but there is more to do, so let's take a look for remnants.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes' Anti-Malware from Here.

• Double Click mbam-setup.exe to install the application (Windows 7 users, right click and select Run as Administrator.)
• Proceed through the setup
  
  • Choose your language
  • Accept the License Agreement
  • Select Destination Location
  • Select Start Menu Folder
  • Select Addtional Tasks
  • Click Install
  • In the Completeing the Malwarebytes Anti-Malware Setup Wizard Window
    
    • Uncheck Enable free trial of Malwarebytes Anti-Malware PRO
    • Keep the check mark beside Update Malwarebytes' Anti-Malware
    • Keep the check mark beside Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick Scan
• Click Scan. The scan may take some time to finish,so please be patient.
  
  
  
• When the scan is complete, click OK, then Show Results to view the results.
  
  
  
• Make sure that everything is checked, and click Remove Selected.
  
  
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked.
  
• Make sure that the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
  
• Now click on Start
  
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  
• When completed the Online Scan will begin automatically. The scan may take several hours.
  
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  
• Now click on Finish
  
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.

Step 3: SecurityCheck Scan


Download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

• ESET Scan Log
  
• MBAM Log
  
• SecurityCheck Log

[gmcube]

I accidentally installed the trial, but I doubt that matters.


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.03.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Tonya :: TONYA-PC [administrator]

Protection: Disabled

3/3/2014 12:44:36 AM
mbam-log-2014-03-03 (00-44-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218859
Time elapsed: 9 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Tonya\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] (Adware.ArcadeWeb) -> Quarantined and deleted successfully.

Files Detected: 9
C:\Users\Tonya\Downloads\CalculatorSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Tonya\Downloads\iMeshSetup-r393-n-bf.exe (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Tonya\Downloads\setup.exe (PUP.Optional.Bundlore) -> Quarantined and deleted successfully.
C:\Users\Tonya\Downloads\VideosSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Tonya\Downloads\WalmartForm(1).zip (Trojan.Email.FakeDoc) -> Quarantined and deleted successfully.
C:\Users\Tonya\Downloads\WalmartForm.zip (Trojan.Email.FakeDoc) -> Quarantined and deleted successfully.
C:\Users\Tonya\Downloads\ZipOpenerSetup.exe (PUP.Optional.FriedCookie) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Security Center Update - 1686658791.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Security Center Update - 4062085556.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

(end)








ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a15cc1f4d0b03a418fdb31fac18a81a6
# engine=17289
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-03 09:05:57
# local_time=2014-03-03 04:05:57 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 87 0 80028341 0 0
# compatibility_mode=5893 16776574 100 94 19355320 145381007 0 0
# scanned=223150
# found=19
# cleaned=0
# scan_time=8800
sh=CA248F6B8BAB3D74DF178518F23AACBFFE96C0FF ft=1 fh=ff147e3ab0aab30a vn="Win32/TrojanDownloader.Zortob.F trojan" ac=I fn="C:\FRST\Quarantine\fbtdmgtk.exe02-03-2014_17-33-37"
sh=BDCDE0039CC1843FC092456A34C2C67F06F4F6C4 ft=1 fh=aa79b23cba164300 vn="Win32/Injector.AYUU trojan" ac=I fn="C:\FRST\Quarantine\icppaxrj.exe02-03-2014_17-33-43"
sh=BDCDE0039CC1843FC092456A34C2C67F06F4F6C4 ft=1 fh=aa79b23cba164300 vn="Win32/Injector.AYUU trojan" ac=I fn="C:\FRST\Quarantine\incjxaph.exe02-03-2014_17-33-45"
sh=38F70B055DA68396D8D7BF3F0DDB45B0D1E40F2D ft=1 fh=8796bfdd1863d02d vn="a variant of Win32/Injector.AYES trojan" ac=I fn="C:\FRST\Quarantine\kjudtmpn.exe02-03-2014_17-33-47"
sh=7AE6AF194181409CE3BAAC29AC87ACCCF96356F1 ft=1 fh=f42213fdedce7160 vn="a variant of Win32/Wajam.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\Video_Converter_TSV2382ZX.exe02-03-2014_17-33-50"
sh=18F5DBBEEC487515314106A13B6FACB16FB27E4C ft=1 fh=ff147e3afb8fd20c vn="a variant of Win32/Kryptik.BVKP trojan" ac=I fn="C:\FRST\Quarantine\xgmuxkgb.exe02-03-2014_17-33-39"
sh=8751D16071C4E65C93D9F9631BD788BFD9C36644 ft=1 fh=c70610e421d5bbdf vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\RadioRage_4j02-03-2014_17-33-32\bar\1.bin\4jbar.dll"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\RadioRage_4j02-03-2014_17-33-32\bar\1.bin\4jbrmon.exe"
sh=374E378A91209732B48C8416D1E9805E98FDCFA9 ft=1 fh=6da58ad1308c1c96 vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\RadioRage_4j02-03-2014_17-33-32\bar\1.bin\AppIntegratorStub64.dll"
sh=3D7CD376DFDB97512A376E85FBB7F04344C051B6 ft=1 fh=e0ed2601e18686d8 vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\RadioRage_4j02-03-2014_17-33-32\bar\1.bin\Hpg64.dll"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Tonya\Downloads\ccsetup410.exe"
sh=D6017D77664585F90D404A444351996AB953C11F ft=1 fh=a8042a05c167d9b1 vn="a variant of Win32/AdInstaller potentially unwanted application" ac=I fn="C:\Users\Tonya\Downloads\CouponAlert.exe"
sh=B794727FD00DE9D98B8DBD000D0D8D522E6BC314 ft=1 fh=37df74da43563a86 vn="Win32/AdInstaller potentially unwanted application" ac=I fn="C:\Users\Tonya\Downloads\MyFunCards(2).exe"
sh=B794727FD00DE9D98B8DBD000D0D8D522E6BC314 ft=1 fh=37df74da43563a86 vn="Win32/AdInstaller potentially unwanted application" ac=I fn="C:\Users\Tonya\Downloads\MyFunCards.exe"
sh=39EC0A716440469F45F25447DD6D2961AD3FE45B ft=0 fh=0000000000000000 vn="a variant of Win32/Kryptik.BVUB trojan" ac=I fn="C:\Users\Tonya\Downloads\Record_Milford_(302)4587378.zip"
sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Tonya\Downloads\Shockwave_Installer_Slim.exe"
sh=C5DDCD82C8258716E8C81A5CF34B9843DAA66A62 ft=1 fh=d361263e103ce75a vn="a variant of Win32/AdInstaller potentially unwanted application" ac=I fn="C:\Users\Tonya\Downloads\Webfetti.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"




Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2013
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
HijackThis 1.99.1
AVG PC TuneUp 2014 (en-US)
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 12.0.0.70 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (27.0.1)
Google Chrome 32.0.1700.107
Google Chrome 33.0.1750.117
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

[pystryker]

Alright, looking good Let's clear the remnants away.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

FRST Fix

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt

Start
C:\Users\Tonya\Downloads\ccsetup410.exe
C:\Users\Tonya\Downloads\CouponAlert.exe
C:\Users\Tonya\Downloads\MyFunCards(2).exe
C:\Users\Tonya\Downloads\MyFunCards.exe
C:\Users\Tonya\Downloads\Record_Milford_(302)4587378.zip
C:\Users\Tonya\Downloads\Shockwave_Installer_Slim.exe
C:\Users\Tonya\Downloads\Webfetti.exe
C:\Windows\System32\Adobe\Shockwave 12\gt.exe
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

[gmcube]

Sorry for the delay, she had to use it for school stuff.

Here's the fix log.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2014 01
Ran by Tonya at 2014-03-04 02:19:28 Run:4
Running from C:\Users\Tonya\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\Users\Tonya\Downloads\ccsetup410.exe
C:\Users\Tonya\Downloads\CouponAlert.exe
C:\Users\Tonya\Downloads\MyFunCards(2).exe
C:\Users\Tonya\Downloads\MyFunCards.exe
C:\Users\Tonya\Downloads\Record_Milford_(302)4587378.zip
C:\Users\Tonya\Downloads\Shockwave_Installer_Slim.exe
C:\Users\Tonya\Downloads\Webfetti.exe
C:\Windows\System32\Adobe\Shockwave 12\gt.exe
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe
End
*****************

C:\Users\Tonya\Downloads\ccsetup410.exe => Moved successfully.
C:\Users\Tonya\Downloads\CouponAlert.exe => Moved successfully.
C:\Users\Tonya\Downloads\MyFunCards(2).exe => Moved successfully.
C:\Users\Tonya\Downloads\MyFunCards.exe => Moved successfully.
C:\Users\Tonya\Downloads\Record_Milford_(302)4587378.zip => Moved successfully.
C:\Users\Tonya\Downloads\Shockwave_Installer_Slim.exe => Moved successfully.
C:\Users\Tonya\Downloads\Webfetti.exe => Moved successfully.
"C:\Windows\System32\Adobe\Shockwave 12\gt.exe" => File/Directory not found.
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe => Moved successfully.

==== End of Fixlog ====

[pystryker]

Sorry for the delay, she had to use it for school stuff.

No worries, the fixlog looks good, which brings me to my next point:

Great news, your logs are CLEAN! I see no signs of infection in the last logs you posted, but we still have a few things we need to address namely:

• I need to remove the tools we installed on your machine.
  
• We also have some programs on your machine that need updating to help protect you in the future.
  
• I also have some tips and information for you and a program to help protect your machine against a new ransomware infection called CryptoLocker

Step 1: Tool Removal and Creation of a Clean Restore Point

• Download Delfix from here
• Ensure Remove disinfection tools is ticked
  Also tick:
  
  • Create registry backup
  • Purge system restore
  
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

• You can uninstall ESET Online Scanner at this time.
  
• I'd keep TFC on the machine and run it about once a week to clear out the temp files on the machine.
  
• I'd recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds PUP's (potentially unwanted programs) those can be deleted. If it finds something more serious such as a trojan, come see us so we can check your machine out.

Step 2: Program Updates and FileHippo Installation


Your anti-virus program is out of date. Please follow this link to update to the latest version: http://free.avg.com/us-en/homepage

Adobe Flash Player needs updating as well. Please click the link to update it. Note: Make sure you uncheck the box so as not to install McAfee. http://get.adobe.com.../?promoid=JZEFT

Don't forget to re-enable SpyBot's Tea Timer.

Java is also out of date, but I have some information for you about Java that needs to be read first.


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.

• Click on this link Java Website and click Do I Have Java?
  
• Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.

You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa

• Unzip the files to the directory of your choice.
  
• Double click the JavaRa icon in the directory and choose your language preference.
  
• Click Remove Older Versions from the menu.
  
• Click Yes.
  
• If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  
• JavaRa will then search for and remove old versions of Java from your machine.

You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 3: Tips, Information, and protection against CryptoLocker

• Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  
• Be careful of the websites you visit.
  
• When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.
  
• To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.





Are there any further issues I can assist you with?

[gmcube]

Thanks for the help.


I've only had a little time with the laptop lately. I did the the Delfix step, don't have the log at the moment.

She tells me she's been getting emails in the past couple days from various sites about accounts being compromised or something to that effect. One claimed to be from Comcast, another from Microsoft. Another from pintrest. They looked legit to me but who knows. I guess some stuff snuck in when I had the firewall down? The timing would make sense. I also noticed a pop up ad on this site, it looked out of place to me. I didn't think geeks2go advertised like this. could that be worth looking into? It was covering one of the scroll bars.

Edited by gmcube, 06 March 2014 - 04:28 AM.

[pystryker]

Thanks for the help.


I've only had a little time with the laptop lately. I did the the Delfix step, don't have the log at the moment.

She tells me she's been getting emails in the past couple days from various sites about accounts being compromised or something to that effect. One claimed to be from Comcast, another from Microsoft. Another from pintrest. They looked legit to me but who knows. I guess some stuff snuck in when I had the firewall down? The timing would make sense. I also noticed a pop up ad on this site, it looked out of place to me. I didn't think geeks2go advertised like this. could that be worth looking into? It was covering one of the scroll bars.

You are very much welcome, it's out pleasure. When you can, please post that log. I like being a tidy worker, and don't want to leave anything behind.

To be on the safe side, I would change passwords and user names. You can call them, don't reply to the email they sent in case it's not legitimate and let them know that your machine had a malware infection, but has been cleaned now. Also, we've reset the firewall as well As for the ads, I think we have a some here, but I'm not positive of that. I'll check though.

Is there anything else I can assist you with?

[gmcube]

Here's the delfix log.

# DelFix v10.6 - Logfile created 05/03/2014 at 20:46:31
# Updated 11/11/2013 by Xplode
# Username : Tonya - TONYA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.2.8.16.0_02.03.2014_20.16.44_log.txt
Deleted : C:\TDSSKiller.2.8.16.0_02.03.2014_20.24.38_log.txt
Deleted : C:\TDSSKiller.2.8.16.0_02.03.2014_20.27.40_log.txt
Deleted : C:\TDSSKiller.2.8.16.0_02.03.2014_20.37.31_log.txt
Deleted : C:\TDSSKiller.2.8.16.0_02.03.2014_21.48.57_log.txt
Deleted : C:\TDSSKiller.3.0.0.25_02.03.2014_21.50.05_log.txt
Deleted : C:\TDSSKiller.3.0.0.25_02.03.2014_21.53.21_log.txt
Deleted : C:\Users\Tonya\Desktop\Addition.txt
Deleted : C:\Users\Tonya\Desktop\adwcleaner.exe
Deleted : C:\Users\Tonya\Desktop\Fixlog.txt
Deleted : C:\Users\Tonya\Desktop\FRST.txt
Deleted : C:\Users\Tonya\Desktop\FRST64.exe
Deleted : C:\Users\Tonya\Desktop\JRT.exe
Deleted : C:\Users\Tonya\Desktop\hijackthis.log
Deleted : C:\Users\Tonya\Desktop\SecurityCheck.exe
Deleted : C:\Users\Tonya\Desktop\securitycheck.exe.htm
Deleted : C:\Users\Tonya\Desktop\TDSSKiller.exe
Deleted : C:\Users\Tonya\Desktop\TFC.exe
Deleted : C:\Users\Tonya\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Tonya\Downloads\Extras.Txt
Deleted : C:\Users\Tonya\Downloads\FRST64 (1).exe
Deleted : C:\Users\Tonya\Downloads\hijackthis_sfx.exe
Deleted : C:\Users\Tonya\Downloads\OTL.Txt
Deleted : C:\Users\Tonya\Downloads\OTL.exe
Deleted : C:\Users\Tonya\Downloads\tdsskiller.zip
Deleted : C:\Users\Tonya\Downloads\TFC (1).exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Soeperman Enterprises Ltd.
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #230 [Removed Skype Click to Call | 02/24/2014 07:25:19]
Deleted : RP #231 [Windows Update | 02/26/2014 08:00:11]
Deleted : RP #233 [Installed AVG PC TuneUp 2014 | 03/01/2014 10:09:50]
Deleted : RP #234 [Removed AVG PC TuneUp 2014 (en-US) | 03/01/2014 10:16:46]
Deleted : RP #235 [Removed Google Earth. | 03/03/2014 03:22:27]
Deleted : RP #236 [Removed Skype™ 6.0 | 03/03/2014 03:56:39]
Deleted : RP #237 [Windows Update | 03/03/2014 10:18:12]

New restore point created !

########## - EOF - ##########



I also noticed I have something called savings bull I'm in the process of trying to remove. The uninstaller doesn't seem to do anything.

[pystryker]

I also noticed I have something called savings bull I'm in the process of trying to remove. The uninstaller doesn't seem to do anything.

It sounds like some adware has found it's way into the machine. Let's take a fresh look with FRST and see what's going on.


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
  
• Please copy and paste log back here.
  
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[gmcube]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-03-2014
Ran by Tonya at 2014-03-06 21:25:25
Running from C:\Users\Tonya\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12594 - Systweak Software) <==== ATTENTION
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.295 - AVG) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CaddieSync Express 1.4.3 (HKLM-x32\...\CaddieSync Express) (Version: 1.4.3 - SkyHawke Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1616 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{BB94D541-A747-4A5D-B0ED-72FA5C158EA5}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{5848A26C-E4BC-4A13-AA8D-810BA344475A}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{7C36414C-DC87-4943-A525-BC1717BA17C9}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}) (Version: 5.1.10.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version: - )
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
Praxis 1.0 (HKLM-x32\...\Praxis) (Version: 1.0 - McGraw-Hill)
Praxis Elementary Ed 0014-5014 (HKLM-x32\...\{3D92143C-971D-45A3-B9C8-B2F9FBF7AE2E}) (Version: 2.1.0 - REA, Inc. )
PrintMaster Platinum 18 (HKLM-x32\...\{EBD9A954-6C1A-4E9F-A098-C98653035381}) (Version: 18.00.0000 - Broderbund Software)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version: - Sakar)
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

06-03-2014 01:47:10 End of disinfection
07-03-2014 01:39:43 Installed AVG 2014
07-03-2014 01:41:19 Installed AVG 2014

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1204A2EF-BBB3-4E8F-AB12-600D734E348E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {1940E64E-3F22-4795-81FB-1A33E0A7C957} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {1EC4450C-B678-4845-B5F1-46AAC1CD11E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {34F441B8-3F7A-40A7-8CD7-BC5B426489C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {37C98D75-9C9D-4D82-991C-26672332A067} - System32\Tasks\Norton Security Scan for Tonya => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe
Task: {4DEE0D76-6E12-4733-A145-575C68BE1775} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09] (Google Inc.)
Task: {5EA2B762-D5DA-4495-A4C7-2A090B636CAE} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {6E14CDFF-AC6D-449D-B9CF-BFEC5DBD6FEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {8A5B8930-B87C-4694-A9BA-5E59479AF26E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)
Task: {8ABEF781-5A61-4141-987D-C2580D9E9012} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {93ADF068-877A-46EF-8ACA-DA85D2C1C236} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9F6B869D-9872-4A2D-B27D-E65BBE70648F} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-02-28] (Systweak) <==== ATTENTION
Task: {B6ECE09F-1C16-4486-8C27-D6A3F3A73769} - System32\Tasks\Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil.exe [2014-01-28] (Hewlett-Packard)
Task: {BAE65520-7F63-4FAC-A9C3-B246A5BE9BF9} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {BB78E370-B832-40E2-8449-6144608CF4C2} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{A972EA46-59C7-41EE-8DE2-DABBE96373B2}.exe
Task: {BE7FBE83-B74E-4CD6-BC42-AB2D9D96B0D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)
Task: {BF1301FC-CACC-469B-8D98-69D233B68CF4} - System32\Tasks\HPCeeScheduleForTonya => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {E11C96E4-5754-4C95-A9A7-DB4D998C16A7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000UA => C:\Users\Tonya\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27] (Google Inc.)
Task: {E17BE537-A579-46D6-91B8-9E6E793A1746} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{811C1E3D-D79D-43AA-9B83-F85E3F6758A5}.exe
Task: {E712C161-A4C5-495E-81B5-C3E50EF5CCC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-01-28] (Microsoft)
Task: {EE8E9F6C-C058-4831-B3FF-0DA994108C9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09] (Google Inc.)
Task: {F9C407B2-E0DE-4F21-8506-B324AE681339} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000Core => C:\Users\Tonya\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{A972EA46-59C7-41EE-8DE2-DABBE96373B2}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{811C1E3D-D79D-43AA-9B83-F85E3F6758A5}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000Core.job => C:\Users\Tonya\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000UA.job => C:\Users\Tonya\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTonya.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-06-29 21:00 - 2010-06-29 21:00 - 00027192 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2014-01-27 15:45 - 2014-01-27 15:45 - 00710976 _____ () C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
2010-06-18 18:26 - 2010-06-18 18:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-06-18 18:26 - 2010-06-18 18:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 18:26 - 2010-06-18 18:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-03 04:38 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
2014-03-03 04:38 - 2014-02-28 18:29 - 01730928 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll
2014-02-01 04:11 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-01 04:11 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-01 04:11 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-01 04:11 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-01 04:11 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-10-22 14:37 - 2012-10-22 14:37 - 00166296 _____ () C:\Program Files (x86)\SkyGolf\CaddieSync Express\conduitscripting0.dll
2009-01-10 05:32 - 2009-01-10 05:32 - 00011362 _____ () C:\Program Files (x86)\SkyGolf\CaddieSync Express\mingwm10.dll
2009-06-22 13:42 - 2009-06-22 13:42 - 00043008 _____ () C:\Program Files (x86)\SkyGolf\CaddieSync Express\libgcc_s_dw2-1.dll
2010-09-23 09:52 - 2010-09-23 09:52 - 02537472 _____ () C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtCore4.dll
2010-09-12 21:16 - 2010-09-12 21:16 - 02173952 _____ () C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtScript4.dll
2010-09-13 00:12 - 2010-09-13 00:12 - 00744448 _____ () C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtScriptTools4.dll
2010-09-12 20:30 - 2010-09-12 20:30 - 09814016 _____ () C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtGui4.dll
2010-09-12 19:51 - 2010-09-12 19:51 - 00399360 _____ () C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtXml4.dll
2012-10-22 14:32 - 2012-10-22 14:32 - 00107008 _____ () C:\Program Files (x86)\SkyGolf\CaddieSync Express\qextserialport1.dll
2012-10-22 14:32 - 2012-10-22 14:32 - 00591360 _____ () C:\Program Files (x86)\SkyGolf\CaddieSync Express\qjson0.dll
2010-09-12 19:55 - 2010-09-12 19:55 - 01140224 _____ () C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtNetwork4.dll
2014-03-04 11:06 - 2014-03-01 21:35 - 00051016 _____ () C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 11:06 - 2014-03-01 21:35 - 00716616 _____ () C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 11:06 - 2014-03-01 21:35 - 00100168 _____ () C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 11:06 - 2014-03-01 21:35 - 04061000 _____ () C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 11:06 - 2014-03-01 21:35 - 00394568 _____ () C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 11:06 - 2014-03-01 21:35 - 01647432 _____ () C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-03-04 11:06 - 2014-03-01 21:35 - 13632840 _____ () C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37115442.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40737802.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44562865.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37115442.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\40737802.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44562865.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/06/2014 08:45:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: avgwdsvc.exe, version: 14.0.0.4204, time stamp: 0x5240cfb0
Faulting module name: avgqconvertx.dll, version: 14.0.0.4206, time stamp: 0x524a0d17
Exception code: 0xc0000005
Fault offset: 0x0002f617
Faulting process id: 0x16ac
Faulting application start time: 0xavgwdsvc.exe0
Faulting application path: avgwdsvc.exe1
Faulting module path: avgwdsvc.exe2
Report Id: avgwdsvc.exe3

Error: (03/06/2014 02:26:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7753

Error: (03/06/2014 02:26:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7753

Error: (03/06/2014 02:26:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/06/2014 02:26:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6598

Error: (03/06/2014 02:26:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6598

Error: (03/06/2014 02:26:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/06/2014 02:26:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5506

Error: (03/06/2014 02:26:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5506

Error: (03/06/2014 02:26:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/06/2014 09:02:28 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (03/06/2014 09:02:24 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (03/06/2014 09:01:36 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (03/06/2014 09:01:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (03/06/2014 08:59:17 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (03/06/2014 08:59:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (03/06/2014 08:58:48 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (03/06/2014 08:55:46 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053

Error: (03/06/2014 08:55:46 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.

Error: (03/06/2014 08:55:16 PM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (02/24/2014 01:06:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 171186 seconds with 480 seconds of active time. This session ended with a crash.

Error: (01/30/2013 11:53:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 99408 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 3002.93 MB
Available physical RAM: 1292.07 MB
Total Pagefile: 6004.03 MB
Available Pagefile: 3822.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:216.46 GB) (Free:156.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.12 GB) (Free:2.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 92636A50)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=216 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-03-2014
Ran by Tonya (administrator) on TONYA-PC on 06-03-2014 21:22:12
Running from C:\Users\Tonya\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(SkyHawke) C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Google Inc.) C:\Users\Tonya\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tonya\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Google Inc.) C:\Users\Tonya\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tonya\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tonya\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6245408 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CaddieSyncConduit] - C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe [2379160 2012-10-22] (SkyHawke)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\Run: [Google Update] - C:\Users\Tonya\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-11-27] (Google Inc.)
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\Run: [EPSON Stylus Photo R220 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE [211456 2006-12-25] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\Run: [Ewkemygayflyra] - C:\Users\Tonya\AppData\Roaming\Foyrmulo\xihepo.exe
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\MountPoints2: {8f918ca0-64b3-11e2-ad90-60eb692c3b3a} - G:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Startup: C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...GaTHU-UWyKNa8Vc,
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0781AD49-04B2-40C3-882C-BD396CAB1B2A} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {F4E8AB23-E333-43F2-BDAA-55F4184B1EFF} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\f6d0vu46.default
FF user.js: detected! => C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\f6d0vu46.default\user.js
FF Homepage: hxxp://xfinity.comcast.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tonya\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tonya\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\f6d0vu46.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-05]
FF Extension: Greasemonkey - C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\f6d0vu46.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-08-23]

Chrome:
=======
CHR HomePage: hxxp://xfinity.comcast.net/
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Google Update) - C:\Users\Tonya\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Entanglement Web App) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-03-26]
CHR Extension: (Poppit) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-03-26]
CHR Extension: (Google Wallet) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [710976 2014-01-27] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 Update PlurPush; "C:\Program Files (x86)\PlurPush\updatePlurPush.exe" [X]
S2 Util PlurPush; "C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-06 21:22 - 2014-03-06 21:23 - 00024083 _____ () C:\Users\Tonya\Downloads\FRST.txt
2014-03-06 21:21 - 2014-03-06 21:22 - 00000000 ____D () C:\FRST
2014-03-06 21:21 - 2014-03-06 21:21 - 02156544 _____ (Farbar) C:\Users\Tonya\Downloads\FRST64.exe
2014-03-06 21:20 - 2014-03-06 21:20 - 01145344 _____ (Farbar) C:\Users\Tonya\Downloads\FRST.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\xdfmjlwf.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\prcswgxt.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\oeuehmkg.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\fqicqolt.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\skhfbkcm.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\puqhghcs.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\nvqtgrgj.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\nglscrjo.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\jgudehox.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\gamnbprj.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\bfmelspa.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\ajcpvvoe.exe
2014-03-06 20:47 - 2014-03-06 20:47 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\AVG2014
2014-03-06 20:43 - 2014-03-06 20:43 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-06 20:41 - 2014-03-06 20:46 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-06 20:37 - 2014-03-06 20:47 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Avg2014
2014-03-06 20:36 - 2014-03-06 20:36 - 04462384 _____ (AVG Technologies) C:\Users\Tonya\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-03-05 20:46 - 2014-03-05 20:47 - 00002555 _____ () C:\DelFix.txt
2014-03-03 17:27 - 2014-03-03 17:27 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-03 05:13 - 2014-03-03 05:13 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Roxio Log Files
2014-03-03 04:48 - 2014-03-03 04:48 - 00000066 _____ () C:\Windows\GPlrLanc.dat
2014-03-03 04:38 - 2014-03-06 20:56 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-03-03 04:38 - 2014-03-03 04:38 - 00001969 _____ () C:\Users\Tonya\Desktop\Sync Folder.lnk
2014-03-03 04:38 - 2014-03-03 04:38 - 00000000 ____D () C:\ProgramData\Systweak
2014-03-03 04:38 - 2014-03-03 04:38 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-03-03 04:38 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-03-03 04:37 - 2014-03-06 21:16 - 18801370 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-03-03 04:37 - 2014-03-05 20:53 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Systweak
2014-03-03 04:37 - 2014-03-03 04:38 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 _____ () C:\Windows\system32\Service.log
2014-03-03 04:37 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-03-03 04:36 - 2014-03-03 04:36 - 00000000 ____D () C:\Users\Tonya\AppData\Local\SearchProtect
2014-03-03 04:35 - 2014-03-03 04:35 - 00108072 _____ () C:\Users\Tonya\Downloads\Adobe_Flash.exe
2014-03-03 01:28 - 2014-03-03 01:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-03 00:43 - 2014-03-03 00:43 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-03 00:43 - 2014-03-03 00:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-03 00:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 00:29 - 2014-03-03 00:29 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Malwarebytes
2014-03-03 00:29 - 2014-03-03 00:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-03 00:28 - 2014-03-03 00:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tonya\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-03-02 21:49 - 2014-03-02 21:49 - 00000000 ____D () C:\Users\Tonya\Downloads\tdsskiller
2014-03-02 21:27 - 2014-03-05 20:46 - 00000000 ____D () C:\Windows\ERUNT
2014-03-02 03:54 - 2014-03-02 03:54 - 00652144 _____ (www.file.net) C:\Users\Tonya\Downloads\top100files.exe
2014-03-01 05:09 - 2014-03-01 05:09 - 00000000 ____D () C:\ProgramData\AVG
2014-03-01 05:05 - 2014-03-01 05:05 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-01 04:56 - 2014-03-01 05:03 - 78353832 _____ (AVG) C:\Users\Tonya\Downloads\avg_tuh_stf_all_2014_295_24c28(1).exe
2014-03-01 04:56 - 2014-03-01 05:01 - 78353832 _____ (AVG) C:\Users\Tonya\Downloads\avg_tuh_stf_all_2014_295_24c28.exe
2014-03-01 02:57 - 2014-03-06 21:15 - 00272840 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 02:51 - 2014-03-06 20:53 - 00001064 _____ () C:\Windows\setupact.log
2014-03-01 02:51 - 2014-03-01 02:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-01 02:50 - 2014-03-06 20:52 - 00021476 _____ () C:\Windows\PFRO.log
2014-02-28 21:51 - 2014-02-28 21:51 - 00015508 _____ () C:\Users\Tonya\Desktop\cc_20140228_215122.reg
2014-02-28 21:32 - 2014-03-01 00:52 - 00021376 _____ () C:\Users\Tonya\Desktop\avgrep.txt
2014-02-28 21:21 - 2014-02-28 21:54 - 00000000 ____D () C:\Windows\pss
2014-02-26 03:09 - 2014-03-04 13:53 - 00077628 _____ () C:\Users\Tonya\Documents\EDU 403 CM.pptx
2014-02-26 01:56 - 2014-02-26 01:56 - 00000000 _____ () C:\Users\Tonya\AppData\Roaming\SharedSettings.ccs
2014-02-23 23:25 - 2014-02-23 23:25 - 00001120 _____ () C:\Users\Tonya\Desktop\Continue Zip Opener Installation.lnk
2014-02-15 21:22 - 2014-02-15 21:22 - 00020875 _____ () C:\Users\Tonya\Downloads\chapter overview.zip
2014-02-15 01:22 - 2014-02-15 01:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 06:50 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 06:50 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 06:46 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 06:46 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 06:46 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 06:46 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 06:46 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 06:46 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 06:46 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 06:46 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 06:46 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 06:46 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 06:46 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 06:46 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 06:46 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 06:46 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 06:46 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 06:46 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 06:46 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 06:46 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 06:46 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 06:46 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 06:46 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 06:46 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 06:46 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 06:46 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 06:46 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 06:46 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 06:46 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 06:46 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 06:46 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 06:46 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 06:46 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 06:46 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 06:46 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 06:46 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 06:46 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 06:46 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 06:46 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 06:46 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 06:46 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 20:45 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 20:45 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 20:45 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 20:45 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 20:45 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 20:45 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 20:45 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 20:45 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 20:45 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 20:45 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 20:45 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 20:45 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 20:45 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 20:45 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 20:45 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 20:45 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 20:45 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 20:45 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 20:45 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 20:45 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 20:45 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 20:45 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 20:45 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 20:45 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 20:44 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 20:44 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 20:44 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 20:44 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 22:49 - 2014-02-11 22:49 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-09 22:17 - 2014-03-06 20:54 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-09 22:17 - 2014-03-06 20:29 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-09 22:17 - 2014-03-02 22:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-09 22:17 - 2014-02-13 20:24 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-09 22:17 - 2014-02-13 20:24 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-09 22:16 - 2014-02-09 22:16 - 00847312 _____ (Google Inc.) C:\Users\Tonya\Downloads\GoogleEarthSetup.exe

==================== One Month Modified Files and Folders =======

2014-03-06 21:23 - 2014-03-06 21:22 - 00024083 _____ () C:\Users\Tonya\Downloads\FRST.txt
2014-03-06 21:22 - 2014-03-06 21:21 - 00000000 ____D () C:\FRST
2014-03-06 21:21 - 2014-03-06 21:21 - 02156544 _____ (Farbar) C:\Users\Tonya\Downloads\FRST64.exe
2014-03-06 21:20 - 2014-03-06 21:20 - 01145344 _____ (Farbar) C:\Users\Tonya\Downloads\FRST.exe
2014-03-06 21:16 - 2014-03-03 04:37 - 18801370 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-03-06 21:15 - 2014-03-01 02:57 - 00272840 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 21:10 - 2010-11-28 04:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\xdfmjlwf.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\prcswgxt.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\oeuehmkg.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\fqicqolt.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\skhfbkcm.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\puqhghcs.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\nvqtgrgj.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\nglscrjo.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\jgudehox.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\gamnbprj.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\bfmelspa.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\ajcpvvoe.exe
2014-03-06 21:09 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 21:08 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 20:56 - 2014-03-03 04:38 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-03-06 20:54 - 2014-02-09 22:17 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-06 20:54 - 2013-06-07 14:17 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-03-06 20:54 - 2013-06-02 16:24 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-03-06 20:53 - 2014-03-01 02:51 - 00001064 _____ () C:\Windows\setupact.log
2014-03-06 20:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 20:52 - 2014-03-01 02:50 - 00021476 _____ () C:\Windows\PFRO.log
2014-03-06 20:52 - 2009-07-13 23:45 - 01004896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-06 20:50 - 2010-11-28 04:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-06 20:50 - 2010-11-27 03:41 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000UA.job
2014-03-06 20:47 - 2014-03-06 20:47 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\AVG2014
2014-03-06 20:47 - 2014-03-06 20:37 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Avg2014
2014-03-06 20:47 - 2012-05-04 10:53 - 00000000 ___HD () C:\$AVG
2014-03-06 20:46 - 2014-03-06 20:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-06 20:46 - 2012-10-08 12:40 - 00000000 ____D () C:\ProgramData\AVG2013
2014-03-06 20:43 - 2014-03-06 20:43 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-06 20:36 - 2014-03-06 20:36 - 04462384 _____ (AVG Technologies) C:\Users\Tonya\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-03-06 20:29 - 2014-02-09 22:17 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-06 20:26 - 2012-07-22 21:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-06 00:02 - 2010-11-27 03:41 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000Core.job
2014-03-05 20:53 - 2014-03-03 04:37 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Systweak
2014-03-05 20:47 - 2014-03-05 20:46 - 00002555 _____ () C:\DelFix.txt
2014-03-05 20:46 - 2014-03-02 21:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-05 01:52 - 2010-11-27 05:20 - 00333080 _____ () C:\Users\Tonya\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-04 20:18 - 2014-01-01 17:52 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTonya
2014-03-04 20:18 - 2014-01-01 17:52 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForTonya.job
2014-03-04 15:09 - 2010-11-27 03:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-04 13:53 - 2014-02-26 03:09 - 00077628 _____ () C:\Users\Tonya\Documents\EDU 403 CM.pptx
2014-03-04 11:06 - 2010-11-27 03:41 - 00002364 _____ () C:\Users\Tonya\Desktop\Google Chrome.lnk
2014-03-03 17:27 - 2014-03-03 17:27 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-03 05:16 - 2010-07-10 21:01 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-03-03 05:13 - 2014-03-03 05:13 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Roxio Log Files
2014-03-03 05:07 - 2010-07-10 21:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-03 04:58 - 2010-07-08 03:44 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-03-03 04:57 - 2010-07-08 03:44 - 00000000 ____D () C:\ProgramData\WildTangent
2014-03-03 04:49 - 2010-12-01 17:18 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Adobe
2014-03-03 04:48 - 2014-03-03 04:48 - 00000066 _____ () C:\Windows\GPlrLanc.dat
2014-03-03 04:38 - 2014-03-03 04:38 - 00001969 _____ () C:\Users\Tonya\Desktop\Sync Folder.lnk
2014-03-03 04:38 - 2014-03-03 04:38 - 00000000 ____D () C:\ProgramData\Systweak
2014-03-03 04:38 - 2014-03-03 04:38 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-03-03 04:38 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 _____ () C:\Windows\system32\Service.log
2014-03-03 04:37 - 2010-11-27 05:21 - 00000000 ___RD () C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-03 04:36 - 2014-03-03 04:36 - 00000000 ____D () C:\Users\Tonya\AppData\Local\SearchProtect
2014-03-03 04:35 - 2014-03-03 04:35 - 00108072 _____ () C:\Users\Tonya\Downloads\Adobe_Flash.exe
2014-03-03 01:28 - 2014-03-03 01:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-03 00:43 - 2014-03-03 00:43 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-03 00:43 - 2014-03-03 00:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-03 00:29 - 2014-03-03 00:29 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Malwarebytes
2014-03-03 00:29 - 2014-03-03 00:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-03 00:28 - 2014-03-03 00:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tonya\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-03-02 23:45 - 2013-06-19 13:15 - 00066048 ___SH () C:\Users\Tonya\Desktop\Thumbs.db
2014-03-02 22:58 - 2010-07-10 22:21 - 00000000 ____D () C:\ProgramData\Skype
2014-03-02 22:57 - 2012-08-28 21:42 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Skype
2014-03-02 22:27 - 2014-02-09 22:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-02 21:49 - 2014-03-02 21:49 - 00000000 ____D () C:\Users\Tonya\Downloads\tdsskiller
2014-03-02 03:54 - 2014-03-02 03:54 - 00652144 _____ (www.file.net) C:\Users\Tonya\Downloads\top100files.exe
2014-03-01 05:09 - 2014-03-01 05:09 - 00000000 ____D () C:\ProgramData\AVG
2014-03-01 05:05 - 2014-03-01 05:05 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-01 05:03 - 2014-03-01 04:56 - 78353832 _____ (AVG) C:\Users\Tonya\Downloads\avg_tuh_stf_all_2014_295_24c28(1).exe
2014-03-01 05:01 - 2014-03-01 04:56 - 78353832 _____ (AVG) C:\Users\Tonya\Downloads\avg_tuh_stf_all_2014_295_24c28.exe
2014-03-01 03:39 - 2014-02-01 04:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-01 02:51 - 2014-03-01 02:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-01 00:52 - 2014-02-28 21:32 - 00021376 _____ () C:\Users\Tonya\Desktop\avgrep.txt
2014-02-28 21:54 - 2014-02-28 21:21 - 00000000 ____D () C:\Windows\pss
2014-02-28 21:51 - 2014-02-28 21:51 - 00015508 _____ () C:\Users\Tonya\Desktop\cc_20140228_215122.reg
2014-02-28 21:39 - 2010-07-08 03:42 - 00000000 ____D () C:\ProgramData\Norton
2014-02-28 21:29 - 2014-01-31 15:49 - 00000000 ____D () C:\Program Files\HijackThis
2014-02-27 17:22 - 2010-12-09 00:59 - 00788408 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 17:22 - 2009-07-14 00:13 - 00788408 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 01:56 - 2014-02-26 01:56 - 00000000 _____ () C:\Users\Tonya\AppData\Roaming\SharedSettings.ccs
2014-02-23 23:25 - 2014-02-23 23:25 - 00001120 _____ () C:\Users\Tonya\Desktop\Continue Zip Opener Installation.lnk
2014-02-23 16:41 - 2011-01-09 20:09 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-20 21:26 - 2012-07-22 21:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 21:26 - 2012-07-22 21:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 21:26 - 2011-06-28 13:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-18 20:01 - 2014-01-06 18:23 - 00003610 _____ () C:\Windows\System32\Tasks\Norton Security Scan for Tonya
2014-02-16 03:04 - 2013-08-14 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:00 - 2010-11-28 04:46 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 02:02 - 2012-05-04 01:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 21:22 - 2014-02-15 21:22 - 00020875 _____ () C:\Users\Tonya\Downloads\chapter overview.zip
2014-02-15 16:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-02-15 01:22 - 2014-02-15 01:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 20:24 - 2014-02-09 22:17 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 20:24 - 2014-02-09 22:17 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 22:49 - 2014-02-11 22:49 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-11 22:45 - 2010-11-27 03:41 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000UA
2014-02-11 22:45 - 2010-11-27 03:41 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000Core
2014-02-09 22:18 - 2010-11-27 03:41 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Google
2014-02-09 22:16 - 2014-02-09 22:16 - 00847312 _____ (Google Inc.) C:\Users\Tonya\Downloads\GoogleEarthSetup.exe
2014-02-06 07:16 - 2014-02-13 06:46 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-13 06:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-13 06:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-13 06:46 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-13 06:46 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-13 06:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-13 06:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-13 06:46 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 05:52 - 2014-02-13 06:46 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 05:49 - 2014-02-13 06:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-13 06:46 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-13 06:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-13 06:46 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-13 06:46 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-13 06:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-13 06:46 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 05:11 - 2014-02-13 06:46 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-13 06:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-13 06:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-13 06:46 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-13 06:46 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-13 06:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-13 06:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-13 06:46 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 04:49 - 2014-02-13 06:46 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 04:47 - 2014-02-13 06:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-13 06:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-13 06:46 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-13 06:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-13 06:46 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 04:22 - 2014-02-13 06:46 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-13 06:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-13 06:46 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-13 06:46 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-13 06:46 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-13 06:46 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-13 06:46 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-13 06:46 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-13 06:46 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 00:58 - 2014-02-01 04:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

Some content of TEMP:
====================
C:\Users\Tonya\AppData\Local\Temp\6_Offer_19.exe
C:\Users\Tonya\AppData\Local\Temp\BackupSetup.exe
C:\Users\Tonya\AppData\Local\Temp\DM1393839337.exe
C:\Users\Tonya\AppData\Local\Temp\nsk5680.exe
C:\Users\Tonya\AppData\Local\Temp\nsk598D.exe
C:\Users\Tonya\AppData\Local\Temp\nsk9329.exe
C:\Users\Tonya\AppData\Local\Temp\nsp5C1D.exe
C:\Users\Tonya\AppData\Local\Temp\nsu958A.exe
C:\Users\Tonya\AppData\Local\Temp\nsz90C7.exe
C:\Users\Tonya\AppData\Local\Temp\SearchProtectINT.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-03 21:12

==================== End Of Log ============================

[pystryker]

Wow, quite a bit of new adware here. Let's get to clearing it away.


Step 1: Uninstall a Program and FRST Fix

Please uinstall the following program from your computer:

Advance System Protector

After that:

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt

Start
Task: {9F6B869D-9872-4A2D-B27D-E65BBE70648F} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-02-28] (Systweak) <==== ATTENTION
Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12594 - Systweak Software) <==== ATTENTION
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Program Files\Level Quality Watcher
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\Run: [Ewkemygayflyra] - C:\Users\Tonya\AppData\Roaming\Foyrmulo\xihepo.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
C:\PROGRA~2\SearchProtect
Startup: C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
C:\Program Files (x86)\MyPC Backup
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...GaTHU-UWyKNa8Vc,
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [710976 2014-01-27] ()
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 Update PlurPush; "C:\Program Files (x86)\PlurPush\updatePlurPush.exe" [X]
S2 Util PlurPush; "C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe" [X]
C:\Program Files (x86)\PlurPush
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\xdfmjlwf.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\prcswgxt.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\oeuehmkg.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\fqicqolt.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\skhfbkcm.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\puqhghcs.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\nvqtgrgj.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\nglscrjo.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\jgudehox.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\gamnbprj.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\bfmelspa.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\ajcpvvoe.exe
2014-03-03 17:27 - 2014-03-03 17:27 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-03 04:38 - 2014-03-03 04:38 - 00001969 _____ () C:\Users\Tonya\Desktop\Sync Folder.lnk
2014-03-03 04:38 - 2014-03-03 04:38 - 00000000 ____D () C:\ProgramData\Systweak
2014-03-03 04:38 - 2014-03-03 04:38 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-03-03 04:37 - 2014-03-06 21:16 - 18801370 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-03-03 04:37 - 2014-03-05 20:53 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Systweak
2014-03-03 04:37 - 2014-03-03 04:38 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-03-03 04:37 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-03-03 04:36 - 2014-03-03 04:36 - 00000000 ____D () C:\Users\Tonya\AppData\Local\SearchProtect
2014-03-06 20:56 - 2014-03-03 04:38 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop

• Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  
• Close any open windows or browsers.
  
• Pause your Anti-Virus program if it is running.
  
• Once it starts, click on the Scan button.
  
• Let the scan complete itself. This may take a few minutes.
  
• Once the scan has finished, "Pending, uncheck elements you don't want to remove."
  click the Clean button. When finished, it will ask to reboot. Please reboot.
  
• When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  
• Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.

This report is also saved at C:\AdwCleaner[R0].txt

Step 3: Junkware Removal Tool


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 4: Download TFC

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 5: FRST Scan


Start FRST again, and press the scan button. Please post the log it will produce.


Things I need to see in your next post:

FRST Fix Log

AdwCleaner Log

Junkware Removal Tool Log

FRST Scan Log

[gmcube]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-03-2014
Ran by Tonya at 2014-03-06 22:35:05 Run:1
Running from C:\Users\Tonya\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Task: {9F6B869D-9872-4A2D-B27D-E65BBE70648F} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-02-28] (Systweak) <==== ATTENTION
Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12594 - Systweak Software) <==== ATTENTION
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Program Files\Level Quality Watcher
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\Run: [Ewkemygayflyra] - C:\Users\Tonya\AppData\Roaming\Foyrmulo\xihepo.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
C:\PROGRA~2\SearchProtect
Startup: C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
C:\Program Files (x86)\MyPC Backup
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...GaTHU-UWyKNa8Vc,
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [710976 2014-01-27] ()
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 Update PlurPush; "C:\Program Files (x86)\PlurPush\updatePlurPush.exe" [X]
S2 Util PlurPush; "C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe" [X]
C:\Program Files (x86)\PlurPush
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\xdfmjlwf.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\prcswgxt.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\oeuehmkg.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\fqicqolt.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\skhfbkcm.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\puqhghcs.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\nvqtgrgj.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\nglscrjo.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\jgudehox.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\gamnbprj.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\bfmelspa.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\ajcpvvoe.exe
2014-03-03 17:27 - 2014-03-03 17:27 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-03 04:38 - 2014-03-03 04:38 - 00001969 _____ () C:\Users\Tonya\Desktop\Sync Folder.lnk
2014-03-03 04:38 - 2014-03-03 04:38 - 00000000 ____D () C:\ProgramData\Systweak
2014-03-03 04:38 - 2014-03-03 04:38 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-03-03 04:37 - 2014-03-06 21:16 - 18801370 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-03-03 04:37 - 2014-03-05 20:53 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Systweak
2014-03-03 04:37 - 2014-03-03 04:38 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-03-03 04:37 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-03-03 04:36 - 2014-03-03 04:36 - 00000000 ____D () C:\Users\Tonya\AppData\Local\SearchProtect
2014-03-06 20:56 - 2014-03-03 04:38 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
End
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F6B869D-9872-4A2D-B27D-E65BBE70648F} => Key not found.
C:\Windows\System32\Tasks\Advanced System Protector_startup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup => Key not found.
[2484] C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe => Process closed successfully.
C:\Program Files\Level Quality Watcher => Moved successfully.
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ewkemygayflyra => Value deleted successfully.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" => Value Data removed successfully.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully.
"C:\PROGRA~2\SearchProtect" => File/Directory not found.
C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe => Moved successfully.
C:\Program Files (x86)\MyPC Backup => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
Level Quality Watcher => Service deleted successfully.
CltMngSvc => Service deleted successfully.
Update PlurPush => Service deleted successfully.
Util PlurPush => Service deleted successfully.
"C:\Program Files (x86)\PlurPush" => File/Directory not found.
C:\Users\Tonya\AppData\Local\xdfmjlwf.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\prcswgxt.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\oeuehmkg.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\fqicqolt.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\skhfbkcm.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\puqhghcs.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\nvqtgrgj.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\nglscrjo.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\jgudehox.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\gamnbprj.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\bfmelspa.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\ajcpvvoe.exe => Moved successfully.
C:\Program Files\SavingsBull => Moved successfully.
C:\Users\Tonya\Desktop\Sync Folder.lnk => Moved successfully.
"C:\ProgramData\Systweak" => File/Directory not found.
"C:\Program Files (x86)\Advanced System Protector" => File/Directory not found.
C:\Windows\system32\SavingsBullFilterService.log => Moved successfully.
C:\Users\Tonya\AppData\Roaming\Systweak => Moved successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup => Moved successfully.
"C:\Program Files\Level Quality Watcher" => File/Directory not found.
C:\Program Files (x86)\SavingsBull => Moved successfully.
C:\Windows\system32\roboot64.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\SearchProtect => Moved successfully.
"C:\Windows\System32\Tasks\Advanced System Protector_startup" => File/Directory not found.

==== End of Fixlog ====




# AdwCleaner v3.020 - Report created 06/03/2014 at 23:08:44
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tonya - TONYA-PC
# Running from : C:\Users\Tonya\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BackupStack

***** [ Files / Folders ] *****

File Found : C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\f6d0vu46.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\SearchProtectINT
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\SearchProtectINT
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\Software\systweak
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTdd5u1zjHwLRUGO-4InnQxQ65n1FDo0NGxZtsQxCRmPhGc44XFTPzr5mmu6AU1ZzbAro3Rp_IUymDVBB8c2lWd9gxMDS4_M6QnklnY5FfRfNMF8M-KGQsBXagRtSMuwst3vsZONuzOy4iGk,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTdd5u1zjHwLRUGO-4InnQxQ65n1FDo0NGxZtsQxCRmPhGc44XFTPzr5mmu6AU1ZzbAro3Rp_IUymDVBB8c2lWd9gxMDS4_M6QnklnY5FfRfNMF8M-KGQsBXagRtSMuwst3vsZONuzOy4iGk,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTdd5u1zjHwLRUGO-4InnQxQ65n1FDo0NGxZtsQxCRmPhGc44XFTPzr5mmu6AU1ZzbAro3Rp_IUymDVBB8c2lWd9gxMDS4_M6QnklnY5FfRfNMF8M-KGQsBXagRtSMuwst3vsZONuzOy4iGk,&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTdd5u1zjHwLRUGO-4InnQxQ65n1FDo0NGxZtsQxCRmPhGc44XFTPzr5mmu6AU1ZzbAro3Rp_IUymDVBB8c2lWd9gxMDS4_M6QnklnY5FfRfNMF8M-KGQsBXagRtSMuwst3vsZONuzOy4iG4,&q={searchTerms}

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\f6d0vu46.default\prefs.js ]

Line Found : user_pref("extensions.helperbar.BackPageActive", true);
Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Found : user_pref("extensions.helperbar.Visibility", true);
Line Found : user_pref("extensions.helperbar.backPageCapacity", 3);
Line Found : user_pref("extensions.helperbar.backPageCounter", 0);
Line Found : user_pref("extensions.helperbar.backPageDay", 3);
Line Found : user_pref("extensions.helperbar.backPageLastEvent", "1393667142248");
Line Found : user_pref("extensions.helperbar.backPageMinInterval", 15);
Line Found : user_pref("extensions.helperbar.barcodeid", "127714");
Line Found : user_pref("extensions.helperbar.countryiso", "us");
Line Found : user_pref("extensions.helperbar.downloadprovider", "ry_1955_ch");
Line Found : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[]\"}");
Line Found : user_pref("extensions.helperbar.fromautoupdate", "false");
Line Found : user_pref("extensions.helperbar.installationid", "c3c19181-20e2-3f99-03e2-fe650494797e");
Line Found : user_pref("extensions.helperbar.installdate", "03/03/2014");
Line Found : user_pref("extensions.helperbar.keepAliveLastevent", "1393839913");
Line Found : user_pref("extensions.helperbar.lastExternalJsUpdate", "1393839942309");
Line Found : user_pref("extensions.helperbar.publisher", "shoppinghelper");

-\\ Google Chrome v

[ File : C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [585 octets] - [06/03/2014 22:42:34]
AdwCleaner[R1].txt - [269 octets] - [06/03/2014 22:58:09]
AdwCleaner[R2].txt - [269 octets] - [06/03/2014 23:07:07]
AdwCleaner[R3].txt - [4692 octets] - [06/03/2014 23:08:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [4752 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tonya on Thu 03/06/2014 at 23:22:27.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\smartbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\smartbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{0280B34A-C5E1-42D4-8F07-1010F54B51C7}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{0655FC0A-3DA7-472B-94D2-9EB4ACEC14EB}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{069776A5-9D05-4848-BD05-B8AC1ECBA990}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{0AAD6227-C946-4269-BE46-99329916E68F}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{11D7ED27-668A-4FA9-A19F-01DE6BEEC473}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{135C4BCC-6F96-4A6E-A630-B5F1D4E9ECCE}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{17777D34-4F52-4A6F-AD78-9C43C3FA1DD8}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{1E37664C-1360-40EB-AA2D-1B48E767E09E}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{21708A21-3D7A-4945-A92F-87EF7D2EC357}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{2352F15F-9908-4549-99A1-82D9DF623738}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{2C024F0A-F2EF-489D-8CC1-22508DABC33E}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{31EC6E7E-50D7-4742-BE38-6AD09512753D}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{330D23A6-786A-4FD6-B7FE-423B64A15CAE}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{401EB194-62D3-4CCD-B27F-17BFFFE91F7D}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{431B8EA5-8232-4019-B9EA-09CC022F7AF3}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{4466CC34-3921-4837-933E-8B3CD3C23DB6}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{4F5820E5-1159-4A0F-8730-3FD0E98161F4}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{52A5F9AC-E275-4E16-9381-13AF3F8FCD60}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{7A86DED2-D56F-4555-85C3-EC9980FD8936}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{819E27AA-E455-4E51-9A2A-01757F833A1B}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{8566C7E7-FFB1-4BE9-8032-26A510A6328A}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{8ADFC674-9FF5-4874-B08E-E755AEC68740}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{8BBE730B-4BCF-4AF6-AFBD-C65AF5E401FA}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{916F8186-C427-4DA9-BFC4-40FE3A786C52}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{91A6F162-D176-47EA-B383-5119C2DBC840}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{9F8ABECB-1375-4739-B2D0-5E65E9F2E577}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{9F922853-16AA-4B1E-9408-15306F76E6A7}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{A495A439-20A1-4D29-B7B9-BA7FB7E6202E}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{B00B357C-30E4-4D61-A916-D71094DB557C}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{BDF3E0A3-604B-4516-A4C9-C9593179E002}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{C1124D9C-C26C-4AF7-9CBB-2CC78F628BFD}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{C2A3B9E8-2C4C-40B8-8FC8-B35C86D0C3A1}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{CBF3B682-DB74-4883-A85B-19DFECB68989}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{DBFE32DB-808F-40E1-BC1D-8217B8E4CE9B}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{E4E097E1-349A-456A-A0BE-C88096CD5679}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{EA4FDFE9-0A27-4268-ADB0-E0D48862A999}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{F03DABE0-3D8E-450B-8829-0D1B90E0E0B8}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{F4560AB0-4287-49B9-87C6-DFBE2785F813}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{FA42EF48-CD57-4E22-A514-E1ABDB1358C5}
Successfully deleted: [Empty Folder] C:\Users\Tonya\appdata\local\{FAF8E79F-8A59-44CA-AE69-5CB4DC0BBE7B}



~~~ FireFox

Successfully deleted: [File] C:\Users\Tonya\AppData\Roaming\mozilla\firefox\profiles\f6d0vu46.default\user.js
Successfully deleted the following from C:\Users\Tonya\AppData\Roaming\mozilla\firefox\profiles\f6d0vu46.default\prefs.js

user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Emptied folder: C:\Users\Tonya\AppData\Roaming\mozilla\firefox\profiles\f6d0vu46.default\minidumps [314 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/07/2014 at 0:22:45.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-03-2014
Ran by Tonya (administrator) on TONYA-PC on 06-03-2014 21:22:12
Running from C:\Users\Tonya\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(SkyHawke) C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Google Inc.) C:\Users\Tonya\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tonya\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Google Inc.) C:\Users\Tonya\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tonya\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tonya\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6245408 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CaddieSyncConduit] - C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe [2379160 2012-10-22] (SkyHawke)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\Run: [Google Update] - C:\Users\Tonya\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-11-27] (Google Inc.)
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\Run: [EPSON Stylus Photo R220 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE [211456 2006-12-25] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\Run: [Ewkemygayflyra] - C:\Users\Tonya\AppData\Roaming\Foyrmulo\xihepo.exe
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\MountPoints2: {8f918ca0-64b3-11e2-ad90-60eb692c3b3a} - G:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Startup: C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...GaTHU-UWyKNa8Vc,
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0781AD49-04B2-40C3-882C-BD396CAB1B2A} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {F4E8AB23-E333-43F2-BDAA-55F4184B1EFF} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\f6d0vu46.default
FF user.js: detected! => C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\f6d0vu46.default\user.js
FF Homepage: hxxp://xfinity.comcast.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tonya\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tonya\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\f6d0vu46.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-05]
FF Extension: Greasemonkey - C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\f6d0vu46.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-08-23]

Chrome:
=======
CHR HomePage: hxxp://xfinity.comcast.net/
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Google Update) - C:\Users\Tonya\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Entanglement Web App) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-03-26]
CHR Extension: (Poppit) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-03-26]
CHR Extension: (Google Wallet) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [710976 2014-01-27] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 Update PlurPush; "C:\Program Files (x86)\PlurPush\updatePlurPush.exe" [X]
S2 Util PlurPush; "C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-06 21:22 - 2014-03-06 21:23 - 00024083 _____ () C:\Users\Tonya\Downloads\FRST.txt
2014-03-06 21:21 - 2014-03-06 21:22 - 00000000 ____D () C:\FRST
2014-03-06 21:21 - 2014-03-06 21:21 - 02156544 _____ (Farbar) C:\Users\Tonya\Downloads\FRST64.exe
2014-03-06 21:20 - 2014-03-06 21:20 - 01145344 _____ (Farbar) C:\Users\Tonya\Downloads\FRST.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\xdfmjlwf.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\prcswgxt.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\oeuehmkg.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\fqicqolt.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\skhfbkcm.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\puqhghcs.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\nvqtgrgj.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\nglscrjo.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\jgudehox.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\gamnbprj.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\bfmelspa.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\ajcpvvoe.exe
2014-03-06 20:47 - 2014-03-06 20:47 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\AVG2014
2014-03-06 20:43 - 2014-03-06 20:43 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-06 20:41 - 2014-03-06 20:46 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-06 20:37 - 2014-03-06 20:47 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Avg2014
2014-03-06 20:36 - 2014-03-06 20:36 - 04462384 _____ (AVG Technologies) C:\Users\Tonya\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-03-05 20:46 - 2014-03-05 20:47 - 00002555 _____ () C:\DelFix.txt
2014-03-03 17:27 - 2014-03-03 17:27 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-03 05:13 - 2014-03-03 05:13 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Roxio Log Files
2014-03-03 04:48 - 2014-03-03 04:48 - 00000066 _____ () C:\Windows\GPlrLanc.dat
2014-03-03 04:38 - 2014-03-06 20:56 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-03-03 04:38 - 2014-03-03 04:38 - 00001969 _____ () C:\Users\Tonya\Desktop\Sync Folder.lnk
2014-03-03 04:38 - 2014-03-03 04:38 - 00000000 ____D () C:\ProgramData\Systweak
2014-03-03 04:38 - 2014-03-03 04:38 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-03-03 04:38 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-03-03 04:37 - 2014-03-06 21:16 - 18801370 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-03-03 04:37 - 2014-03-05 20:53 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Systweak
2014-03-03 04:37 - 2014-03-03 04:38 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 _____ () C:\Windows\system32\Service.log
2014-03-03 04:37 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-03-03 04:36 - 2014-03-03 04:36 - 00000000 ____D () C:\Users\Tonya\AppData\Local\SearchProtect
2014-03-03 04:35 - 2014-03-03 04:35 - 00108072 _____ () C:\Users\Tonya\Downloads\Adobe_Flash.exe
2014-03-03 01:28 - 2014-03-03 01:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-03 00:43 - 2014-03-03 00:43 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-03 00:43 - 2014-03-03 00:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-03 00:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 00:29 - 2014-03-03 00:29 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Malwarebytes
2014-03-03 00:29 - 2014-03-03 00:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-03 00:28 - 2014-03-03 00:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tonya\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-03-02 21:49 - 2014-03-02 21:49 - 00000000 ____D () C:\Users\Tonya\Downloads\tdsskiller
2014-03-02 21:27 - 2014-03-05 20:46 - 00000000 ____D () C:\Windows\ERUNT
2014-03-02 03:54 - 2014-03-02 03:54 - 00652144 _____ (www.file.net) C:\Users\Tonya\Downloads\top100files.exe
2014-03-01 05:09 - 2014-03-01 05:09 - 00000000 ____D () C:\ProgramData\AVG
2014-03-01 05:05 - 2014-03-01 05:05 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-01 04:56 - 2014-03-01 05:03 - 78353832 _____ (AVG) C:\Users\Tonya\Downloads\avg_tuh_stf_all_2014_295_24c28(1).exe
2014-03-01 04:56 - 2014-03-01 05:01 - 78353832 _____ (AVG) C:\Users\Tonya\Downloads\avg_tuh_stf_all_2014_295_24c28.exe
2014-03-01 02:57 - 2014-03-06 21:15 - 00272840 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 02:51 - 2014-03-06 20:53 - 00001064 _____ () C:\Windows\setupact.log
2014-03-01 02:51 - 2014-03-01 02:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-01 02:50 - 2014-03-06 20:52 - 00021476 _____ () C:\Windows\PFRO.log
2014-02-28 21:51 - 2014-02-28 21:51 - 00015508 _____ () C:\Users\Tonya\Desktop\cc_20140228_215122.reg
2014-02-28 21:32 - 2014-03-01 00:52 - 00021376 _____ () C:\Users\Tonya\Desktop\avgrep.txt
2014-02-28 21:21 - 2014-02-28 21:54 - 00000000 ____D () C:\Windows\pss
2014-02-26 03:09 - 2014-03-04 13:53 - 00077628 _____ () C:\Users\Tonya\Documents\EDU 403 CM.pptx
2014-02-26 01:56 - 2014-02-26 01:56 - 00000000 _____ () C:\Users\Tonya\AppData\Roaming\SharedSettings.ccs
2014-02-23 23:25 - 2014-02-23 23:25 - 00001120 _____ () C:\Users\Tonya\Desktop\Continue Zip Opener Installation.lnk
2014-02-15 21:22 - 2014-02-15 21:22 - 00020875 _____ () C:\Users\Tonya\Downloads\chapter overview.zip
2014-02-15 01:22 - 2014-02-15 01:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 06:50 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 06:50 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 06:46 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 06:46 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 06:46 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 06:46 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 06:46 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 06:46 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 06:46 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 06:46 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 06:46 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 06:46 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 06:46 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 06:46 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 06:46 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 06:46 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 06:46 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 06:46 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 06:46 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 06:46 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 06:46 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 06:46 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 06:46 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 06:46 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 06:46 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 06:46 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 06:46 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 06:46 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 06:46 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 06:46 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 06:46 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 06:46 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 06:46 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 06:46 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 06:46 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 06:46 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 06:46 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 06:46 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 06:46 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 06:46 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 06:46 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 20:45 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 20:45 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 20:45 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 20:45 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 20:45 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 20:45 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 20:45 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 20:45 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 20:45 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 20:45 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 20:45 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 20:45 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 20:45 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 20:45 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 20:45 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 20:45 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 20:45 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 20:45 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 20:45 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 20:45 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 20:45 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 20:45 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 20:45 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 20:45 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 20:44 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 20:44 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 20:44 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 20:44 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 22:49 - 2014-02-11 22:49 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-09 22:17 - 2014-03-06 20:54 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-09 22:17 - 2014-03-06 20:29 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-09 22:17 - 2014-03-02 22:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-09 22:17 - 2014-02-13 20:24 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-09 22:17 - 2014-02-13 20:24 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-09 22:16 - 2014-02-09 22:16 - 00847312 _____ (Google Inc.) C:\Users\Tonya\Downloads\GoogleEarthSetup.exe

==================== One Month Modified Files and Folders =======

2014-03-06 21:23 - 2014-03-06 21:22 - 00024083 _____ () C:\Users\Tonya\Downloads\FRST.txt
2014-03-06 21:22 - 2014-03-06 21:21 - 00000000 ____D () C:\FRST
2014-03-06 21:21 - 2014-03-06 21:21 - 02156544 _____ (Farbar) C:\Users\Tonya\Downloads\FRST64.exe
2014-03-06 21:20 - 2014-03-06 21:20 - 01145344 _____ (Farbar) C:\Users\Tonya\Downloads\FRST.exe
2014-03-06 21:16 - 2014-03-03 04:37 - 18801370 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-03-06 21:15 - 2014-03-01 02:57 - 00272840 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 21:10 - 2010-11-28 04:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\xdfmjlwf.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\prcswgxt.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\oeuehmkg.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\fqicqolt.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\skhfbkcm.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\puqhghcs.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\nvqtgrgj.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\nglscrjo.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\jgudehox.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\gamnbprj.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\bfmelspa.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\ajcpvvoe.exe
2014-03-06 21:09 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 21:08 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 20:56 - 2014-03-03 04:38 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-03-06 20:54 - 2014-02-09 22:17 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-06 20:54 - 2013-06-07 14:17 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-03-06 20:54 - 2013-06-02 16:24 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-03-06 20:53 - 2014-03-01 02:51 - 00001064 _____ () C:\Windows\setupact.log
2014-03-06 20:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 20:52 - 2014-03-01 02:50 - 00021476 _____ () C:\Windows\PFRO.log
2014-03-06 20:52 - 2009-07-13 23:45 - 01004896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-06 20:50 - 2010-11-28 04:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-06 20:50 - 2010-11-27 03:41 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000UA.job
2014-03-06 20:47 - 2014-03-06 20:47 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\AVG2014
2014-03-06 20:47 - 2014-03-06 20:37 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Avg2014
2014-03-06 20:47 - 2012-05-04 10:53 - 00000000 ___HD () C:\$AVG
2014-03-06 20:46 - 2014-03-06 20:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-06 20:46 - 2012-10-08 12:40 - 00000000 ____D () C:\ProgramData\AVG2013
2014-03-06 20:43 - 2014-03-06 20:43 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-06 20:36 - 2014-03-06 20:36 - 04462384 _____ (AVG Technologies) C:\Users\Tonya\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-03-06 20:29 - 2014-02-09 22:17 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-06 20:26 - 2012-07-22 21:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-06 00:02 - 2010-11-27 03:41 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000Core.job
2014-03-05 20:53 - 2014-03-03 04:37 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Systweak
2014-03-05 20:47 - 2014-03-05 20:46 - 00002555 _____ () C:\DelFix.txt
2014-03-05 20:46 - 2014-03-02 21:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-05 01:52 - 2010-11-27 05:20 - 00333080 _____ () C:\Users\Tonya\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-04 20:18 - 2014-01-01 17:52 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTonya
2014-03-04 20:18 - 2014-01-01 17:52 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForTonya.job
2014-03-04 15:09 - 2010-11-27 03:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-04 13:53 - 2014-02-26 03:09 - 00077628 _____ () C:\Users\Tonya\Documents\EDU 403 CM.pptx
2014-03-04 11:06 - 2010-11-27 03:41 - 00002364 _____ () C:\Users\Tonya\Desktop\Google Chrome.lnk
2014-03-03 17:27 - 2014-03-03 17:27 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-03 05:16 - 2010-07-10 21:01 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-03-03 05:13 - 2014-03-03 05:13 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Roxio Log Files
2014-03-03 05:07 - 2010-07-10 21:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-03 04:58 - 2010-07-08 03:44 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-03-03 04:57 - 2010-07-08 03:44 - 00000000 ____D () C:\ProgramData\WildTangent
2014-03-03 04:49 - 2010-12-01 17:18 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Adobe
2014-03-03 04:48 - 2014-03-03 04:48 - 00000066 _____ () C:\Windows\GPlrLanc.dat
2014-03-03 04:38 - 2014-03-03 04:38 - 00001969 _____ () C:\Users\Tonya\Desktop\Sync Folder.lnk
2014-03-03 04:38 - 2014-03-03 04:38 - 00000000 ____D () C:\ProgramData\Systweak
2014-03-03 04:38 - 2014-03-03 04:38 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-03-03 04:38 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 _____ () C:\Windows\system32\Service.log
2014-03-03 04:37 - 2010-11-27 05:21 - 00000000 ___RD () C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-03 04:36 - 2014-03-03 04:36 - 00000000 ____D () C:\Users\Tonya\AppData\Local\SearchProtect
2014-03-03 04:35 - 2014-03-03 04:35 - 00108072 _____ () C:\Users\Tonya\Downloads\Adobe_Flash.exe
2014-03-03 01:28 - 2014-03-03 01:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-03 00:43 - 2014-03-03 00:43 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-03 00:43 - 2014-03-03 00:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-03 00:29 - 2014-03-03 00:29 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Malwarebytes
2014-03-03 00:29 - 2014-03-03 00:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-03 00:28 - 2014-03-03 00:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tonya\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-03-02 23:45 - 2013-06-19 13:15 - 00066048 ___SH () C:\Users\Tonya\Desktop\Thumbs.db
2014-03-02 22:58 - 2010-07-10 22:21 - 00000000 ____D () C:\ProgramData\Skype
2014-03-02 22:57 - 2012-08-28 21:42 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Skype
2014-03-02 22:27 - 2014-02-09 22:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-02 21:49 - 2014-03-02 21:49 - 00000000 ____D () C:\Users\Tonya\Downloads\tdsskiller
2014-03-02 03:54 - 2014-03-02 03:54 - 00652144 _____ (www.file.net) C:\Users\Tonya\Downloads\top100files.exe
2014-03-01 05:09 - 2014-03-01 05:09 - 00000000 ____D () C:\ProgramData\AVG
2014-03-01 05:05 - 2014-03-01 05:05 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-01 05:03 - 2014-03-01 04:56 - 78353832 _____ (AVG) C:\Users\Tonya\Downloads\avg_tuh_stf_all_2014_295_24c28(1).exe
2014-03-01 05:01 - 2014-03-01 04:56 - 78353832 _____ (AVG) C:\Users\Tonya\Downloads\avg_tuh_stf_all_2014_295_24c28.exe
2014-03-01 03:39 - 2014-02-01 04:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-01 02:51 - 2014-03-01 02:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-01 00:52 - 2014-02-28 21:32 - 00021376 _____ () C:\Users\Tonya\Desktop\avgrep.txt
2014-02-28 21:54 - 2014-02-28 21:21 - 00000000 ____D () C:\Windows\pss
2014-02-28 21:51 - 2014-02-28 21:51 - 00015508 _____ () C:\Users\Tonya\Desktop\cc_20140228_215122.reg
2014-02-28 21:39 - 2010-07-08 03:42 - 00000000 ____D () C:\ProgramData\Norton
2014-02-28 21:29 - 2014-01-31 15:49 - 00000000 ____D () C:\Program Files\HijackThis
2014-02-27 17:22 - 2010-12-09 00:59 - 00788408 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 17:22 - 2009-07-14 00:13 - 00788408 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 01:56 - 2014-02-26 01:56 - 00000000 _____ () C:\Users\Tonya\AppData\Roaming\SharedSettings.ccs
2014-02-23 23:25 - 2014-02-23 23:25 - 00001120 _____ () C:\Users\Tonya\Desktop\Continue Zip Opener Installation.lnk
2014-02-23 16:41 - 2011-01-09 20:09 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-20 21:26 - 2012-07-22 21:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 21:26 - 2012-07-22 21:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 21:26 - 2011-06-28 13:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-18 20:01 - 2014-01-06 18:23 - 00003610 _____ () C:\Windows\System32\Tasks\Norton Security Scan for Tonya
2014-02-16 03:04 - 2013-08-14 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:00 - 2010-11-28 04:46 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 02:02 - 2012-05-04 01:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 21:22 - 2014-02-15 21:22 - 00020875 _____ () C:\Users\Tonya\Downloads\chapter overview.zip
2014-02-15 16:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-02-15 01:22 - 2014-02-15 01:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 20:24 - 2014-02-09 22:17 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 20:24 - 2014-02-09 22:17 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 22:49 - 2014-02-11 22:49 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-11 22:45 - 2010-11-27 03:41 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000UA
2014-02-11 22:45 - 2010-11-27 03:41 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000Core
2014-02-09 22:18 - 2010-11-27 03:41 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Google
2014-02-09 22:16 - 2014-02-09 22:16 - 00847312 _____ (Google Inc.) C:\Users\Tonya\Downloads\GoogleEarthSetup.exe
2014-02-06 07:16 - 2014-02-13 06:46 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-13 06:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-13 06:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-13 06:46 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-13 06:46 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-13 06:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-13 06:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-13 06:46 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 05:52 - 2014-02-13 06:46 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 05:49 - 2014-02-13 06:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-13 06:46 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-13 06:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-13 06:46 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-13 06:46 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-13 06:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-13 06:46 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 05:11 - 2014-02-13 06:46 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-13 06:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-13 06:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-13 06:46 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-13 06:46 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-13 06:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-13 06:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-13 06:46 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 04:49 - 2014-02-13 06:46 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 04:47 - 2014-02-13 06:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-13 06:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-13 06:46 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-13 06:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-13 06:46 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 04:22 - 2014-02-13 06:46 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-13 06:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-13 06:46 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-13 06:46 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-13 06:46 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-13 06:46 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-13 06:46 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-13 06:46 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-13 06:46 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 00:58 - 2014-02-01 04:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

Some content of TEMP:
====================
C:\Users\Tonya\AppData\Local\Temp\6_Offer_19.exe
C:\Users\Tonya\AppData\Local\Temp\BackupSetup.exe
C:\Users\Tonya\AppData\Local\Temp\DM1393839337.exe
C:\Users\Tonya\AppData\Local\Temp\nsk5680.exe
C:\Users\Tonya\AppData\Local\Temp\nsk598D.exe
C:\Users\Tonya\AppData\Local\Temp\nsk9329.exe
C:\Users\Tonya\AppData\Local\Temp\nsp5C1D.exe
C:\Users\Tonya\AppData\Local\Temp\nsu958A.exe
C:\Users\Tonya\AppData\Local\Temp\nsz90C7.exe
C:\Users\Tonya\AppData\Local\Temp\SearchProtectINT.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-03 21:12

==================== End Of Log ============================



I may have gotten mixed up with two similiar sounding fixlogs, so heres the other on just in case.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-03-2014
Ran by Tonya at 2014-03-06 22:35:05 Run:1
Running from C:\Users\Tonya\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Task: {9F6B869D-9872-4A2D-B27D-E65BBE70648F} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-02-28] (Systweak) <==== ATTENTION
Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12594 - Systweak Software) <==== ATTENTION
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Program Files\Level Quality Watcher
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\Run: [Ewkemygayflyra] - C:\Users\Tonya\AppData\Roaming\Foyrmulo\xihepo.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
C:\PROGRA~2\SearchProtect
Startup: C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
C:\Program Files (x86)\MyPC Backup
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...GaTHU-UWyKNa8Vc,
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [710976 2014-01-27] ()
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 Update PlurPush; "C:\Program Files (x86)\PlurPush\updatePlurPush.exe" [X]
S2 Util PlurPush; "C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe" [X]
C:\Program Files (x86)\PlurPush
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\xdfmjlwf.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\prcswgxt.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\oeuehmkg.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00115560 _____ () C:\Users\Tonya\AppData\Local\fqicqolt.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\skhfbkcm.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\puqhghcs.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\nvqtgrgj.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\nglscrjo.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\jgudehox.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\gamnbprj.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\bfmelspa.exe
2014-03-06 21:09 - 2014-03-06 21:09 - 00095080 _____ () C:\Users\Tonya\AppData\Local\ajcpvvoe.exe
2014-03-03 17:27 - 2014-03-03 17:27 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-03 04:38 - 2014-03-03 04:38 - 00001969 _____ () C:\Users\Tonya\Desktop\Sync Folder.lnk
2014-03-03 04:38 - 2014-03-03 04:38 - 00000000 ____D () C:\ProgramData\Systweak
2014-03-03 04:38 - 2014-03-03 04:38 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-03-03 04:37 - 2014-03-06 21:16 - 18801370 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-03-03 04:37 - 2014-03-05 20:53 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Systweak
2014-03-03 04:37 - 2014-03-03 04:38 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-03-03 04:37 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-03-03 04:36 - 2014-03-03 04:36 - 00000000 ____D () C:\Users\Tonya\AppData\Local\SearchProtect
2014-03-06 20:56 - 2014-03-03 04:38 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
End
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F6B869D-9872-4A2D-B27D-E65BBE70648F} => Key not found.
C:\Windows\System32\Tasks\Advanced System Protector_startup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup => Key not found.
[2484] C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe => Process closed successfully.
C:\Program Files\Level Quality Watcher => Moved successfully.
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ewkemygayflyra => Value deleted successfully.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" => Value Data removed successfully.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully.
"C:\PROGRA~2\SearchProtect" => File/Directory not found.
C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe => Moved successfully.
C:\Program Files (x86)\MyPC Backup => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
Level Quality Watcher => Service deleted successfully.
CltMngSvc => Service deleted successfully.
Update PlurPush => Service deleted successfully.
Util PlurPush => Service deleted successfully.
"C:\Program Files (x86)\PlurPush" => File/Directory not found.
C:\Users\Tonya\AppData\Local\xdfmjlwf.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\prcswgxt.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\oeuehmkg.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\fqicqolt.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\skhfbkcm.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\puqhghcs.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\nvqtgrgj.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\nglscrjo.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\jgudehox.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\gamnbprj.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\bfmelspa.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\ajcpvvoe.exe => Moved successfully.
C:\Program Files\SavingsBull => Moved successfully.
C:\Users\Tonya\Desktop\Sync Folder.lnk => Moved successfully.
"C:\ProgramData\Systweak" => File/Directory not found.
"C:\Program Files (x86)\Advanced System Protector" => File/Directory not found.
C:\Windows\system32\SavingsBullFilterService.log => Moved successfully.
C:\Users\Tonya\AppData\Roaming\Systweak => Moved successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup => Moved successfully.
"C:\Program Files\Level Quality Watcher" => File/Directory not found.
C:\Program Files (x86)\SavingsBull => Moved successfully.
C:\Windows\system32\roboot64.exe => Moved successfully.
C:\Users\Tonya\AppData\Local\SearchProtect => Moved successfully.
"C:\Windows\System32\Tasks\Advanced System Protector_startup" => File/Directory not found.

==== End of Fixlog ====




Edit: whoops, I forgot to reboot before that last first scan. give me a minute, I'll edit the new log in.



Ok, heres a fresh first log from a post reboot scan.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-03-2014
Ran by Tonya (administrator) on TONYA-PC on 07-03-2014 01:13:50
Running from C:\Users\Tonya\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(SkyHawke) C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6245408 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CaddieSyncConduit] - C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe [2379160 2012-10-22] (SkyHawke)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\Run: [Google Update] - C:\Users\Tonya\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-11-27] (Google Inc.)
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\Run: [EPSON Stylus Photo R220 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE [211456 2006-12-25] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3790915449-1485846204-445597675-1000\...\MountPoints2: {8f918ca0-64b3-11e2-ad90-60eb692c3b3a} - G:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0781AD49-04B2-40C3-882C-BD396CAB1B2A} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {F4E8AB23-E333-43F2-BDAA-55F4184B1EFF} URL = http://en.wikipedia....h={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\f6d0vu46.default
FF Homepage: hxxp://xfinity.comcast.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_154.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_154.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tonya\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tonya\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\f6d0vu46.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-05]
FF Extension: Greasemonkey - C:\Users\Tonya\AppData\Roaming\Mozilla\Firefox\Profiles\f6d0vu46.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-08-23]

Chrome:
=======
CHR HomePage: hxxp://xfinity.comcast.net/
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Users\Tonya\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Google Update) - C:\Users\Tonya\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Entanglement Web App) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-03-26]
CHR Extension: (Poppit) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-03-26]
CHR Extension: (Google Wallet) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-07 01:13 - 2014-03-07 01:13 - 00020218 _____ () C:\Users\Tonya\Desktop\FRST.txt
2014-03-07 00:53 - 2014-03-07 00:53 - 00448512 _____ (OldTimer Tools) C:\Users\Tonya\Downloads\TFC.exe
2014-03-07 00:22 - 2014-03-07 00:22 - 00006592 _____ () C:\Users\Tonya\Desktop\JRT.txt
2014-03-06 23:22 - 2014-03-06 23:22 - 00448512 _____ (OldTimer Tools) C:\Users\Tonya\Desktop\TFC.exe
2014-03-06 23:21 - 2014-03-06 23:21 - 01037734 _____ (Thisisu) C:\Users\Tonya\Desktop\JRT.exe
2014-03-06 23:01 - 2014-03-07 01:09 - 00000112 _____ () C:\Windows\setupact.log
2014-03-06 23:01 - 2014-03-06 23:01 - 00000524 _____ () C:\Windows\PFRO.log
2014-03-06 23:01 - 2014-03-06 23:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-06 22:42 - 2014-03-06 23:15 - 00000000 ____D () C:\AdwCleaner
2014-03-06 22:37 - 2014-03-06 22:37 - 01244192 _____ () C:\Users\Tonya\Desktop\adwcleaner.exe
2014-03-06 22:30 - 2014-03-06 22:30 - 00001188 _____ () C:\Users\Tonya\Desktop\Live PC Help.lnk
2014-03-06 21:50 - 2014-03-06 21:49 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-06 21:49 - 2014-03-06 21:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-06 21:49 - 2014-03-06 21:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-06 21:49 - 2014-03-06 21:49 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-06 21:41 - 2014-03-06 21:42 - 62839880 _____ (Safer-Networking Ltd. ) C:\Users\Tonya\Downloads\spybot-2.3-beta1.exe
2014-03-06 21:41 - 2014-03-06 21:41 - 30796712 _____ (Oracle Corporation) C:\Users\Tonya\Downloads\jre-7u51-windows-x64.exe
2014-03-06 21:38 - 2014-03-06 21:38 - 04765152 _____ (Piriform Ltd) C:\Users\Tonya\Downloads\ccsetup411.exe
2014-03-06 21:35 - 2014-03-06 21:35 - 17917104 _____ (Adobe Systems Incorporated) C:\Users\Tonya\Downloads\flashplayer13_install_win_pi.exe
2014-03-06 21:33 - 2014-03-06 21:33 - 00001959 _____ () C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-03-06 21:33 - 2014-03-06 21:33 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-03-06 21:32 - 2014-03-06 21:32 - 00264757 _____ () C:\Users\Tonya\Downloads\FHSetup.exe
2014-03-06 21:25 - 2014-03-06 21:29 - 00047967 _____ () C:\Users\Tonya\Downloads\Addition.txt
2014-03-06 21:22 - 2014-03-06 21:29 - 00056540 _____ () C:\Users\Tonya\Downloads\FRST.txt
2014-03-06 21:21 - 2014-03-07 01:13 - 00000000 ____D () C:\FRST
2014-03-06 21:21 - 2014-03-06 21:21 - 02156544 _____ (Farbar) C:\Users\Tonya\Desktop\FRST64.exe
2014-03-06 21:20 - 2014-03-06 21:20 - 01145344 _____ (Farbar) C:\Users\Tonya\Downloads\FRST.exe
2014-03-06 20:47 - 2014-03-06 20:47 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\AVG2014
2014-03-06 20:43 - 2014-03-06 20:43 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-06 20:41 - 2014-03-06 20:46 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-06 20:37 - 2014-03-06 22:01 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Avg2014
2014-03-06 20:36 - 2014-03-06 20:36 - 04462384 _____ (AVG Technologies) C:\Users\Tonya\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-03-05 20:46 - 2014-03-05 20:47 - 00002555 _____ () C:\DelFix.txt
2014-03-03 05:13 - 2014-03-03 05:13 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Roxio Log Files
2014-03-03 04:48 - 2014-03-03 04:48 - 00000066 _____ () C:\Windows\GPlrLanc.dat
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 _____ () C:\Windows\system32\Service.log
2014-03-03 04:35 - 2014-03-03 04:35 - 00108072 _____ () C:\Users\Tonya\Downloads\Adobe_Flash.exe
2014-03-03 01:28 - 2014-03-03 01:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-03 00:43 - 2014-03-03 00:43 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-03 00:43 - 2014-03-03 00:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-03 00:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 00:29 - 2014-03-03 00:29 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Malwarebytes
2014-03-03 00:29 - 2014-03-03 00:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-03 00:28 - 2014-03-03 00:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tonya\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-03-02 21:49 - 2014-03-02 21:49 - 00000000 ____D () C:\Users\Tonya\Downloads\tdsskiller
2014-03-02 21:27 - 2014-03-05 20:46 - 00000000 ____D () C:\Windows\ERUNT
2014-03-02 03:54 - 2014-03-02 03:54 - 00652144 _____ (www.file.net) C:\Users\Tonya\Downloads\top100files.exe
2014-03-01 05:09 - 2014-03-01 05:09 - 00000000 ____D () C:\ProgramData\AVG
2014-03-01 05:05 - 2014-03-01 05:05 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-01 04:56 - 2014-03-01 05:03 - 78353832 _____ (AVG) C:\Users\Tonya\Downloads\avg_tuh_stf_all_2014_295_24c28(1).exe
2014-03-01 04:56 - 2014-03-01 05:01 - 78353832 _____ (AVG) C:\Users\Tonya\Downloads\avg_tuh_stf_all_2014_295_24c28.exe
2014-03-01 02:57 - 2014-03-07 01:08 - 00285459 _____ () C:\Windows\WindowsUpdate.log
2014-02-28 21:51 - 2014-02-28 21:51 - 00015508 _____ () C:\Users\Tonya\Desktop\cc_20140228_215122.reg
2014-02-28 21:32 - 2014-03-01 00:52 - 00021376 _____ () C:\Users\Tonya\Desktop\avgrep.txt
2014-02-28 21:21 - 2014-02-28 21:54 - 00000000 ____D () C:\Windows\pss
2014-02-26 03:09 - 2014-03-04 13:53 - 00077628 _____ () C:\Users\Tonya\Documents\EDU 403 CM.pptx
2014-02-26 01:56 - 2014-02-26 01:56 - 00000000 _____ () C:\Users\Tonya\AppData\Roaming\SharedSettings.ccs
2014-02-23 23:25 - 2014-02-23 23:25 - 00001120 _____ () C:\Users\Tonya\Desktop\Continue Zip Opener Installation.lnk
2014-02-15 21:22 - 2014-02-15 21:22 - 00020875 _____ () C:\Users\Tonya\Downloads\chapter overview.zip
2014-02-15 01:22 - 2014-02-15 01:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 06:50 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 06:50 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 06:46 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 06:46 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 06:46 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 06:46 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 06:46 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 06:46 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 06:46 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 06:46 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 06:46 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 06:46 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 06:46 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 06:46 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 06:46 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 06:46 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 06:46 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 06:46 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 06:46 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 06:46 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 06:46 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 06:46 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 06:46 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 06:46 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 06:46 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 06:46 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 06:46 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 06:46 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 06:46 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 06:46 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 06:46 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 06:46 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 06:46 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 06:46 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 06:46 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 06:46 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 06:46 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 06:46 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 06:46 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 06:46 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 06:46 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 20:45 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 20:45 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 20:45 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 20:45 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 20:45 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 20:45 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 20:45 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 20:45 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 20:45 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 20:45 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 20:45 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 20:45 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 20:45 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 20:45 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 20:45 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 20:45 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 20:45 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 20:45 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 20:45 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 20:45 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 20:45 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 20:45 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 20:45 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 20:45 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 20:44 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 20:44 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 20:44 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 20:44 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 22:49 - 2014-02-11 22:49 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-09 22:17 - 2014-03-07 01:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-09 22:17 - 2014-03-07 00:29 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-09 22:17 - 2014-03-02 22:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-09 22:17 - 2014-02-13 20:24 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-09 22:17 - 2014-02-13 20:24 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-09 22:16 - 2014-02-09 22:16 - 00847312 _____ (Google Inc.) C:\Users\Tonya\Downloads\GoogleEarthSetup.exe

==================== One Month Modified Files and Folders =======

2014-03-07 01:14 - 2014-03-07 01:13 - 00020218 _____ () C:\Users\Tonya\Desktop\FRST.txt
2014-03-07 01:14 - 2014-03-01 02:57 - 00285459 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 01:13 - 2014-03-06 21:21 - 00000000 ____D () C:\FRST
2014-03-07 01:10 - 2014-02-09 22:17 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-07 01:10 - 2013-06-07 14:17 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-03-07 01:10 - 2013-06-02 16:24 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-03-07 01:09 - 2014-03-06 23:01 - 00000112 _____ () C:\Windows\setupact.log
2014-03-07 01:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 00:53 - 2014-03-07 00:53 - 00448512 _____ (OldTimer Tools) C:\Users\Tonya\Downloads\TFC.exe
2014-03-07 00:50 - 2010-11-27 03:41 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000UA.job
2014-03-07 00:29 - 2014-02-09 22:17 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-07 00:26 - 2012-07-22 21:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-07 00:22 - 2014-03-07 00:22 - 00006592 _____ () C:\Users\Tonya\Desktop\JRT.txt
2014-03-06 23:22 - 2014-03-06 23:22 - 00448512 _____ (OldTimer Tools) C:\Users\Tonya\Desktop\TFC.exe
2014-03-06 23:21 - 2014-03-06 23:21 - 01037734 _____ (Thisisu) C:\Users\Tonya\Desktop\JRT.exe
2014-03-06 23:15 - 2014-03-06 22:42 - 00000000 ____D () C:\AdwCleaner
2014-03-06 23:14 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 23:14 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 23:01 - 2014-03-06 23:01 - 00000524 _____ () C:\Windows\PFRO.log
2014-03-06 23:01 - 2014-03-06 23:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-06 22:50 - 2010-11-27 03:41 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000Core.job
2014-03-06 22:37 - 2014-03-06 22:37 - 01244192 _____ () C:\Users\Tonya\Desktop\adwcleaner.exe
2014-03-06 22:35 - 2010-11-27 05:21 - 00000000 ___RD () C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-06 22:31 - 2013-06-19 13:15 - 00066048 ___SH () C:\Users\Tonya\Desktop\Thumbs.db
2014-03-06 22:30 - 2014-03-06 22:30 - 00001188 _____ () C:\Users\Tonya\Desktop\Live PC Help.lnk
2014-03-06 22:28 - 2012-07-22 21:48 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-06 22:28 - 2012-07-22 21:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-06 22:28 - 2011-06-28 13:45 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-06 22:01 - 2014-03-06 20:37 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Avg2014
2014-03-06 21:49 - 2014-03-06 21:50 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-06 21:49 - 2014-03-06 21:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-06 21:49 - 2014-03-06 21:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-06 21:49 - 2014-03-06 21:49 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-06 21:48 - 2010-07-10 23:24 - 00000000 ____D () C:\Program Files\Java
2014-03-06 21:42 - 2014-03-06 21:41 - 62839880 _____ (Safer-Networking Ltd. ) C:\Users\Tonya\Downloads\spybot-2.3-beta1.exe
2014-03-06 21:41 - 2014-03-06 21:41 - 30796712 _____ (Oracle Corporation) C:\Users\Tonya\Downloads\jre-7u51-windows-x64.exe
2014-03-06 21:39 - 2014-02-01 04:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-06 21:38 - 2014-03-06 21:38 - 04765152 _____ (Piriform Ltd) C:\Users\Tonya\Downloads\ccsetup411.exe
2014-03-06 21:35 - 2014-03-06 21:35 - 17917104 _____ (Adobe Systems Incorporated) C:\Users\Tonya\Downloads\flashplayer13_install_win_pi.exe
2014-03-06 21:33 - 2014-03-06 21:33 - 00001959 _____ () C:\Users\Tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-03-06 21:33 - 2014-03-06 21:33 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-03-06 21:32 - 2014-03-06 21:32 - 00264757 _____ () C:\Users\Tonya\Downloads\FHSetup.exe
2014-03-06 21:29 - 2014-03-06 21:25 - 00047967 _____ () C:\Users\Tonya\Downloads\Addition.txt
2014-03-06 21:29 - 2014-03-06 21:22 - 00056540 _____ () C:\Users\Tonya\Downloads\FRST.txt
2014-03-06 21:21 - 2014-03-06 21:21 - 02156544 _____ (Farbar) C:\Users\Tonya\Desktop\FRST64.exe
2014-03-06 21:20 - 2014-03-06 21:20 - 01145344 _____ (Farbar) C:\Users\Tonya\Downloads\FRST.exe
2014-03-06 21:10 - 2010-11-28 04:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-06 20:52 - 2009-07-13 23:45 - 01004896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-06 20:50 - 2010-11-28 04:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-06 20:47 - 2014-03-06 20:47 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\AVG2014
2014-03-06 20:47 - 2012-05-04 10:53 - 00000000 ___HD () C:\$AVG
2014-03-06 20:46 - 2014-03-06 20:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-06 20:46 - 2012-10-08 12:40 - 00000000 ____D () C:\ProgramData\AVG2013
2014-03-06 20:43 - 2014-03-06 20:43 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-06 20:36 - 2014-03-06 20:36 - 04462384 _____ (AVG Technologies) C:\Users\Tonya\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-03-05 20:47 - 2014-03-05 20:46 - 00002555 _____ () C:\DelFix.txt
2014-03-05 20:46 - 2014-03-02 21:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-05 01:52 - 2010-11-27 05:20 - 00333080 _____ () C:\Users\Tonya\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-04 20:18 - 2014-01-01 17:52 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTonya
2014-03-04 20:18 - 2014-01-01 17:52 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForTonya.job
2014-03-04 15:09 - 2010-11-27 03:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-04 13:53 - 2014-02-26 03:09 - 00077628 _____ () C:\Users\Tonya\Documents\EDU 403 CM.pptx
2014-03-04 11:06 - 2010-11-27 03:41 - 00002364 _____ () C:\Users\Tonya\Desktop\Google Chrome.lnk
2014-03-03 05:16 - 2010-07-10 21:01 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-03-03 05:13 - 2014-03-03 05:13 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Roxio Log Files
2014-03-03 05:07 - 2010-07-10 21:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-03 04:58 - 2010-07-08 03:44 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-03-03 04:57 - 2010-07-08 03:44 - 00000000 ____D () C:\ProgramData\WildTangent
2014-03-03 04:49 - 2010-12-01 17:18 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Adobe
2014-03-03 04:48 - 2014-03-03 04:48 - 00000066 _____ () C:\Windows\GPlrLanc.dat
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-03-03 04:37 - 2014-03-03 04:37 - 00000000 _____ () C:\Windows\system32\Service.log
2014-03-03 04:35 - 2014-03-03 04:35 - 00108072 _____ () C:\Users\Tonya\Downloads\Adobe_Flash.exe
2014-03-03 01:28 - 2014-03-03 01:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-03 00:43 - 2014-03-03 00:43 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-03 00:43 - 2014-03-03 00:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-03 00:29 - 2014-03-03 00:29 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Malwarebytes
2014-03-03 00:29 - 2014-03-03 00:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-03 00:28 - 2014-03-03 00:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tonya\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-03-02 22:58 - 2010-07-10 22:21 - 00000000 ____D () C:\ProgramData\Skype
2014-03-02 22:57 - 2012-08-28 21:42 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Skype
2014-03-02 22:27 - 2014-02-09 22:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-02 21:49 - 2014-03-02 21:49 - 00000000 ____D () C:\Users\Tonya\Downloads\tdsskiller
2014-03-02 03:54 - 2014-03-02 03:54 - 00652144 _____ (www.file.net) C:\Users\Tonya\Downloads\top100files.exe
2014-03-01 05:09 - 2014-03-01 05:09 - 00000000 ____D () C:\ProgramData\AVG
2014-03-01 05:05 - 2014-03-01 05:05 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-01 05:03 - 2014-03-01 04:56 - 78353832 _____ (AVG) C:\Users\Tonya\Downloads\avg_tuh_stf_all_2014_295_24c28(1).exe
2014-03-01 05:01 - 2014-03-01 04:56 - 78353832 _____ (AVG) C:\Users\Tonya\Downloads\avg_tuh_stf_all_2014_295_24c28.exe
2014-03-01 03:39 - 2014-02-01 04:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-01 00:52 - 2014-02-28 21:32 - 00021376 _____ () C:\Users\Tonya\Desktop\avgrep.txt
2014-02-28 21:54 - 2014-02-28 21:21 - 00000000 ____D () C:\Windows\pss
2014-02-28 21:51 - 2014-02-28 21:51 - 00015508 _____ () C:\Users\Tonya\Desktop\cc_20140228_215122.reg
2014-02-28 21:39 - 2010-07-08 03:42 - 00000000 ____D () C:\ProgramData\Norton
2014-02-28 21:29 - 2014-01-31 15:49 - 00000000 ____D () C:\Program Files\HijackThis
2014-02-27 17:22 - 2010-12-09 00:59 - 00788408 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 17:22 - 2009-07-14 00:13 - 00788408 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 01:56 - 2014-02-26 01:56 - 00000000 _____ () C:\Users\Tonya\AppData\Roaming\SharedSettings.ccs
2014-02-23 23:25 - 2014-02-23 23:25 - 00001120 _____ () C:\Users\Tonya\Desktop\Continue Zip Opener Installation.lnk
2014-02-23 16:41 - 2011-01-09 20:09 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-18 20:01 - 2014-01-06 18:23 - 00003610 _____ () C:\Windows\System32\Tasks\Norton Security Scan for Tonya
2014-02-16 03:04 - 2013-08-14 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:00 - 2010-11-28 04:46 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 02:02 - 2012-05-04 01:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 21:22 - 2014-02-15 21:22 - 00020875 _____ () C:\Users\Tonya\Downloads\chapter overview.zip
2014-02-15 16:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-02-15 01:22 - 2014-02-15 01:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 20:24 - 2014-02-09 22:17 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 20:24 - 2014-02-09 22:17 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 22:49 - 2014-02-11 22:49 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-11 22:45 - 2010-11-27 03:41 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000UA
2014-02-11 22:45 - 2010-11-27 03:41 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3790915449-1485846204-445597675-1000Core
2014-02-09 22:18 - 2010-11-27 03:41 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Google
2014-02-09 22:16 - 2014-02-09 22:16 - 00847312 _____ (Google Inc.) C:\Users\Tonya\Downloads\GoogleEarthSetup.exe
2014-02-06 07:16 - 2014-02-13 06:46 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-13 06:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-13 06:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-13 06:46 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-13 06:46 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-13 06:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-13 06:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-13 06:46 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 05:52 - 2014-02-13 06:46 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 05:49 - 2014-02-13 06:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-13 06:46 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-13 06:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-13 06:46 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-13 06:46 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-13 06:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-13 06:46 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 05:11 - 2014-02-13 06:46 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-13 06:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-13 06:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-13 06:46 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-13 06:46 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-13 06:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-13 06:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-13 06:46 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 04:49 - 2014-02-13 06:46 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 04:47 - 2014-02-13 06:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-13 06:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-13 06:46 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-13 06:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-13 06:46 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 04:22 - 2014-02-13 06:46 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-13 06:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-13 06:46 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-13 06:46 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-13 06:46 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-13 06:46 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-13 06:46 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-13 06:46 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-13 06:46 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 00:58 - 2014-02-01 04:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-03 21:12

==================== End Of Log ============================

Edited by gmcube, 07 March 2014 - 12:18 AM.

[pystryker]

Edit: whoops, I forgot to reboot before that last first scan. give me a minute, I'll edit the new log in.

Indeed, that scared me. I saw all the items I had selected for removal still in the log, and was about to hit it with a bigger hammer. The FRST log looks good, let's run a sweep for remnants with ESET and MBAM.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes

• Please open the program.
• Click on the Update tab then click Check for Updates
  
  
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, check the following settings:
  
  • On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
  
  
  
• On the Scanner tab, check Perform quick scan.
  
  
  
• When the scan is complete, click OK, then Show Results to view the results.
  
  
  
• Make sure that everything is checked, and click Remove Selected.
  
  
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked.
  
• Make sure that the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
  
• Now click on Start
  
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  
• When completed the Online Scan will begin automatically. The scan may take several hours.
  
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  
• Now click on Finish
  
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.

Things I need to see in your next post:

• ESET Scan Log
  
• MBAM Log