Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Fixila Optimizer [Solved]

Fixila Malware/virus?

  • This topic is locked This topic is locked

#1
ctpchatty

ctpchatty

    Member

  • Member
  • PipPip
  • 13 posts

I am helping a friend since you guys helped me get rid of things in my computer and I do appreciate it.

My friend is not a computer person and her new laptop is Windows 8. She somehow contracted a pesky item called Fixila Optimizer and I am unable to get it out. It does not show up in her programs  that I am able to determine. I was able to find the folder and figured what the heck, I deleted it but it came back. I have run all the normal programs MalWare Bytes, Super Anti Spyware, virus scans, cleaned out the computer of all not needed junk and except for this darn thing. I tried to search it on the Internet and it gave me a link in CNet to remove it but that too is a false link. Any ideas to help me get it out of her computer ??? I also am not a computer geek but I am willing to try things. Thanks


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Let's get a look at the system and see what's going on. :)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
[b]Things I need to see in your next post:

FRST Log

Addition.txt Log[/b[
  • 0

#3
ctpchatty

ctpchatty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I will send this to my friends house and we will get started in the next day or two. Thanks for being so quick. I hope I know what I am doing.


  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I will send this to my friends house and we will get started in the next day or two. Thanks for being so quick. I hope I know what I am doing.


You'll do fine, no worries. :) The easiest way of doing this is make sure you read the instructions completely before executing them.
  • 0

#5
ctpchatty

ctpchatty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by Cathy Peters (administrator) on CATHY on 01-06-2014 15:16:13
Running from C:\Users\Cathy Peters\Desktop\Put on DVD\Downloads
Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\HDD Password Tool\TosExtSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\ccsvchst.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Gemalto N.V.) C:\Users\Cathy Peters\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\HDD Password Tool\TosExtCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Content Manager\CmTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
() C:\Program Files\WindowsApps\32988BernardoZamora.SpiderSolitaireHD_1.14.0.19_neutral__1fgex2kbsn6g8\Spider.exe
(Hot Chai Productions, LLC) C:\Program Files\WindowsApps\HotChaiProductionsLLC.SpeedWords_1.15.0.98_neutral__4526h58b9csx8\HotChai.SpeedWords.Metro.exe
() C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_2.8.0.0_x86__8wekyb3d8bbwe\WordamentWin8.1.exe
() C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_2.3.1403.3117_x86__8wekyb3d8bbwe\Mahjong.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Farbar) C:\Users\Cathy Peters\Desktop\Put on DVD\Downloads\FRST64(2).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2534400 2014-03-25] (MyHeritage)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Online Vault] => C:\Program Files (x86)\OnlineVault\OVTray.exe [371808 2013-04-22] (Crawler.com)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4276984483-3895816767-3243404449-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
HKU\S-1-5-21-4276984483-3895816767-3243404449-1001\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653760 2012-11-20] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-4276984483-3895816767-3243404449-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4276984483-3895816767-3243404449-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Cathy Peters\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-29] (Gemalto N.V.)
HKU\S-1-5-21-4276984483-3895816767-3243404449-1001\...\Run: [NextLive] => C:\WINDOWS\SysWOW64\rundll32.exe ",EntryPoint -m l
HKU\S-1-5-21-4276984483-3895816767-3243404449-1001\...\Run: [GoogleChromeAutoLaunch_D86CACA25DA8130C852C1FB7702EDBF3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-13] (Google Inc.)
HKU\S-1-5-21-4276984483-3895816767-3243404449-1001\...\Run: [CmTray] => C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] ()
HKU\S-1-5-21-4276984483-3895816767-3243404449-1001\...\MountPoints2: {2214668f-69e2-11e3-bf0a-008cfa41fd4b} - "E:\KODAK_Software_Downloader.exe"
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
AppInit_DLLs:  C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll => "c:\progra~3\wincert\win32c~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDD Password Tool.lnk
ShortcutTarget: HDD Password Tool.lnk -> C:\Program Files (x86)\Toshiba\HDD Password Tool\TosExtCtrl.exe (TOSHIBA CORPORATION)
Startup: C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\Cathy\AppData\Local\Apps\2.0\LB00Z631.2V8\Y9W3ZD0E.DCV\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
Startup: C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\movies toolbar\datamngr\apcrtldr.dll <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findwi...CDECC}&serpv=22
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE9761547CCE7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.mysearc...=1940348077&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1940348077&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
URLSearchHook: HKLM-x32 - Systweak Toolbar - {424e2f9c-eb5b-4b51-87e5-5831781bc515} - C:\Program Files (x86)\Systweak\prxtbSyst.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {03F415CC-6CCD-413A-B4A4-627DA7452B1C URL =
SearchScopes: HKLM - {540A905A-E2F6-5F02-08EC-535D8A78F003} URL = http://start.sweetpa...E-002713578B6D}
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...=1940348077&ir=
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKLM - {CEF9A1DD-4657-419A-8ACE-68A4F709C7E1} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.mysearc...r=867455213&ir=
SearchScopes: HKLM-x32 - DefaultScope {03F415CC-6CCD-413A-B4A4-627DA7452B1C URL = http://start.mysearc...r=867455213&ir=
SearchScopes: HKLM-x32 - {03F415CC-6CCD-413A-B4A4-627DA7452B1C URL = http://start.mysearc...r=867455213&ir=
SearchScopes: HKLM-x32 - {1B86AFD3-35D5-5C90-EC69-5471B0E1B8F9} URL =
SearchScopes: HKLM-x32 - {34e26447-bf30-4c78-a5b9-61dfa8a55e67} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 - {CEF9A1DD-4657-419A-8ACE-68A4F709C7E1} URL = http://www.bing.com/...E10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...7-008CFA41FD4B}
SearchScopes: HKCU - DefaultScope {5B32698A-3BC2-4B7F-A3BB-A6021054DBF8} URL = http://search.findwi...k={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.genieo...q={searchTerms}
SearchScopes: HKCU - {540A905A-E2F6-5F02-08EC-535D8A78F003} URL =
SearchScopes: HKCU - {5B32698A-3BC2-4B7F-A3BB-A6021054DBF8} URL = http://search.findwi...k={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6F22A46C-1D20-4875-9068-7F622835B13B} URL = http://start.mysearc...r=867455213&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...=1940348077&ir=
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL =
SearchScopes: HKCU - {CEF9A1DD-4657-419A-8ACE-68A4F709C7E1} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKCU - {F58E43E6-2210-4809-AB8F-40792D5FD159} URL = http://search.yahoo....petb&type=10743
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -  No File
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: No Name - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -  No File
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -  No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKLM - FindWide Toolbar - {CBC6E450-45FD-4299-A615-31323250B151} - C:\Program Files (x86)\TNT2\Profiles\10743\passport64.dll No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {424E2F9C-EB5B-4B51-87E5-5831781BC515} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...PLOADER_V10.CAB
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{04530230-BF71-4432-88F7-E2A6231EAF2A}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{58D7E24D-0C62-4632-BB99-EA2BC27F6141}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{FA9474EC-2455-4EEE-B7A8-EBED8616FDFB}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Cathy Peters\AppData\Roaming\Mozilla\Firefox\Profiles\nfalh96t.default
FF Homepage: hxxp://centurylink.net/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @baidu.com/npxbdsetup - C:\WINDOWS\Downloaded Program Files\88393093\npxbdsetup.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-01-18]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-03-10]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Social Privacy\FF\
FF HKCU\...\Firefox\Extensions: [{af2c99b1-0bce-498b-a5d8-e08e0359cdac}] - C:\Program Files (x86)\BlockAndSurf-soft\157.xpi

Chrome:
=======
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cathy Peters\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (Google Wallet) - C:\Users\Cathy Peters\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\CATHYP~1\AppData\Local\mysearchdial-speeddial.crx [2013-08-21]
CHR HKCU\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\Cathy Peters\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [2013-08-21]
CHR HKCU\...\Chrome\Extension: [edakhebdfmenljamaknlnnallmchcdei] - C:\Users\Cathy Peters\AppData\Local\CRE\edakhebdfmenljamaknlnnallmchcdei.crx [2013-08-21]
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Cathy Peters\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-21]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Cathy Peters\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-08-21]
CHR HKCU\...\Chrome\Extension: [lfoibgciimcbjkngfcdkebkgbecoeimf] - C:\Users\Cathy Peters\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx [2013-08-21]
CHR HKCU\...\Chrome\Extension: [liaonomjhndfhiipfagnmfmcenfhammp] - C:\Users\Cathy Peters\AppData\Local\CRE\liaonomjhndfhiipfagnmfmcenfhammp.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [apgjagobplilmcdfelodhgefiidomnfl] - C:\Program Files (x86)\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\Cathy Peters\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [edakhebdfmenljamaknlnnallmchcdei] - C:\Users\Cathy Peters\AppData\Local\CRE\edakhebdfmenljamaknlnnallmchcdei.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Cathy Peters\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Cathy Peters\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [lfoibgciimcbjkngfcdkebkgbecoeimf] - C:\Users\Cathy Peters\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [liaonomjhndfhiipfagnmfmcenfhammp] - C:\Users\Cathy Peters\AppData\Local\CRE\liaonomjhndfhiipfagnmfmcenfhammp.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx [2013-09-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143088 2013-05-07] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-13] (IvoSoft)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-16] (globalUpdate)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-16] (globalUpdate)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214928 2013-10-17] (TOSHIBA CORPORATION)
R2 TosExtSvc; C:\Program Files (x86)\Toshiba\HDD Password Tool\TosExtSvc.exe [1630512 2013-03-07] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 70e6ca8c; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 ccSet_NAT; C:\Windows\system32\drivers\NATx64\0108000.020\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-03-19] ()
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R0 TosExt; C:\Windows\System32\Drivers\TosExt.sys [26416 2013-03-07] (TOSHIBA Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\CATHYP~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-01 15:09 - 2014-06-01 15:16 - 00000000 ____D () C:\FRST
2014-05-30 19:40 - 2014-05-30 19:40 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\Macromedia
2014-05-30 19:38 - 2014-05-30 19:38 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\Mozilla
2014-05-30 19:37 - 2014-05-30 19:37 - 00001186 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-30 19:37 - 2014-05-30 19:37 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-30 19:37 - 2014-05-30 19:37 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-30 19:37 - 2014-05-30 19:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-30 18:51 - 2014-05-30 18:51 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Roaming\Oracle
2014-05-30 18:50 - 2014-05-30 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-30 18:50 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-05-30 18:50 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-05-30 18:50 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-05-30 18:50 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-05-30 18:49 - 2014-05-30 18:50 - 00004430 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_60-b19.log
2014-05-30 18:46 - 2014-05-30 18:46 - 00000053 _____ () C:\Users\Cathy Peters\Desktop\Home - Welcome to CenturyLink.URL
2014-05-30 18:42 - 2014-05-30 18:42 - 00001154 _____ () C:\Users\Cathy Peters\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-29 18:22 - 2014-04-08 18:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-29 18:22 - 2014-04-08 18:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-29 18:22 - 2014-04-08 14:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-29 18:22 - 2014-04-08 14:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-29 18:22 - 2014-03-23 22:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-29 18:22 - 2014-03-23 22:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-29 18:22 - 2014-03-23 22:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-29 18:22 - 2014-03-13 03:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-29 18:22 - 2014-03-13 02:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-29 17:06 - 2014-05-30 16:11 - 00000000 ____D () C:\Users\Cathy Peters\Desktop\Cathy ready
2014-05-26 15:39 - 2014-05-26 15:39 - 00000000 ___RD () C:\Users\Cathy Peters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-25 20:45 - 2014-05-25 20:45 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\Intel_Corporation
2014-05-24 08:18 - 2014-05-24 08:18 - 00000000 ____D () C:\Users\Cathy Peters\Desktop\Publisher
2014-05-21 14:14 - 2014-05-21 14:14 - 00003295 _____ () C:\Users\Cathy Peters\Desktop\jacquielawson.com password reminder.eml
2014-05-21 13:00 - 2014-05-21 13:00 - 00006144 _____ () C:\Users\Cathy Peters\Documents\Game Dayt.wps
2014-05-21 12:28 - 2014-05-21 12:28 - 00009728 _____ () C:\Users\Cathy Peters\Documents\Game Day 2014t.wps
2014-05-19 16:20 - 2014-05-24 08:13 - 00000000 ____D () C:\Program Files\OutfoxTV
2014-05-17 10:35 - 2014-05-24 18:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-17 10:35 - 2014-05-24 18:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-16 14:31 - 2014-05-16 14:31 - 00000000 ____D () C:\Users\Cathy Peters\Documents\Add-in Express
2014-05-16 14:31 - 2014-05-16 14:31 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Roaming\trustedshopper
2014-05-16 14:29 - 2014-05-16 14:29 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Roaming\Apple Computer
2014-05-16 11:31 - 2014-06-01 14:31 - 00000304 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job
2014-05-16 11:31 - 2014-05-31 12:01 - 00000298 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job
2014-05-16 11:31 - 2014-05-30 23:36 - 00000988 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-05-16 11:31 - 2014-05-16 11:31 - 00003960 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-05-16 11:31 - 2014-05-16 11:31 - 00003214 _____ () C:\WINDOWS\System32\Tasks\SpeedUpMyPC Maintenance
2014-05-16 11:31 - 2014-05-16 11:31 - 00002518 _____ () C:\WINDOWS\System32\Tasks\SpeedUpMyPC Startup
2014-05-16 11:31 - 2014-05-16 11:31 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\com
2014-05-16 11:30 - 2014-05-31 12:01 - 00000984 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-16 11:30 - 2014-05-25 20:21 - 00000000 ____D () C:\Program Files (x86)\Activeris AntiMalware
2014-05-16 11:30 - 2014-05-25 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware
2014-05-16 11:30 - 2014-05-25 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2014-05-16 11:30 - 2014-05-25 19:57 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-05-16 11:30 - 2014-05-25 19:57 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-05-16 11:30 - 2014-05-16 11:37 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Roaming\Activeris
2014-05-16 11:30 - 2014-05-16 11:30 - 00003724 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-05-16 11:30 - 2014-05-16 11:30 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\globalUpdate
2014-05-16 11:30 - 2012-09-26 19:03 - 00020480 _____ () C:\WINDOWS\system32\acrisnative64.exe
2014-05-15 22:04 - 2014-06-01 15:02 - 00000328 _____ () C:\WINDOWS\Tasks\Fixila PC Optimizer_DEFAULT.job
2014-05-15 22:04 - 2014-06-01 15:01 - 00003144 _____ () C:\WINDOWS\System32\Tasks\Fixila PC Optimizer
2014-05-15 22:04 - 2014-05-25 20:21 - 00000336 _____ () C:\WINDOWS\Tasks\Fixila PC Optimizer_UPDATES.job
2014-05-15 22:04 - 2014-05-25 20:21 - 00000000 ____D () C:\Program Files (x86)\Fixila PC Optimizer
2014-05-15 22:04 - 2014-05-25 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fixila PC Optimizer
2014-05-15 22:04 - 2014-05-25 19:59 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Roaming\Fixila
2014-05-15 22:04 - 2014-05-15 22:04 - 00003066 _____ () C:\WINDOWS\System32\Tasks\Fixila PC Optimizer_UPDATES
2014-05-15 22:04 - 2014-05-15 22:04 - 00002910 _____ () C:\WINDOWS\System32\Tasks\Fixila PC Optimizer_DEFAULT
2014-05-14 22:38 - 2014-05-14 22:38 - 00000000 ____D () C:\Users\Cathy Peters\Desktop\Put on DVD
2014-05-14 22:33 - 2013-10-15 16:03 - 00111488 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\Drivers\THAccel.sys
2014-05-14 07:53 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 07:53 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 07:53 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 07:53 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 07:53 - 2014-04-11 06:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 07:53 - 2014-04-11 06:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 07:53 - 2014-04-11 04:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 07:53 - 2014-04-11 02:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 07:53 - 2014-04-11 01:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 07:53 - 2014-04-11 01:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 07:53 - 2014-04-10 23:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 07:53 - 2014-04-10 23:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 07:53 - 2014-04-10 23:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 07:53 - 2014-04-10 23:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 07:53 - 2014-04-10 23:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 07:53 - 2014-04-10 23:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 07:53 - 2014-04-10 23:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 07:53 - 2014-04-10 23:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 07:53 - 2014-04-10 23:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 07:53 - 2014-04-10 23:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 07:53 - 2014-04-10 22:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 07:53 - 2014-04-10 22:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 07:53 - 2014-04-10 22:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 07:53 - 2014-04-10 22:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 07:53 - 2014-04-10 22:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 07:53 - 2014-04-10 22:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 07:53 - 2014-04-10 22:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 07:53 - 2014-04-10 22:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 07:53 - 2014-04-10 22:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 07:53 - 2014-04-10 22:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 07:53 - 2014-04-10 22:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 07:52 - 2014-03-27 05:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 07:52 - 2014-03-27 03:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-11 17:03 - 2014-05-11 17:03 - 00001152 _____ () C:\Users\Cathy Peters\Desktop\MyHeritage Family Tree Builder.lnk
2014-05-11 17:03 - 2012-08-02 08:56 - 00606208 _____ (Lorenzi Davide) C:\WINDOWS\SysWOW64\HexUniRTFBox.ocx
2014-05-11 17:03 - 2010-06-17 19:49 - 02029056 _____ (Bytescout) C:\WINDOWS\SysWOW64\PDFDocScout.DLL
2014-05-11 17:03 - 2004-12-07 11:11 - 00258352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unicows.dll
2014-05-11 16:54 - 2014-05-11 16:55 - 36987832 _____ () C:\Users\Cathy Peters\Desktop\family_tree_builder_7137.exe
2014-05-10 21:51 - 2014-05-30 17:07 - 00000000 ____D () C:\Users\Cathy Peters\Desktop\For Jean
2014-05-09 10:17 - 2014-05-09 10:17 - 00000000 ____D () C:\Users\Cathy Peters\Desktop\Diary
2014-05-08 09:36 - 2014-05-08 09:36 - 00000000 ____D () C:\Program Files (x86)\GUMC93A.tmp
2014-05-04 23:19 - 2014-06-01 14:46 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-04 23:19 - 2014-05-13 15:46 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-04 22:50 - 2014-05-04 22:51 - 00000000 ____D () C:\Program Files (x86)\Content Manager
2014-05-04 22:50 - 2014-05-04 22:50 - 00001957 _____ () C:\Users\Public\Desktop\Content Manager.lnk
2014-05-04 22:50 - 2014-05-04 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magellan Content Manager
2014-05-04 18:15 - 2014-05-04 18:15 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\IsolatedStorage
2014-05-04 15:21 - 2013-07-31 19:01 - 00070144 _____ () C:\Users\Cathy Peters\Desktop\one tree pg.pub

==================== One Month Modified Files and Folders =======

2014-06-01 15:16 - 2014-06-01 15:09 - 00000000 ____D () C:\FRST
2014-06-01 15:16 - 2013-10-30 00:40 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\Temp
2014-06-01 15:15 - 2013-05-13 15:33 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7209074E-D1F7-46AE-BDFD-C3375B0D086B}
2014-06-01 15:02 - 2014-05-15 22:04 - 00000328 _____ () C:\WINDOWS\Tasks\Fixila PC Optimizer_DEFAULT.job
2014-06-01 15:01 - 2014-05-15 22:04 - 00003144 _____ () C:\WINDOWS\System32\Tasks\Fixila PC Optimizer
2014-06-01 15:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-01 14:46 - 2014-05-04 23:19 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-01 14:41 - 2013-05-10 16:06 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-01 14:34 - 2014-01-18 23:34 - 00000324 _____ () C:\WINDOWS\Tasks\SaveSense.job
2014-06-01 14:31 - 2014-05-16 11:31 - 00000304 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job
2014-06-01 14:16 - 2013-05-10 16:00 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4276984483-3895816767-3243404449-1001
2014-06-01 13:17 - 2013-10-30 01:07 - 01816641 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-01 13:06 - 2013-05-15 14:55 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\CrashDumps
2014-06-01 13:02 - 2013-05-15 15:35 - 00025086 _____ () C:\Users\Cathy Peters\AppData\Roaming\wklnhst.dat
2014-06-01 12:57 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-01 12:57 - 2013-05-10 15:52 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\Packages
2014-05-31 20:53 - 2014-04-05 00:36 - 00221184 _____ () C:\Users\Cathy Peters\Documents\A Day in the Life of Cathy.wps
2014-05-31 20:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-05-31 12:03 - 2013-10-30 10:46 - 00000000 __RDO () C:\Users\Cathy Peters\SkyDrive
2014-05-31 12:02 - 2013-05-10 16:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-31 12:01 - 2014-05-16 11:31 - 00000298 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job
2014-05-31 12:01 - 2014-05-16 11:30 - 00000984 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-31 11:59 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-30 23:36 - 2014-05-16 11:31 - 00000988 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-05-30 19:40 - 2014-05-30 19:40 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\Macromedia
2014-05-30 19:38 - 2014-05-30 19:38 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\Mozilla
2014-05-30 19:38 - 2013-05-20 22:26 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Roaming\Mozilla
2014-05-30 19:37 - 2014-05-30 19:37 - 00001186 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-30 19:37 - 2014-05-30 19:37 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-30 19:37 - 2014-05-30 19:37 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-30 19:37 - 2014-05-30 19:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-30 19:37 - 2013-11-09 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-30 19:08 - 2014-04-26 16:53 - 00000000 ____D () C:\Program Files\003
2014-05-30 19:08 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-30 19:02 - 2014-01-30 23:50 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-05-30 19:02 - 2014-01-26 14:08 - 00000000 ____D () C:\Program Files\Conduit
2014-05-30 19:02 - 2014-01-26 14:08 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-05-30 19:02 - 2013-06-21 19:24 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\Conduit
2014-05-30 18:51 - 2014-05-30 18:51 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Roaming\Oracle
2014-05-30 18:50 - 2014-05-30 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-30 18:50 - 2014-05-30 18:49 - 00004430 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_60-b19.log
2014-05-30 18:50 - 2014-03-04 21:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-30 18:50 - 2014-02-22 22:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-30 18:46 - 2014-05-30 18:46 - 00000053 _____ () C:\Users\Cathy Peters\Desktop\Home - Welcome to CenturyLink.URL
2014-05-30 18:42 - 2014-05-30 18:42 - 00001154 _____ () C:\Users\Cathy Peters\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 18:24 - 2013-05-20 22:26 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-05-30 18:13 - 2013-11-22 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-30 18:01 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-30 17:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-05-30 17:07 - 2014-05-10 21:51 - 00000000 ____D () C:\Users\Cathy Peters\Desktop\For Jean
2014-05-30 16:11 - 2014-05-29 17:06 - 00000000 ____D () C:\Users\Cathy Peters\Desktop\Cathy ready
2014-05-29 18:25 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-29 18:25 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-29 18:25 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-29 18:25 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-29 18:24 - 2013-08-23 03:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-29 18:24 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-05-29 18:22 - 2013-05-11 21:07 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-29 18:11 - 2013-10-30 00:40 - 00000000 ____D () C:\Users\Cathy Peters
2014-05-29 18:10 - 2012-11-13 02:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-29 18:08 - 2012-11-13 02:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-05-29 17:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2014-05-29 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-05-26 15:39 - 2014-05-26 15:39 - 00000000 ___RD () C:\Users\Cathy Peters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-26 11:58 - 2014-01-05 01:36 - 00178688 _____ () C:\Users\Cathy Peters\Documents\Biography.wps
2014-05-25 20:45 - 2014-05-25 20:45 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\Intel_Corporation
2014-05-25 20:32 - 2012-11-13 02:28 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-25 20:21 - 2014-05-16 11:30 - 00000000 ____D () C:\Program Files (x86)\Activeris AntiMalware
2014-05-25 20:21 - 2014-05-15 22:04 - 00000336 _____ () C:\WINDOWS\Tasks\Fixila PC Optimizer_UPDATES.job
2014-05-25 20:21 - 2014-05-15 22:04 - 00000000 ____D () C:\Program Files (x86)\Fixila PC Optimizer
2014-05-25 20:18 - 2014-05-16 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware
2014-05-25 20:18 - 2014-05-15 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fixila PC Optimizer
2014-05-25 20:18 - 2014-03-17 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Downloader
2014-05-25 20:18 - 2014-03-17 22:00 - 00000000 ____D () C:\Program Files (x86)\Video Downloader
2014-05-25 20:18 - 2014-01-08 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-05-25 19:59 - 2014-05-15 22:04 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Roaming\Fixila
2014-05-25 19:58 - 2014-05-16 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2014-05-25 19:57 - 2014-05-16 11:30 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-05-25 19:57 - 2014-05-16 11:30 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-05-25 19:57 - 2012-11-13 02:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-05-25 13:06 - 2013-07-21 12:21 - 00000000 ____D () C:\Users\Cathy Peters\Documents\2012-2013
2014-05-24 20:05 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-24 18:42 - 2014-05-17 10:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-24 18:42 - 2014-05-17 10:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-24 18:42 - 2012-11-05 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-24 08:18 - 2014-05-24 08:18 - 00000000 ____D () C:\Users\Cathy Peters\Desktop\Publisher
2014-05-24 08:13 - 2014-05-19 16:20 - 00000000 ____D () C:\Program Files\OutfoxTV
2014-05-21 14:14 - 2014-05-21 14:14 - 00003295 _____ () C:\Users\Cathy Peters\Desktop\jacquielawson.com password reminder.eml
2014-05-21 13:00 - 2014-05-21 13:00 - 00006144 _____ () C:\Users\Cathy Peters\Documents\Game Dayt.wps
2014-05-21 12:28 - 2014-05-21 12:28 - 00009728 _____ () C:\Users\Cathy Peters\Documents\Game Day 2014t.wps
2014-05-21 12:27 - 2014-04-21 22:26 - 00006144 _____ () C:\Users\Cathy Peters\Documents\Untitled Document.wps
2014-05-19 16:22 - 2014-04-06 19:03 - 00000000 ____D () C:\Program Files (x86)\Browsersafeguard
2014-05-16 14:31 - 2014-05-16 14:31 - 00000000 ____D () C:\Users\Cathy Peters\Documents\Add-in Express
2014-05-16 14:31 - 2014-05-16 14:31 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Roaming\trustedshopper
2014-05-16 14:31 - 2014-01-17 23:53 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\cache
2014-05-16 14:31 - 2010-04-22 14:29 - 00000000 ____D () C:\Temp
2014-05-16 14:29 - 2014-05-16 14:29 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Roaming\Apple Computer
2014-05-16 14:28 - 2014-03-14 21:48 - 00000000 _____ () C:\END
2014-05-16 11:37 - 2014-05-16 11:30 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Roaming\Activeris
2014-05-16 11:31 - 2014-05-16 11:31 - 00003960 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-05-16 11:31 - 2014-05-16 11:31 - 00003214 _____ () C:\WINDOWS\System32\Tasks\SpeedUpMyPC Maintenance
2014-05-16 11:31 - 2014-05-16 11:31 - 00002518 _____ () C:\WINDOWS\System32\Tasks\SpeedUpMyPC Startup
2014-05-16 11:31 - 2014-05-16 11:31 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\com
2014-05-16 11:30 - 2014-05-16 11:30 - 00003724 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-05-16 11:30 - 2014-05-16 11:30 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\globalUpdate
2014-05-15 22:04 - 2014-05-15 22:04 - 00003066 _____ () C:\WINDOWS\System32\Tasks\Fixila PC Optimizer_UPDATES
2014-05-15 22:04 - 2014-05-15 22:04 - 00002910 _____ () C:\WINDOWS\System32\Tasks\Fixila PC Optimizer_DEFAULT
2014-05-14 22:38 - 2014-05-14 22:38 - 00000000 ____D () C:\Users\Cathy Peters\Desktop\Put on DVD
2014-05-14 22:34 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-14 22:34 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-14 22:34 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-14 11:26 - 2013-09-30 00:04 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-14 08:09 - 2013-05-10 16:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-13 15:46 - 2014-05-04 23:19 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-11 22:29 - 2013-05-13 17:31 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Roaming\MyHeritage
2014-05-11 17:17 - 2012-08-15 01:00 - 00000000 ____D () C:\Users\Cathy Peters\Documents\MyHeritage
2014-05-11 17:08 - 2012-11-05 20:01 - 00000000 ____D () C:\ProgramData\MyHeritage
2014-05-11 17:03 - 2014-05-11 17:03 - 00001152 _____ () C:\Users\Cathy Peters\Desktop\MyHeritage Family Tree Builder.lnk
2014-05-11 16:55 - 2014-05-11 16:54 - 36987832 _____ () C:\Users\Cathy Peters\Desktop\family_tree_builder_7137.exe
2014-05-09 10:17 - 2014-05-09 10:17 - 00000000 ____D () C:\Users\Cathy Peters\Desktop\Diary
2014-05-08 09:36 - 2014-05-08 09:36 - 00000000 ____D () C:\Program Files (x86)\GUMC93A.tmp
2014-05-08 09:36 - 2013-05-10 16:06 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 09:36 - 2013-05-10 16:06 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 15:02 - 2014-05-30 18:50 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-05-07 14:59 - 2014-05-30 18:50 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-05-07 14:59 - 2014-05-30 18:50 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-05-07 14:58 - 2014-05-30 18:50 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-05-06 00:40 - 2014-05-14 07:53 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-05 23:25 - 2014-05-14 07:53 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-05 23:00 - 2014-05-14 07:53 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-14 07:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-05 21:58 - 2013-12-25 23:48 - 00008192 _____ () C:\Users\Cathy Peters\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-04 23:19 - 2013-05-14 16:24 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\Adobe
2014-05-04 22:51 - 2014-05-04 22:50 - 00000000 ____D () C:\Program Files (x86)\Content Manager
2014-05-04 22:50 - 2014-05-04 22:50 - 00001957 _____ () C:\Users\Public\Desktop\Content Manager.lnk
2014-05-04 22:50 - 2014-05-04 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magellan Content Manager
2014-05-04 22:50 - 2012-11-13 02:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-04 18:15 - 2014-05-04 18:15 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\IsolatedStorage

Some content of TEMP:
====================
C:\Users\Cathy Peters\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-31 12:21

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01
Ran by Cathy Peters at 2014-06-01 15:16:54
Running from C:\Users\Cathy Peters\Desktop\Put on DVD\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Classic Shell (HKLM\...\{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}) (Version: 3.6.7 - IvoSoft)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.0.0 - SEIKO EPSON CORPORATION)
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
SanDiskSecureAccess_Manager.exe (HKCU\...\@@[email protected]@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19269 - Gemalto N.V.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1018 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.2.0000 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102  - Toshiba Corporation)
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

30-05-2014 22:06:05 Removed TOSHIBA PC Health Monitor.

==================== Hosts content: ==========================

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00FA6CA7-AEE8-4730-821E-B7DFF69E5E74} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {04EEE087-CAB6-4EDC-8111-FE93A4DE68D1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05797393-8A37-4C55-B9D5-BDFBFCFC7942} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {07596424-A06D-41C2-B698-3D3CA40F74A7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0D196EC3-47CD-4DE2-ADE2-B569CF75CC8E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-29] (Microsoft Corporation)
Task: {1662183D-95AD-4F62-A8BA-991D6EBB502F} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe [2013-05-29] (Symantec Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {236DE648-099F-4C20-AA2C-A4E701DCF42B} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {23BF5DA0-BBC4-4082-9E73-0EB130F3F67E} - System32\Tasks\Leader Technologies\LTCM Client\New Message Check - Cathy Peters => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2009-08-05] (Leader Technologies Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2E0CFE34-E579-494F-A945-4C088F4BD376} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3B80543C-670A-473B-A38F-3BCA56760B1F} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-05-02] (Uniblue Systems Limited) <==== ATTENTION
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4BE78ADC-332D-4A29-9F97-B88045D0A381} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe [2013-05-29] (Symantec Corporation)
Task: {52078AC5-ABE7-437B-9CB3-34704954B516} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {5AEE17EA-53FE-42C5-A6E8-1FCFA813C91C} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-16] (globalUpdate) <==== ATTENTION
Task: {5FB7DEA3-1AE6-4D94-B616-C2E66CCEFC49} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.)
Task: {62507364-998F-4452-90F2-188D5736E69C} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {708FE394-60BA-4A15-8759-07A14026BA35} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4276984483-3895816767-3243404449-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {734D0BA7-1E86-4829-8248-DD4BF0B05FEB} - System32\Tasks\Fixila PC Optimizer_UPDATES => C:\Program Files (x86)\Fixila PC Optimizer\FixilaPCOptimizer.exe [2014-01-02] (Fixila PC Optimizer)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77082C64-7690-4A72-8060-A481E37CBFA3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {79754D75-87F2-45AA-ADF9-0C0A7718AADB} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {7CC1A3FA-32D3-4009-9BDC-8E3230302720} - System32\Tasks\SaveSense => C:\Users\CATHYP~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {7D07A3E2-215B-4CCA-AB46-0B1B98782A6F} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-05-02] (Uniblue Systems Limited) <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E335A64-81EB-46BF-98F2-F81B30E39FFB} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {942B6FCC-FBEF-41C0-A234-FB2A902E065F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B5B92607-5FD5-4B31-9C61-A0720DB40161} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-16] (globalUpdate) <==== ATTENTION
Task: {CD1A994A-6CFD-4735-BD37-DA4E118FBD81} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {CFE7F9ED-4272-42AF-AF5E-BE4BDE1335CE} - System32\Tasks\Fixila PC Optimizer => C:\Program Files (x86)\Fixila PC Optimizer\FixilaPCOptimizer.exe [2014-01-02] (Fixila PC Optimizer)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E74D22C5-0A1F-4B67-A402-72A42B6E3255} - System32\Tasks\Fixila PC Optimizer_DEFAULT => C:\Program Files (x86)\Fixila PC Optimizer\FixilaPCOptimizer.exe [2014-01-02] (Fixila PC Optimizer)
Task: {E810A396-4022-4047-A72B-2EDB2A5301C0} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EB10B40D-57B7-4993-A214-18E9F9D284A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.)
Task: {F74682ED-4FAF-40F9-B23C-20FA6B57FD98} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {FA536AE9-3036-45FB-9D20-210830FC9588} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Fixila PC Optimizer_DEFAULT.job => C:\Program Files (x86)\Fixila PC Optimizer\FixilaPCOptimizer.exe
Task: C:\WINDOWS\Tasks\Fixila PC Optimizer_UPDATES.job => C:\Program Files (x86)\Fixila PC Optimizer\FixilaPCOptimizer.exe
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SaveSense.job => C:\Users\CATHYP~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2013-09-21 03:22 - 2013-09-21 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-05-04 22:50 - 2012-12-06 10:09 - 07375360 _____ () C:\Program Files (x86)\Content Manager\CmTray.exe
2013-07-05 00:25 - 2013-07-05 00:26 - 00169472 _____ () C:\Program Files\WindowsApps\32988BernardoZamora.SpiderSolitaireHD_1.14.0.19_neutral__1fgex2kbsn6g8\Spider.exe
2014-03-29 09:10 - 2014-03-29 09:10 - 00443392 _____ () C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_2.8.0.0_x86__8wekyb3d8bbwe\WordamentWin8.1.exe
2014-04-10 15:39 - 2014-04-10 15:40 - 00545280 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_2.3.1403.3117_x86__8wekyb3d8bbwe\Mahjong.exe
2013-05-13 17:06 - 2013-05-13 17:06 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-06-29 04:54 - 2011-06-29 04:56 - 11483264 _____ () C:\Users\Cathy Peters\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2014-05-04 22:50 - 2009-01-10 18:32 - 00011362 _____ () C:\Program Files (x86)\Content Manager\mingwm10.dll
2014-05-04 22:50 - 2009-06-23 02:42 - 00043008 _____ () C:\Program Files (x86)\Content Manager\libgcc_s_dw2-1.dll
2014-05-04 22:50 - 2012-01-06 14:53 - 02556416 _____ () C:\Program Files (x86)\Content Manager\QtCore4.dll
2014-05-04 22:50 - 2011-09-01 22:23 - 09933824 _____ () C:\Program Files (x86)\Content Manager\QtGui4.dll
2014-05-04 22:50 - 2011-09-01 21:53 - 01215488 _____ () C:\Program Files (x86)\Content Manager\QtNetwork4.dll
2014-05-04 22:50 - 2011-09-01 21:53 - 00271872 _____ () C:\Program Files (x86)\Content Manager\QtSql4.dll
2014-05-04 22:50 - 2011-09-01 21:49 - 00399360 _____ () C:\Program Files (x86)\Content Manager\QtXml4.dll
2014-05-04 22:50 - 2011-09-02 01:48 - 00478720 _____ () C:\Program Files (x86)\Content Manager\Plugins\sqldrivers\qsqlite4.dll
2013-03-11 12:03 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-04-27 20:13 - 2014-04-27 20:13 - 00552448 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\32988bernardozamora.spidersolitairehd_1fgex2kbsn6g8\AC\Microsoft\CLR_v4.0_32\NativeImages\Spider\0cddb1b28af5c3390e1df638116e3277\Spider.ni.exe
2014-04-27 20:12 - 2014-04-27 20:12 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\f2bf020fc6307e10194fd94e85d52a72\Windows.UI.Xaml.ni.dll
2014-04-27 20:12 - 2014-04-27 20:12 - 01130496 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\224ab0385dc2991b9139bdbf7bcf8e0e\Windows.ApplicationModel.ni.dll
2014-04-27 20:12 - 2014-04-27 20:12 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cf021988965369c551bb0987fe019862\Windows.Foundation.ni.dll
2014-04-27 20:12 - 2014-04-27 20:12 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c95c4deae76420a882bef7161a449d72\Windows.UI.ni.dll
2014-04-27 20:12 - 2014-04-27 20:12 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f3deb382d1f91df4e2bf1801afb4ea21\Windows.Storage.ni.dll
2014-04-27 20:12 - 2014-04-27 20:12 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\95e459fe3e0f12f2dc9f48fb91886621\Windows.Data.ni.dll
2014-04-27 20:12 - 2014-04-27 20:12 - 00402432 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\27136c94fce321fc4e76bccb5fc38fe0\Windows.Security.ni.dll
2014-04-27 20:12 - 2014-04-27 20:12 - 00238080 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll
2014-04-27 20:12 - 2014-04-27 20:12 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\726121cd59d8545addcd2c64688b5309\Windows.System.ni.dll
2014-04-27 20:12 - 2014-04-27 20:12 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\66db718389f1cd2503053c09b3de857f\Windows.Networking.ni.dll
2014-04-27 20:12 - 2014-04-27 20:12 - 01282048 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
2014-04-27 20:12 - 2014-04-27 20:12 - 00304128 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll
2014-04-27 20:14 - 2014-04-27 20:14 - 01702400 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.Studios.Wordament_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\WordamentWin8.1\ed4dcfa5884a097e90e9b52562942eff\WordamentWin8.1.ni.exe
2014-04-27 20:14 - 2014-04-27 20:14 - 00094208 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.Studios.Wordament_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\WordamentStrings\3ad7ce7e83ce95bdb27263c9f9372ee3\WordamentStrings.ni.dll
2014-04-27 20:14 - 2014-04-27 20:14 - 00483840 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.Studios.Wordament_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\7334cf3cd56e548536e510cce0ed4e14\Microsoft.Xbox.ni.dll
2014-04-27 20:13 - 2014-04-27 20:13 - 01916416 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Mahjong\2754c4c7cf85bd9cd5d586e9b242d700\Mahjong.ni.exe
2014-04-27 20:13 - 2014-04-27 20:13 - 00483840 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\7334cf3cd56e548536e510cce0ed4e14\Microsoft.Xbox.ni.dll
2014-04-27 20:13 - 2014-04-27 20:13 - 00122880 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ap4e5cc921#\d37ff81949f545d76ed5cf78c0d9e8fb\Arkadium.ApplicationFramework.ni.dll
2014-04-27 20:13 - 2014-04-27 20:13 - 01758720 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Dae4911807#\2f338f8a2419656937a3c951221f357c\Arkadium.DailyChallengeModule.ni.dll
2014-04-27 20:13 - 2014-04-27 20:13 - 00169984 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Acc213f109#\78ac0851afbd8e3a97b44acf7aba7e77\Arkadium.AchievementsModule.ni.dll
2014-04-27 20:13 - 2014-04-27 20:13 - 00269312 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Awd4f12c8f#\ca4af367c2d09a8a4a3cdb05ca99cbcd\Arkadium.AwardsModule.ni.dll
2014-04-27 20:13 - 2014-04-27 20:13 - 00322560 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Le816657bc#\81c21ccd1862a26c32df63976ebd35d8\Arkadium.LeaderboardModule.ni.dll
2014-04-27 20:13 - 2014-04-27 20:13 - 00660480 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ad1735b4ba#\615d7a27addfede854ef28cf814a6b53\Arkadium.Advertisement.ni.dll
2014-04-27 20:13 - 2014-04-27 20:13 - 00295936 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi4bbc307d#\5c68a509ee0219c4cc90802efcc0e32b\Arkadium.WindowsStoreModule.ni.dll
2014-04-27 20:13 - 2014-04-27 20:13 - 00120320 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Xaba8eb3bf#\3e1246728e5a834d1cd1bb0dd15834f3\Arkadium.Xaml.Toolkit.ni.dll
2014-04-27 20:13 - 2014-04-27 20:13 - 00283136 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.CdnModule\9f7b50f99e16af67f2af8d0bb755d24b\Arkadium.CdnModule.ni.dll
2014-04-27 20:12 - 2014-04-27 20:12 - 00770560 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Media\ae986fe3d2717c157eb1eeeb4d99aaa1\Windows.Media.ni.dll
2014-04-27 20:13 - 2014-04-27 20:13 - 00227328 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CEServices\5c7c9f4bd1fc9e9f637b2435b69ce105\CEServices.ni.dll
2014-04-27 20:13 - 2014-04-27 20:13 - 00041984 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.G42d2c636#\c9c9d32d102cd8eb4ad7d760ede11f62\Microsoft.Games.Sentient.ni.dll
2014-04-27 20:14 - 2014-04-27 20:14 - 00664576 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\MahjonggCla307edc05#\b9e3841a1a7ce9af864ee7d1436d36da\MahjonggClassicUIWin8_DP4.ni.dll
2014-04-27 20:14 - 2014-04-27 20:14 - 00012800 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Sh130cfbe4#\9ef21ae2ff95f96dcc5d7181d3ef82d5\Arkadium.SharpDXEngine.AudioLoader.ni.dll
2014-04-10 15:39 - 2014-04-10 15:40 - 00038912 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_2.3.1403.3117_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.AudioLoader.dll
2014-04-27 20:14 - 2014-04-27 20:14 - 00022528 _____ () C:\Users\Cathy Peters\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\MicrosoftAd439beb82#\3ae6b196a24212e98acd65f0f976c8f2\MicrosoftAdvertising_MMPPF.ni.dll
2014-05-30 19:37 - 2014-05-06 22:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:4B2F39D3
AlternateDataStreams: C:\Users\Cathy\Desktop\2155 Cathy Peters, How to prevent PC problems with daily care...eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathy\Documents\2 pictures for you.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathy\Documents\AN ACT OF DISGUST.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathy\Documents\Fwd_ Frost Flowers.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathy\Documents\FYI.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathy\Documents\Re_ AN ACT OF DISGUST My Response.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathy\Documents\[New post] Across the Down Staircase.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathy\Documents\[New post] It All Works Out.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathy\Documents\[New post] Two Thumbs Up.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathy Peters\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Cathy Peters\Desktop\jacquielawson.com password reminder.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathy Peters\Documents\AN ACT OF DISGUST.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathy Peters\Documents\Fwd_ Frost Flowers.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathy Peters\Documents\FYI.eml:OECustomProperty
AlternateDataStreams: C:\Users\Cathy Peters\Documents\Re_ AN ACT OF DISGUST My Response.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2014 01:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Mahjong.exe, version: 1.1.0.0, time stamp: 0x53393eda
Faulting module name: combase.dll, version: 6.3.9600.17031, time stamp: 0x53086d7c
Exception code: 0xc000027b
Fault offset: 0x000fb152
Faulting process id: 0x178c
Faulting application start time: 0xMahjong.exe0
Faulting application path: Mahjong.exe1
Faulting module path: Mahjong.exe2
Report Id: Mahjong.exe3
Faulting package full name: Mahjong.exe4
Faulting package-relative application ID: Mahjong.exe5

Error: (05/31/2014 07:09:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/31/2014 00:02:08 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/30/2014 10:01:26 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/30/2014 07:15:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FixilaPCOptimizer.exe version 1.0.18.2837 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 107c

Start Time: 01cf7c5c50cbf763

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Fixila PC Optimizer\FixilaPCOptimizer.exe

Report Id: 5862b612-e850-11e3-bf50-008cfa41fd4b

Faulting package full name:

Faulting package-relative application ID:

Error: (05/30/2014 07:11:26 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/30/2014 06:12:18 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/29/2014 07:41:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/29/2014 06:28:33 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (05/29/2014 06:26:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avguard.exe, version: 14.0.3.336, time stamp: 0x52fcd610
Faulting module name: WINHTTP.dll_unloaded, version: 6.3.9600.16384, time stamp: 0x521579c9
Exception code: 0xc0000005
Fault offset: 0x000021e5
Faulting process id: 0x6d0
Faulting application start time: 0xavguard.exe0
Faulting application path: avguard.exe1
Faulting module path: avguard.exe2
Report Id: avguard.exe3
Faulting package full name: avguard.exe4
Faulting package-relative application ID: avguard.exe5


System errors:
=============
Error: (05/31/2014 00:00:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

Error: (05/30/2014 07:56:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

Error: (05/30/2014 07:09:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

Error: (05/30/2014 06:09:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (05/30/2014 06:09:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (05/30/2014 06:09:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

Error: (05/30/2014 00:26:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fhsvc service.

Error: (05/29/2014 06:27:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (05/29/2014 06:27:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (05/29/2014 06:26:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-22 15:18:36.367
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2013-11-22 15:18:36.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2013-11-22 15:16:12.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2013-11-22 15:16:12.107
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2013-11-21 13:24:08.655
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2013-11-21 13:24:08.593
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2013-11-21 09:44:56.584
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2013-11-21 09:44:56.553
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2013-11-20 19:43:11.435
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2013-11-20 19:43:11.403
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 6028.22 MB
Available physical RAM: 3367.72 MB
Total Pagefile: 12172.22 MB
Available Pagefile: 8392.48 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (TI10657300D) (Fixed) (Total:454.14 GB) (Free:376.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

I hope you are there and this is correct. I am in my friends computer


  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I hope you are there and this is correct. I am in my friends computer


No worries, I'll be with you till we finish cleaning the computer. :thumbsup:

Let's get to work. :)



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with Farbar's Recovery Scan Tool
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
AppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll => "c:\progra~3\wincert\win32c~1.dll" File Not Found
HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\movies toolbar\datamngr\apcrtldr.dll <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findwi...CDECC}&serpv=22
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.mysearc...=1940348077&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1940348077&ir=
URLSearchHook: HKLM-x32 - Systweak Toolbar - {424e2f9c-eb5b-4b51-87e5-5831781bc515} - C:\Program Files (x86)\Systweak\prxtbSyst.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {03F415CC-6CCD-413A-B4A4-627DA7452B1C URL =
SearchScopes: HKLM - {540A905A-E2F6-5F02-08EC-535D8A78F003} URL = http://start.sweetpa...E-002713578B6D}
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...=1940348077&ir=
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.mysearc...r=867455213&ir=
SearchScopes: HKLM-x32 - DefaultScope {03F415CC-6CCD-413A-B4A4-627DA7452B1C URL = http://start.mysearc...r=867455213&ir=
SearchScopes: HKLM-x32 - {03F415CC-6CCD-413A-B4A4-627DA7452B1C URL = http://start.mysearc...r=867455213&ir=
SearchScopes: HKLM-x32 - {1B86AFD3-35D5-5C90-EC69-5471B0E1B8F9} URL =
SearchScopes: HKLM-x32 - {34e26447-bf30-4c78-a5b9-61dfa8a55e67} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...7-008CFA41FD4B}
SearchScopes: HKCU - DefaultScope {5B32698A-3BC2-4B7F-A3BB-A6021054DBF8} URL = http://search.findwi...k={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.genieo...q={searchTerms}
SearchScopes: HKCU - {540A905A-E2F6-5F02-08EC-535D8A78F003} URL =
SearchScopes: HKCU - {5B32698A-3BC2-4B7F-A3BB-A6021054DBF8} URL = http://search.findwi...k={searchTerms}
SearchScopes: HKCU - {6F22A46C-1D20-4875-9068-7F622835B13B} URL = http://start.mysearc...r=867455213&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...=1940348077&ir=
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL =
SearchScopes: HKCU - {CEF9A1DD-4657-419A-8ACE-68A4F709C7E1} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL =
BHO: No Name - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: No Name - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No File
BHO-x32: No Name - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
Toolbar: HKLM - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKLM - FindWide Toolbar - {CBC6E450-45FD-4299-A615-31323250B151} - C:\Program Files (x86)\TNT2\Profiles\10743\passport64.dll No File
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - No Name - {424E2F9C-EB5B-4B51-87E5-5831781BC515} - No File
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll No File
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-01-18]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKCU\...\Firefox\Extensions: [{af2c99b1-0bce-498b-a5d8-e08e0359cdac}] - C:\Program Files (x86)\BlockAndSurf-soft\157.xpi
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\CATHYP~1\AppData\Local\mysearchdial-speeddial.crx [2013-08-21]
CHR HKCU\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\Cathy Peters\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [2013-08-21]
CHR HKCU\...\Chrome\Extension: [edakhebdfmenljamaknlnnallmchcdei] - C:\Users\Cathy Peters\AppData\Local\CRE\edakhebdfmenljamaknlnnallmchcdei.crx [2013-08-21]
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Cathy Peters\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-21]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Cathy Peters\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-08-21]
CHR HKCU\...\Chrome\Extension: [lfoibgciimcbjkngfcdkebkgbecoeimf] - C:\Users\Cathy Peters\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx [2013-08-21]
CHR HKCU\...\Chrome\Extension: [liaonomjhndfhiipfagnmfmcenfhammp] - C:\Users\Cathy Peters\AppData\Local\CRE\liaonomjhndfhiipfagnmfmcenfhammp.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [apgjagobplilmcdfelodhgefiidomnfl] - C:\Program Files (x86)\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\Cathy Peters\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [edakhebdfmenljamaknlnnallmchcdei] - C:\Users\Cathy Peters\AppData\Local\CRE\edakhebdfmenljamaknlnnallmchcdei.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Cathy Peters\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Cathy Peters\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [lfoibgciimcbjkngfcdkebkgbecoeimf] - C:\Users\Cathy Peters\AppData\Local\CRE\lfoibgciimcbjkngfcdkebkgbecoeimf.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [liaonomjhndfhiipfagnmfmcenfhammp] - C:\Users\Cathy Peters\AppData\Local\CRE\liaonomjhndfhiipfagnmfmcenfhammp.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx [2013-09-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 70e6ca8c; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain
c:\progra~2\optimi~1
S1 qknfd; system32\drivers\qknfd.sys [X]
2014-05-15 22:04 - 2014-06-01 15:02 - 00000328 _____ () C:\WINDOWS\Tasks\Fixila PC Optimizer_DEFAULT.job
2014-05-15 22:04 - 2014-06-01 15:01 - 00003144 _____ () C:\WINDOWS\System32\Tasks\Fixila PC Optimizer
2014-05-15 22:04 - 2014-05-25 20:21 - 00000336 _____ () C:\WINDOWS\Tasks\Fixila PC Optimizer_UPDATES.job
2014-05-15 22:04 - 2014-05-25 20:21 - 00000000 ____D () C:\Program Files (x86)\Fixila PC Optimizer
2014-05-15 22:04 - 2014-05-25 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fixila PC Optimizer
2014-05-15 22:04 - 2014-05-25 19:59 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Roaming\Fixila
2014-05-15 22:04 - 2014-05-15 22:04 - 00003066 _____ () C:\WINDOWS\System32\Tasks\Fixila PC Optimizer_UPDATES
2014-05-15 22:04 - 2014-05-15 22:04 - 00002910 _____ () C:\WINDOWS\System32\Tasks\Fixila PC Optimizer_DEFAULT
2014-06-01 15:02 - 2014-05-15 22:04 - 00000328 _____ () C:\WINDOWS\Tasks\Fixila PC Optimizer_DEFAULT.job
2014-06-01 15:01 - 2014-05-15 22:04 - 00003144 _____ () C:\WINDOWS\System32\Tasks\Fixila PC Optimizer
2014-06-01 14:34 - 2014-01-18 23:34 - 00000324 _____ () C:\WINDOWS\Tasks\SaveSense.job
2014-05-30 19:02 - 2014-01-30 23:50 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-05-30 19:02 - 2014-01-26 14:08 - 00000000 ____D () C:\Program Files\Conduit
2014-05-30 19:02 - 2014-01-26 14:08 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-05-30 19:02 - 2013-06-21 19:24 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Local\Conduit
2014-05-30 18:24 - 2013-05-20 22:26 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-05-25 20:21 - 2014-05-15 22:04 - 00000336 _____ () C:\WINDOWS\Tasks\Fixila PC Optimizer_UPDATES.job
2014-05-25 20:21 - 2014-05-15 22:04 - 00000000 ____D () C:\Program Files (x86)\Fixila PC Optimizer
2014-05-25 20:18 - 2014-05-15 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fixila PC Optimizer
2014-05-25 20:18 - 2014-03-17 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Downloader
2014-05-25 20:18 - 2014-03-17 22:00 - 00000000 ____D () C:\Program Files (x86)\Video Downloader
2014-05-25 19:59 - 2014-05-15 22:04 - 00000000 ____D () C:\Users\Cathy Peters\AppData\Roaming\Fixila
2014-05-19 16:22 - 2014-04-06 19:03 - 00000000 ____D () C:\Program Files (x86)\Browsersafeguard
2014-05-16 14:28 - 2014-03-14 21:48 - 00000000 _____ () C:\END
C:\Users\Cathy Peters\AppData\Local\Temp\avgnt.exe
Task: {3B80543C-670A-473B-A38F-3BCA56760B1F} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-05-02] (Uniblue Systems Limited) <==== ATTENTION
Task: {734D0BA7-1E86-4829-8248-DD4BF0B05FEB} - System32\Tasks\Fixila PC Optimizer_UPDATES => C:\Program Files (x86)\Fixila PC Optimizer\FixilaPCOptimizer.exe [2014-01-02] (Fixila PC Optimizer)
Task: {79754D75-87F2-45AA-ADF9-0C0A7718AADB} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {7CC1A3FA-32D3-4009-9BDC-8E3230302720} - System32\Tasks\SaveSense => C:\Users\CATHYP~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {CFE7F9ED-4272-42AF-AF5E-BE4BDE1335CE} - System32\Tasks\Fixila PC Optimizer => C:\Program Files (x86)\Fixila PC Optimizer\FixilaPCOptimizer.exe [2014-01-02] (Fixila PC Optimizer)
C:\Program Files (x86)\Fixila PC Optimizer
Task: {E810A396-4022-4047-A72B-2EDB2A5301C0} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F74682ED-4FAF-40F9-B23C-20FA6B57FD98} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Fixila PC Optimizer_DEFAULT.job => C:\Program Files (x86)\Fixila PC Optimizer\FixilaPCOptimizer.exe
Task: C:\WINDOWS\Tasks\Fixila PC Optimizer_UPDATES.job => C:\Program Files (x86)\Fixila PC Optimizer\FixilaPCOptimizer.exe
Task: C:\WINDOWS\Tasks\SaveSense.job => C:\Users\CATHYP~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
C:\Program Files (x86)\Uniblue
Task: {7D07A3E2-215B-4CCA-AB46-0B1B98782A6F} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-05-02] (Uniblue Systems Limited) <==== ATTENTION
Task: {3B80543C-670A-473B-A38F-3BCA56760B1F} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-05-02] (Uniblue Systems Limited) <==== ATTENTION
2014-05-25 19:58 - 2014-05-16 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2014-05-25 19:57 - 2014-05-16 11:30 - 00000000 ____D () C:\Program Files (x86)\Uniblue
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove."
  • Look for this item under the Registry tab: Key Found : HKCU\Software\AppDataLow\Software and Uncheck it.
  • Once you have unchecked that item, press the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Things I need to see in your next post:

Fixlog.txt Log

AdwCleaner Log

Junkware Removal Tool Log.

  • 0

#7
ctpchatty

ctpchatty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I just got back to my friends house and I am stopped because she have Avira Anti Virus and it does not how up in her programs.It does show up in her aps (I know nothing about Windows 8) but there is nowhere to uninstall or disable it Can you help


  • 0

#8
ctpchatty

ctpchatty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Unfortunatly my time is limited today. I cannot get back to this until tomorrow evening EDT. If you can tell me how to disable this Avira I found the folders in the Program files but it does not show up in the Aps just in the Programs. Unfortunately it does not show up in the uninstall area where I would take it out but I am unable to find the area  to do that. I now realize I will ever own a computer with Windows 8.


  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Unfortunatly my time is limited today. I cannot get back to this until tomorrow evening EDT. If you can tell me how to disable this Avira I found the folders in the Program files but it does not show up in the Aps just in the Programs. Unfortunately it does not show up in the uninstall area where I would take it out but I am unable to find the area  to do that. I now realize I will ever own a computer with Windows 8.


I don't want you to uninstall it, just disable it for the time being so the fixes can run without interference. :) To temporarily shut down Avira, please follow the instructions below:

AVIRA ANTIVIR
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background icon.

Right click it-> untick the option AntiVir Guard enable.

You should now see a closed, white umbrella on a red background.

Once you have done this, please proceed with the rest of the instructions. :thumbsup:
  • 0

#10
ctpchatty

ctpchatty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I would like to thank you for your assistance. I have been happy with the knowledge and care that you guys give to me when I need the help.  My friend decided to take her computer to a shop that charged her a ton to clean it out. She wanted to pay me and I would not take any money so she felt bad about  taking my time to work on her computer.  You can close this ticket and again, thanks so much for your help.


  • 0

#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I would like to thank you for your assistance. I have been happy with the knowledge and care that you guys give to me when I need the help.  My friend decided to take her computer to a shop that charged her a ton to clean it out. She wanted to pay me and I would not take any money so she felt bad about  taking my time to work on her computer.  You can close this ticket and again, thanks so much for your help.


Ok, will do. :) You're quite welcome. :thumbsup:
  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP