STEP ONE:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Owner (administrator) on OWNER-PC on 04-09-2014 14:38:28
Running from C:\Users\Owner\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-31] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default
FF Homepage: hxxp://www.google.com/
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-31]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSearchProvider: Default -> Ask
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-01]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-31]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-31] (AVAST Software)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-31] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-04 14:34 - 2014-09-04 14:34 - 00000633 _____ () C:\Users\Owner\Downloads\JRT.txt
2014-09-04 14:33 - 2014-09-04 14:33 - 00000633 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-04 14:24 - 2014-09-04 14:24 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-09-04 14:11 - 2014-09-04 14:11 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-09-04 13:37 - 2014-09-04 13:37 - 01370467 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-09-03 21:43 - 2014-09-03 21:52 - 00039844 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-03 17:50 - 2014-09-03 17:50 - 00002124 _____ () C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.txt
2014-09-03 17:39 - 2014-09-03 17:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:39 - 2014-09-03 17:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 17:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 17:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 17:38 - 2014-09-03 17:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 14:26 - 2014-09-03 14:27 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved) (1).xlsx
2014-09-03 14:26 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved).xlsx
2014-09-03 13:38 - 2014-09-03 13:38 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-03 12:26 - 2014-09-03 12:26 - 02136309 _____ () C:\Users\Owner\Desktop\Search.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00002209 _____ () C:\Users\Owner\Downloads\aswMBR.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00000512 _____ () C:\Users\Owner\Downloads\MBR.dat
2014-09-02 13:17 - 2014-09-02 13:17 - 05185536 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr (1).exe
2014-09-02 13:16 - 2014-09-02 13:16 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-02 13:13 - 2014-09-02 13:13 - 00001202 _____ () C:\Users\Owner\Downloads\[Untitled] (1) - Shortcut.lnk
2014-09-02 13:12 - 2014-09-03 21:52 - 00032074 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-02 13:11 - 2014-09-04 14:39 - 00011003 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-02 13:11 - 2014-09-04 14:38 - 00000000 ____D () C:\FRST
2014-09-02 13:09 - 2014-09-02 13:09 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-01 22:13 - 2014-09-03 12:20 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-01 22:13 - 2014-09-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 22:12 - 2014-09-04 14:37 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 22:12 - 2014-09-04 14:17 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 22:12 - 2014-09-01 22:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-01 22:12 - 2014-09-01 22:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-01 21:31 - 2014-09-04 13:57 - 00000000 ____D () C:\AdwCleaner
2014-09-01 16:16 - 2014-09-01 21:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-01 11:26 - 2010-08-05 17:01 - 00014680 _____ () C:\Windows\system32\sh4native.exe
2014-08-31 22:09 - 2014-08-31 22:09 - 00284224 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00857696 _____ ( ) C:\Users\Owner\Downloads\Firefox_Setup.exe
2014-08-31 22:05 - 2014-08-31 22:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 22:04 - 2014-09-04 13:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-31 22:04 - 2014-08-31 22:05 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 22:04 - 2014-08-31 22:04 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 22:04 - 2014-08-31 22:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 22:03 - 2014-08-31 22:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-31 21:59 - 2014-09-01 22:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-29 11:14 - 2014-09-01 11:34 - 00003127 _____ () C:\sh4_service.log
2014-08-29 07:13 - 2014-08-29 07:13 - 00319923 _____ () C:\spyhunter.log
2014-08-28 23:50 - 2013-10-18 15:01 - 00285747 _____ () C:\shldr
2014-08-28 23:50 - 2013-10-18 15:01 - 00008192 _____ () C:\shldr.mbr
2014-08-28 22:45 - 2014-08-28 22:45 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:44 - 2014-08-28 22:44 - 00002216 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\sh4ldr
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:44 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-08-28 22:41 - 2014-08-28 22:41 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2014-08-27 20:51 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:51 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:51 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:26 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 12:26 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 12:26 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 12:26 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 12:26 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 12:26 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 12:25 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 12:25 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 16:56 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 16:56 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 16:56 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:56 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:56 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 16:56 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 16:56 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 16:56 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:56 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 16:56 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:56 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 16:56 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:56 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 16:56 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 16:56 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:56 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:56 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 16:56 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 16:56 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 16:56 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:56 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 16:56 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 16:56 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 16:56 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 16:56 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:56 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 16:56 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 16:56 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 16:56 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 16:56 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:56 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 16:56 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 16:56 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:56 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 16:56 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 16:56 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 16:56 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 16:56 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:56 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 16:56 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 16:56 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:56 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 16:56 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 16:56 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 16:56 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 16:56 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:56 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 16:56 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 16:56 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 16:56 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 16:56 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:56 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:56 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 16:56 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 16:56 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 16:56 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 16:56 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 16:56 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 16:56 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 16:56 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 16:56 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 16:56 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 16:56 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 16:56 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 16:56 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 16:55 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 16:55 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 16:55 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 16:55 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-04 14:39 - 2014-09-02 13:11 - 00011003 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-04 14:38 - 2014-09-02 13:11 - 00000000 ____D () C:\FRST
2014-09-04 14:37 - 2014-09-01 22:12 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 14:37 - 2012-04-04 21:20 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-09-04 14:37 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 14:37 - 2009-07-14 00:51 - 00074819 _____ () C:\Windows\setupact.log
2014-09-04 14:36 - 2012-04-04 21:02 - 01346267 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 14:34 - 2014-09-04 14:34 - 00000633 _____ () C:\Users\Owner\Downloads\JRT.txt
2014-09-04 14:33 - 2014-09-04 14:33 - 00000633 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-04 14:24 - 2014-09-04 14:24 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-09-04 14:17 - 2014-09-01 22:12 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 14:11 - 2014-09-04 14:11 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-09-04 14:05 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 14:05 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 13:58 - 2014-08-31 22:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-04 13:57 - 2014-09-01 21:31 - 00000000 ____D () C:\AdwCleaner
2014-09-04 13:57 - 2013-11-02 12:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 13:57 - 2011-11-03 05:57 - 01460776 _____ () C:\Windows\PFRO.log
2014-09-04 13:37 - 2014-09-04 13:37 - 01370467 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-09-03 21:52 - 2014-09-03 21:43 - 00039844 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-03 21:52 - 2014-09-02 13:12 - 00032074 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-03 17:54 - 2014-09-03 17:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:50 - 2014-09-03 17:50 - 00002124 _____ () C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.txt
2014-09-03 17:39 - 2014-09-03 17:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:38 - 2014-09-03 17:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 16:02 - 2012-04-04 18:47 - 00000000 ___HD () C:\ASUS.DAT
2014-09-03 14:27 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved) (1).xlsx
2014-09-03 14:26 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved).xlsx
2014-09-03 13:38 - 2014-09-03 13:38 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-03 12:26 - 2014-09-03 12:26 - 02136309 _____ () C:\Users\Owner\Desktop\Search.txt
2014-09-03 12:20 - 2014-09-01 22:13 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-02 20:48 - 2009-07-14 01:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-02 20:46 - 2013-03-22 19:40 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-09-02 20:32 - 2013-03-22 19:40 - 00012045 _____ () C:\Users\Owner\Documents\Passwords RSW (Autosaved).xlsx
2014-09-02 13:26 - 2014-09-02 13:26 - 00002209 _____ () C:\Users\Owner\Downloads\aswMBR.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00000512 _____ () C:\Users\Owner\Downloads\MBR.dat
2014-09-02 13:17 - 2014-09-02 13:17 - 05185536 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr (1).exe
2014-09-02 13:16 - 2014-09-02 13:16 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-02 13:13 - 2014-09-02 13:13 - 00001202 _____ () C:\Users\Owner\Downloads\[Untitled] (1) - Shortcut.lnk
2014-09-02 13:09 - 2014-09-02 13:09 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-01 22:32 - 2013-11-02 12:32 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-01 22:32 - 2013-11-02 12:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-01 22:32 - 2013-11-02 12:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-01 22:13 - 2014-09-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 22:13 - 2014-08-31 21:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-01 22:12 - 2014-09-01 22:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-01 22:12 - 2014-09-01 22:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:37 - 2012-04-04 21:18 - 00002814 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-09-01 21:04 - 2014-09-01 16:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-01 11:34 - 2014-08-29 11:14 - 00003127 _____ () C:\sh4_service.log
2014-08-31 22:13 - 2012-04-04 21:18 - 00001501 _____ () C:\Windows\system32\ServiceFilter.ini
2014-08-31 22:09 - 2014-08-31 22:09 - 00284224 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00857696 _____ ( ) C:\Users\Owner\Downloads\Firefox_Setup.exe
2014-08-31 22:05 - 2014-08-31 22:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 22:05 - 2014-08-31 22:04 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 22:04 - 2014-08-31 22:04 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 22:04 - 2014-08-31 22:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 22:03 - 2014-08-31 22:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 22:03 - 2012-09-09 22:45 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-31 21:45 - 2012-04-09 12:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2014-08-31 20:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-29 13:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-29 07:13 - 2014-08-29 07:13 - 00319923 _____ () C:\spyhunter.log
2014-08-29 07:13 - 2013-04-15 15:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE
2014-08-28 22:45 - 2014-08-28 22:45 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:44 - 2014-08-28 22:44 - 00002216 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\sh4ldr
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:41 - 2014-08-28 22:41 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2014-08-28 21:44 - 2009-07-13 22:34 - 00000580 _____ () C:\Windows\win.ini
2014-08-28 21:39 - 2012-04-04 18:48 - 00001415 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-28 12:40 - 2009-07-14 00:45 - 00410024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 22:07 - 2014-08-27 20:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 20:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 20:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:53 - 2012-04-09 13:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 12:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 12:42 - 2013-08-09 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 12:38 - 2012-04-08 00:12 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 12:24 - 2014-05-07 13:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-06 22:06 - 2014-08-15 16:55 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 16:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2012-04-04 19:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-29 13:22
==================== End Of Log ============================
STEP 2:
Chrome setting changed from Default Google to ASK ... FYI I hate ASK
STEP 3:
AdwCleaner:
# AdwCleaner v3.309 - Report created 04/09/2014 at 13:57:19
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v19.0.2 (en-US)
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\prefs.js ]
-\\ Google Chrome v37.0.2062.103
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
*************************
AdwCleaner[R0].txt - [16305 octets] - [01/09/2014 21:32:03]
AdwCleaner[R1].txt - [1059 octets] - [04/09/2014 13:37:58]
AdwCleaner[R2].txt - [1120 octets] - [04/09/2014 13:52:32]
AdwCleaner[S0].txt - [16283 octets] - [01/09/2014 21:34:37]
AdwCleaner[S1].txt - [1188 octets] - [04/09/2014 13:57:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1248 octets] ##########
STEP 4: Junkware Removal Tool Log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Thu 09/04/2014 at 14:12:22.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/04/2014 at 14:33:48.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STEP 5: Avast
Turned on. Everything is good is what it reads. Rebooted. Still same
STEP 6:
Reran FRST64.exe
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Owner (administrator) on OWNER-PC on 04-09-2014 14:58:16
Running from C:\Users\Owner\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-31] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default
FF Homepage: hxxp://www.google.com/
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-31]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSearchProvider: Default -> Ask
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-01]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-31]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-31] (AVAST Software)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-31] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-04 14:34 - 2014-09-04 14:34 - 00000633 _____ () C:\Users\Owner\Downloads\JRT.txt
2014-09-04 14:33 - 2014-09-04 14:33 - 00000633 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-04 14:24 - 2014-09-04 14:24 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-09-04 14:11 - 2014-09-04 14:11 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-09-04 13:37 - 2014-09-04 13:37 - 01370467 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-09-03 21:43 - 2014-09-03 21:52 - 00039844 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-03 17:50 - 2014-09-03 17:50 - 00002124 _____ () C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.txt
2014-09-03 17:39 - 2014-09-03 17:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:39 - 2014-09-03 17:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 17:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 17:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 17:38 - 2014-09-03 17:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 14:26 - 2014-09-03 14:27 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved) (1).xlsx
2014-09-03 14:26 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved).xlsx
2014-09-03 13:38 - 2014-09-03 13:38 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-03 12:26 - 2014-09-03 12:26 - 02136309 _____ () C:\Users\Owner\Desktop\Search.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00002209 _____ () C:\Users\Owner\Downloads\aswMBR.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00000512 _____ () C:\Users\Owner\Downloads\MBR.dat
2014-09-02 13:17 - 2014-09-02 13:17 - 05185536 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr (1).exe
2014-09-02 13:16 - 2014-09-02 13:16 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-02 13:13 - 2014-09-02 13:13 - 00001202 _____ () C:\Users\Owner\Downloads\[Untitled] (1) - Shortcut.lnk
2014-09-02 13:12 - 2014-09-03 21:52 - 00032074 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-02 13:11 - 2014-09-04 14:58 - 00011422 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-02 13:11 - 2014-09-04 14:58 - 00000000 ____D () C:\FRST
2014-09-02 13:09 - 2014-09-02 13:09 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-01 22:13 - 2014-09-03 12:20 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-01 22:13 - 2014-09-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 22:12 - 2014-09-04 14:37 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 22:12 - 2014-09-04 14:17 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 22:12 - 2014-09-01 22:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-01 22:12 - 2014-09-01 22:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-01 21:31 - 2014-09-04 13:57 - 00000000 ____D () C:\AdwCleaner
2014-09-01 16:16 - 2014-09-01 21:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-01 11:26 - 2010-08-05 17:01 - 00014680 _____ () C:\Windows\system32\sh4native.exe
2014-08-31 22:09 - 2014-08-31 22:09 - 00284224 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00857696 _____ ( ) C:\Users\Owner\Downloads\Firefox_Setup.exe
2014-08-31 22:05 - 2014-08-31 22:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 22:04 - 2014-09-04 13:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-31 22:04 - 2014-08-31 22:05 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 22:04 - 2014-08-31 22:04 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 22:04 - 2014-08-31 22:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 22:03 - 2014-08-31 22:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-31 21:59 - 2014-09-01 22:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-29 11:14 - 2014-09-01 11:34 - 00003127 _____ () C:\sh4_service.log
2014-08-29 07:13 - 2014-08-29 07:13 - 00319923 _____ () C:\spyhunter.log
2014-08-28 23:50 - 2013-10-18 15:01 - 00285747 _____ () C:\shldr
2014-08-28 23:50 - 2013-10-18 15:01 - 00008192 _____ () C:\shldr.mbr
2014-08-28 22:45 - 2014-08-28 22:45 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:44 - 2014-08-28 22:44 - 00002216 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\sh4ldr
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:44 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-08-28 22:41 - 2014-08-28 22:41 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2014-08-27 20:51 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:51 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:51 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:26 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 12:26 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 12:26 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 12:26 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 12:26 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 12:26 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 12:25 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 12:25 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 16:56 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 16:56 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 16:56 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:56 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:56 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 16:56 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 16:56 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 16:56 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:56 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 16:56 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:56 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 16:56 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:56 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 16:56 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 16:56 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:56 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:56 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 16:56 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 16:56 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 16:56 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:56 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 16:56 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 16:56 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 16:56 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 16:56 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:56 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 16:56 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 16:56 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 16:56 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 16:56 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:56 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 16:56 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 16:56 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:56 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 16:56 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 16:56 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 16:56 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 16:56 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:56 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 16:56 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 16:56 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:56 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 16:56 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 16:56 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 16:56 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 16:56 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:56 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 16:56 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 16:56 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 16:56 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 16:56 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:56 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:56 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 16:56 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 16:56 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 16:56 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 16:56 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 16:56 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 16:56 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 16:56 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 16:56 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 16:56 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 16:56 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 16:56 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 16:56 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 16:55 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 16:55 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 16:55 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 16:55 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-04 14:58 - 2014-09-02 13:11 - 00011422 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-04 14:58 - 2014-09-02 13:11 - 00000000 ____D () C:\FRST
2014-09-04 14:57 - 2013-11-02 12:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 14:44 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 14:44 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 14:37 - 2014-09-01 22:12 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 14:37 - 2012-04-04 21:20 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-09-04 14:37 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 14:37 - 2009-07-14 00:51 - 00074819 _____ () C:\Windows\setupact.log
2014-09-04 14:36 - 2012-04-04 21:02 - 01349627 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 14:34 - 2014-09-04 14:34 - 00000633 _____ () C:\Users\Owner\Downloads\JRT.txt
2014-09-04 14:33 - 2014-09-04 14:33 - 00000633 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-04 14:24 - 2014-09-04 14:24 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-09-04 14:17 - 2014-09-01 22:12 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 14:11 - 2014-09-04 14:11 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-09-04 13:58 - 2014-08-31 22:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-04 13:57 - 2014-09-01 21:31 - 00000000 ____D () C:\AdwCleaner
2014-09-04 13:57 - 2011-11-03 05:57 - 01460776 _____ () C:\Windows\PFRO.log
2014-09-04 13:37 - 2014-09-04 13:37 - 01370467 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-09-03 21:52 - 2014-09-03 21:43 - 00039844 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-03 21:52 - 2014-09-02 13:12 - 00032074 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-03 17:54 - 2014-09-03 17:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:50 - 2014-09-03 17:50 - 00002124 _____ () C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.txt
2014-09-03 17:39 - 2014-09-03 17:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:38 - 2014-09-03 17:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 16:02 - 2012-04-04 18:47 - 00000000 ___HD () C:\ASUS.DAT
2014-09-03 14:27 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved) (1).xlsx
2014-09-03 14:26 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved).xlsx
2014-09-03 13:38 - 2014-09-03 13:38 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-03 12:26 - 2014-09-03 12:26 - 02136309 _____ () C:\Users\Owner\Desktop\Search.txt
2014-09-03 12:20 - 2014-09-01 22:13 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-02 20:48 - 2009-07-14 01:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-02 20:46 - 2013-03-22 19:40 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-09-02 20:32 - 2013-03-22 19:40 - 00012045 _____ () C:\Users\Owner\Documents\Passwords RSW (Autosaved).xlsx
2014-09-02 13:26 - 2014-09-02 13:26 - 00002209 _____ () C:\Users\Owner\Downloads\aswMBR.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00000512 _____ () C:\Users\Owner\Downloads\MBR.dat
2014-09-02 13:17 - 2014-09-02 13:17 - 05185536 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr (1).exe
2014-09-02 13:16 - 2014-09-02 13:16 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-02 13:13 - 2014-09-02 13:13 - 00001202 _____ () C:\Users\Owner\Downloads\[Untitled] (1) - Shortcut.lnk
2014-09-02 13:09 - 2014-09-02 13:09 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-01 22:32 - 2013-11-02 12:32 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-01 22:32 - 2013-11-02 12:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-01 22:32 - 2013-11-02 12:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-01 22:13 - 2014-09-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 22:13 - 2014-08-31 21:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-01 22:12 - 2014-09-01 22:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-01 22:12 - 2014-09-01 22:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:37 - 2012-04-04 21:18 - 00002814 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-09-01 21:04 - 2014-09-01 16:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-01 11:34 - 2014-08-29 11:14 - 00003127 _____ () C:\sh4_service.log
2014-08-31 22:13 - 2012-04-04 21:18 - 00001501 _____ () C:\Windows\system32\ServiceFilter.ini
2014-08-31 22:09 - 2014-08-31 22:09 - 00284224 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00857696 _____ ( ) C:\Users\Owner\Downloads\Firefox_Setup.exe
2014-08-31 22:05 - 2014-08-31 22:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 22:05 - 2014-08-31 22:04 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 22:04 - 2014-08-31 22:04 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 22:04 - 2014-08-31 22:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 22:03 - 2014-08-31 22:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 22:03 - 2012-09-09 22:45 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-31 21:45 - 2012-04-09 12:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2014-08-31 20:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-29 13:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-29 07:13 - 2014-08-29 07:13 - 00319923 _____ () C:\spyhunter.log
2014-08-29 07:13 - 2013-04-15 15:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE
2014-08-28 22:45 - 2014-08-28 22:45 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:44 - 2014-08-28 22:44 - 00002216 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\sh4ldr
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:41 - 2014-08-28 22:41 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2014-08-28 21:44 - 2009-07-13 22:34 - 00000580 _____ () C:\Windows\win.ini
2014-08-28 21:39 - 2012-04-04 18:48 - 00001415 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-28 12:40 - 2009-07-14 00:45 - 00410024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 22:07 - 2014-08-27 20:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 20:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 20:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:53 - 2012-04-09 13:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 12:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 12:42 - 2013-08-09 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 12:38 - 2012-04-08 00:12 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 12:24 - 2014-05-07 13:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-06 22:06 - 2014-08-15 16:55 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 16:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2012-04-04 19:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-29 13:22
==================== End Of Log ============================
Hope this helps.