Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

chrome.exe virus/malware [Solved]

Started by rsw74 , Sep 01 2014 09:03 PM

  • This topic is locked This topic is locked

#1
rsw74
Posted 01 September 2014 - 09:03 PM

rsw74

    Member

  • Member
  • PipPip
  • 14 posts

Please help for days now I have been trying to remove this. I was kept showing up through as a harmful webpage blocked by avast. I purchased SpyHunter4 and scanned multiple times. No change. Updated Avast re-scanned, no change. Uploaded Adwcleaner. No change. Attached are the notes from that:  

 

# AdwCleaner v3.308 - Report created 01/09/2014 at 21:34:37
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42YG2JR7\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : BackupStack
[#] Service Deleted : servervo
Service Deleted : {9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\MyPC Backup
[#] Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\wse_astromenda
Folder Deleted : C:\Users\Owner\AppData\Local\torch
Folder Deleted : C:\Users\Owner\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Owner\AppData\Roaming\Conduit
Folder Deleted : C:\Users\Owner\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Owner\AppData\Roaming\pluswinks
Folder Deleted : C:\Users\Owner\AppData\Roaming\SpeedAnalysis2
Folder Deleted : C:\Users\Owner\AppData\Roaming\Strongvault
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Smartbar
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\ValueApps
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys
File Deleted : C:\Users\Owner\AppData\Roaming\speedanalysis.ico
File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\invalidprefs.js
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : LaunchSignup
Task Deleted : 92ccb0a1-3494-4164-b7af-81ee70dfd6b1
Task Deleted : d72b4289-c38e-422f-99c5-435c278cd362-4
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BRS]
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKCU\Software\5b6d6dfbc38e417
Key Deleted : HKLM\SOFTWARE\5b6d6dfbc38e417
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\Astromenda
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\iLividSRTB
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Astromenda
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v19.0.2 (en-US)
 
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : mocblcnaofikinigmceddfghppkkjbog
 
*************************
 
AdwCleaner[R0].txt - [16305 octets] - [01/09/2014 21:32:03]
AdwCleaner[S0].txt - [15937 octets] - [01/09/2014 21:34:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15998 octets] ##########
 
Proceeded to run Junkware Removal Tool. No change: See attached notes: 
 
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Mon 09/01/2014 at 21:42:10.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\syswow64\sho2181.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8FC5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCBD9.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEBD5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoECBD.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0048DA31-4ED9-4FF6-A075-D787D7487489}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4045707D-C0F6-4BE2-9FF4-AC3B4FCDDB04}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{51355A98-B095-429A-9EEE-D85A6B11268D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7C04C151-FB87-4BF6-8891-9FE006D89865}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BD96731C-C79D-462E-B6A1-5285F22D176F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DFA39B3A-BE50-4259-85C1-C443FF7DB827}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E99F7814-24F3-4650-9CBC-347C963DBBEE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F4C55943-48C3-4ADE-B3ED-28B8E8D527FC}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/01/2014 at 22:10:26.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Finally was able to uninstall the Idle Crawler (have been trying for days and it wouldn't allow).  Please help I am so frustrated and at a loss of what I can do. I really do not want have to format this laptop.  Please advise. Please and Thank you. 

 


  • 0

Advertisements

#2
dbreeze
Posted 02 September 2014 - 12:38 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Hi rsw74,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

Let's get started....


First, please download Farbar Recovery Scan Tool 64bit and save it to your Desktop. If you don't download it to your dekstop, please move the file to your desktop; this will make the work we will do with this tool much easier later on.

  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

Next, download aswMBR.exe to your desktop. If you already have this application, this is a new version I need you to download. Again, if you don't download this to your desktop, please move it there before running the scan.

Double click the aswMBR.exe to run it

aswMBR1.png

Click the "Scan" button to start scan

If your computer supports Virtualization Technology, select Yes to use it for rootkit detection.

msgbox.png

On completion of the scan click Save Log, save it to your desktop and post in your next reply

aswMBR2.png

The tool will also produce a copy of the mbrdump labeled MBR.dat. Please zip that file and attach it to a reply.


Things to reply with>>>>

  • Details on how your system is running / acting: all broswers? just one browser? etc.
  • The FRST.txt log text pasted in a reply post.
  • The Addition.txt log text pasted in a reply post.
  • The aswMBR.txt log pasted in a reply post.
  • Any questions you have.

  • 0

#3
rsw74
Posted 02 September 2014 - 11:27 AM

rsw74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Thank you for responding. I have no problem with you being a student; two eyes are always better than one.

Normally the laptop is always running or in sleep mode. Typically Google Chrome is the browser used and that where the problems first started. In the Task Manager there shows (4) chrome.exe *32  running at any one time. Laptop has been very slow but is slowly starting to improve. Here are the logs as requested. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Owner (administrator) on OWNER-PC on 02-09-2014 13:11:48
Running from C:\Users\Owner\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-31] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4017879251-712517348-3191472780-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-4017879251-712517348-3191472780-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-4017879251-712517348-3191472780-1000\...\MountPoints2: {3808f2e2-3055-11e2-929f-c860002b2f61} - E:\MotoCastSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default
FF Homepage: hxxp://www.google.com/
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ShopBuddy - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95} [2014-07-10]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-31]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.aol.com/"
CHR DefaultSearchKeyword: Default -> BA76BDBA0DC0A69BBE2A63B7EC1070A0D3ED1A0432A83413A01D8147E7545948
CHR DefaultSearchProvider: Default -> 57964E7F4D8F6445AB9F80DF2EC01129845A9A501E5F28E261D82039000C949C
CHR DefaultSearchURL: Default -> FBD15F79EE25BD327B91CEC2749FBC1B7C9134B3F3BDD8AD3D0C046459B0298A
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-01]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-01]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-01]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-01]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-31]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-31] (AVAST Software)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
S2 pZgHGiAO; "C:\ProgramData\pJxWIVRBLT\pZgHGiAO.exe" [X]
S2 scores; C:\Windows\score.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-31] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-31] ()
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
U4 CltMngSvc; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 13:11 - 2014-09-02 13:12 - 00014095 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-02 13:11 - 2014-09-02 13:11 - 00000000 ____D () C:\FRST
2014-09-02 13:09 - 2014-09-02 13:09 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-01 22:13 - 2014-09-01 22:13 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-01 22:13 - 2014-09-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 22:12 - 2014-09-02 12:57 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 22:12 - 2014-09-01 23:17 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 22:12 - 2014-09-01 22:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-01 22:12 - 2014-09-01 22:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-01 22:10 - 2014-09-01 22:10 - 00002118 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:36 - 2014-09-01 21:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Free Download Manager
2014-09-01 21:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-01 21:31 - 2014-09-01 22:16 - 00000000 ____D () C:\AdwCleaner
2014-09-01 16:16 - 2014-09-01 21:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-01 14:20 - 2014-09-01 21:14 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-09-01 14:20 - 2014-09-01 14:20 - 00001069 _____ () C:\Users\Owner\Desktop\Free Download Manager.lnk
2014-09-01 14:20 - 2014-09-01 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-09-01 14:18 - 2014-09-01 14:18 - 00247160 _____ (Software Installer ) C:\Users\Owner\Downloads\Setup (1).exe
2014-09-01 11:26 - 2010-08-05 17:01 - 00014680 _____ () C:\Windows\system32\sh4native.exe
2014-08-31 22:09 - 2014-08-31 22:09 - 00284224 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00857696 _____ ( ) C:\Users\Owner\Downloads\Firefox_Setup.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00001119 _____ () C:\Users\Owner\Desktop\Continue Firefox Installation.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 22:04 - 2014-09-02 12:57 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-31 22:04 - 2014-08-31 22:05 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 22:04 - 2014-08-31 22:04 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 22:04 - 2014-08-31 22:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 22:03 - 2014-08-31 22:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-31 21:59 - 2014-09-01 22:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-29 11:14 - 2014-09-01 11:34 - 00003127 _____ () C:\sh4_service.log
2014-08-29 07:13 - 2014-08-29 07:13 - 00319923 _____ () C:\spyhunter.log
2014-08-28 23:50 - 2013-10-18 15:01 - 00285747 _____ () C:\shldr
2014-08-28 23:50 - 2013-10-18 15:01 - 00008192 _____ () C:\shldr.mbr
2014-08-28 22:45 - 2014-08-28 22:45 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:44 - 2014-08-28 22:44 - 00003326 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-08-28 22:44 - 2014-08-28 22:44 - 00002216 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\sh4ldr
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:44 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-08-28 22:43 - 2014-08-28 22:44 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-28 22:41 - 2014-08-28 22:41 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2014-08-28 21:59 - 2014-08-28 21:59 - 00003098 _____ () C:\Windows\System32\Tasks\{BC32EEB2-9C7D-4AC0-A225-CB87BCC6233D}
2014-08-28 21:19 - 2014-08-28 21:19 - 00000046 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-08-28 20:16 - 2014-08-29 07:13 - 00000000 ____D () C:\ProgramData\pJxWIVRBLT
2014-08-28 20:13 - 2014-08-28 20:13 - 01510120 _____ () C:\Users\Owner\Downloads\Setup.exe
2014-08-27 20:51 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:51 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:51 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:26 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 12:26 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 12:26 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 12:26 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 12:26 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 12:26 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 12:25 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 12:25 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 16:56 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 16:56 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 16:56 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:56 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:56 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 16:56 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 16:56 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 16:56 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:56 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 16:56 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:56 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 16:56 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:56 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 16:56 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 16:56 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:56 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:56 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 16:56 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 16:56 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 16:56 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:56 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 16:56 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 16:56 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 16:56 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 16:56 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:56 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 16:56 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 16:56 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 16:56 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 16:56 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:56 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 16:56 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 16:56 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:56 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 16:56 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 16:56 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 16:56 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 16:56 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:56 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 16:56 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 16:56 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:56 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 16:56 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 16:56 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 16:56 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 16:56 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:56 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 16:56 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 16:56 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 16:56 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 16:56 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:56 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:56 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 16:56 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 16:56 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 16:56 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 16:56 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 16:56 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 16:56 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 16:56 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 16:56 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 16:56 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 16:56 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 16:56 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 16:56 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 16:55 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 16:55 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 16:55 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 16:55 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 13:12 - 2014-09-02 13:11 - 00014095 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-02 13:11 - 2014-09-02 13:11 - 00000000 ____D () C:\FRST
2014-09-02 13:09 - 2014-09-02 13:09 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-02 13:08 - 2012-04-04 21:02 - 01249514 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 13:04 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 13:04 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 12:57 - 2014-09-01 22:12 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 12:57 - 2014-08-31 22:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 12:57 - 2012-04-04 21:20 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-09-02 12:57 - 2012-04-04 18:47 - 00000000 ___HD () C:\ASUS.DAT
2014-09-02 12:57 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 12:57 - 2009-07-14 00:51 - 00074147 _____ () C:\Windows\setupact.log
2014-09-01 23:17 - 2014-09-01 22:12 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 23:04 - 2013-03-22 19:40 - 00012049 _____ () C:\Users\Owner\Documents\Passwords RSW (Autosaved).xlsx
2014-09-01 22:57 - 2013-11-02 12:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 22:32 - 2013-11-02 12:32 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-01 22:32 - 2013-11-02 12:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-01 22:32 - 2013-11-02 12:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-01 22:16 - 2014-09-01 21:31 - 00000000 ____D () C:\AdwCleaner
2014-09-01 22:16 - 2011-11-03 05:57 - 01454110 _____ () C:\Windows\PFRO.log
2014-09-01 22:13 - 2014-09-01 22:13 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-01 22:13 - 2014-09-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 22:13 - 2014-08-31 21:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-01 22:12 - 2014-09-01 22:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-01 22:12 - 2014-09-01 22:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-01 22:10 - 2014-09-01 22:10 - 00002118 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:39 - 2014-09-01 21:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Free Download Manager
2014-09-01 21:37 - 2012-04-04 21:18 - 00002814 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-09-01 21:14 - 2014-09-01 14:20 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-09-01 21:04 - 2014-09-01 16:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-01 14:20 - 2014-09-01 14:20 - 00001069 _____ () C:\Users\Owner\Desktop\Free Download Manager.lnk
2014-09-01 14:20 - 2014-09-01 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-09-01 14:18 - 2014-09-01 14:18 - 00247160 _____ (Software Installer ) C:\Users\Owner\Downloads\Setup (1).exe
2014-09-01 11:34 - 2014-08-29 11:14 - 00003127 _____ () C:\sh4_service.log
2014-08-31 22:13 - 2012-04-04 21:18 - 00001501 _____ () C:\Windows\system32\ServiceFilter.ini
2014-08-31 22:09 - 2014-08-31 22:09 - 00284224 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00857696 _____ ( ) C:\Users\Owner\Downloads\Firefox_Setup.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00001119 _____ () C:\Users\Owner\Desktop\Continue Firefox Installation.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 22:05 - 2014-08-31 22:04 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 22:04 - 2014-08-31 22:04 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 22:04 - 2014-08-31 22:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 22:03 - 2014-08-31 22:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 22:03 - 2012-09-09 22:45 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-31 21:45 - 2012-04-09 12:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2014-08-31 20:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-29 13:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-29 07:13 - 2014-08-29 07:13 - 00319923 _____ () C:\spyhunter.log
2014-08-29 07:13 - 2014-08-28 20:16 - 00000000 ____D () C:\ProgramData\pJxWIVRBLT
2014-08-29 07:13 - 2013-04-15 15:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE
2014-08-28 22:45 - 2014-08-28 22:45 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:44 - 2014-08-28 22:44 - 00003326 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-08-28 22:44 - 2014-08-28 22:44 - 00002216 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\sh4ldr
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:44 - 2014-08-28 22:43 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-28 22:41 - 2014-08-28 22:41 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2014-08-28 21:59 - 2014-08-28 21:59 - 00003098 _____ () C:\Windows\System32\Tasks\{BC32EEB2-9C7D-4AC0-A225-CB87BCC6233D}
2014-08-28 21:44 - 2009-07-13 22:34 - 00000580 _____ () C:\Windows\win.ini
2014-08-28 21:39 - 2012-04-04 18:48 - 00001415 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-28 21:23 - 2013-03-22 19:40 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-08-28 21:19 - 2014-08-28 21:19 - 00000046 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-08-28 20:13 - 2014-08-28 20:13 - 01510120 _____ () C:\Users\Owner\Downloads\Setup.exe
2014-08-28 12:40 - 2009-07-14 00:45 - 00410024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 22:07 - 2014-08-27 20:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 20:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 20:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:53 - 2012-04-09 13:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 12:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 12:42 - 2013-08-09 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 12:38 - 2012-04-08 00:12 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 12:24 - 2014-05-07 13:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-06 22:06 - 2014-08-15 16:55 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 16:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2012-04-04 19:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Astroupdate.exe
C:\Users\Owner\AppData\Local\Temp\CloudBackup1157.exe
C:\Users\Owner\AppData\Local\Temp\ICReinstall_AdwCleaner Download Manager.exe
C:\Users\Owner\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
C:\Users\Owner\AppData\Local\Temp\optprosetup.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-29 13:22
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Owner at 2014-09-02 13:12:50
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.2.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.0 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Canon MX870 series User Registration (HKLM-x32\...\Canon MX870 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
27-08-2014 03:28:44 Windows Update
28-08-2014 16:22:00 Windows Update
29-08-2014 02:43:11 Installed SpyHunter
01-09-2014 00:21:21 Installed RegHunter
01-09-2014 01:46:19 avast! antivirus system restore point
01-09-2014 02:03:09 avast! antivirus system restore point
02-09-2014 17:03:39 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00DE9F6B-8149-4BAA-8DE5-21338A8E2F05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-01] (Google Inc.)
Task: {0DBB72A7-5ACA-47CB-83AD-24FF22E568EC} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {38F12685-C77D-4E42-8F73-5D03AF5D6B3D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-31] (AVAST Software)
Task: {426E0069-18B3-4A26-A5EF-A0E8AD329D9F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {437BA437-19CA-48FC-93D1-0ACED3367759} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {4A668960-5F3B-4AAE-931D-A3994EF9656D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5835C90D-A734-4E80-AE02-E977AD248AC7} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {740322F4-C38A-4EAE-94D0-482E63897210} - System32\Tasks\FGRun => C:\Users\Owner\AppData\Roaming\pack.exe
Task: {779B9285-A4CA-4F86-8583-2AF5351FF13A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-01] (Google Inc.)
Task: {B864484C-BC61-43A4-8610-67BDE5A1DAF5} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {BC45C4C3-F8B6-411E-B096-C4842000112E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {CD8E26DD-00CB-440E-8D94-0535E4AE228E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-01] (Adobe Systems Incorporated)
Task: {D4BDD540-B484-4948-93AD-A2ECF2BFB116} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {E4C22D49-D93A-492B-B10E-C480E148F81F} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)
Task: {EF315285-B3EC-4BBF-AE8E-CD39EF4FD0EA} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2011-12-20 07:55 - 2011-07-26 03:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-31 22:04 - 2014-08-31 22:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-02 12:57 - 2014-09-02 12:57 - 02807296 _____ () C:\Program Files\AVAST Software\Avast\defs\14090200\algo.dll
2011-12-06 19:21 - 2011-12-06 19:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-08-31 22:04 - 2014-08-31 22:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-01 22:13 - 2014-08-28 00:54 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\libglesv2.dll
2014-09-01 22:13 - 2014-08-28 00:53 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\libegl.dll
2014-09-01 22:13 - 2014-08-28 00:54 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\pdf.dll
2014-09-01 22:13 - 2014-08-28 00:54 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\ppGoogleNaClPluginChrome.dll
2014-09-01 22:13 - 2014-08-28 00:53 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\ffmpegsumo.dll
2014-09-01 22:13 - 2014-08-28 00:54 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (09/02/2014 00:57:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pZgHGiAO service failed to start due to the following error: 
%%2
 
Error: (09/02/2014 00:57:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The scores service failed to start due to the following error: 
%%2
 
Error: (09/01/2014 10:20:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pZgHGiAO service failed to start due to the following error: 
%%2
 
Error: (09/01/2014 10:20:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The scores service failed to start due to the following error: 
%%2
 
Error: (09/01/2014 10:17:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pZgHGiAO service failed to start due to the following error: 
%%2
 
Error: (09/01/2014 10:17:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The scores service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 3873.14 MB
Available physical RAM: 2023.87 MB
Total Pagefile: 9680.32 MB
Available Pagefile: 7255.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:390.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=440.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-02 13:17:24
-----------------------------
13:17:24.072    OS Version: Windows x64 6.1.7601 Service Pack 1
13:17:24.072    Number of processors: 4 586 0x2A07
13:17:24.073    ComputerName: OWNER-PC  UserName: Owner
13:17:25.679    Initialize success
13:17:25.679    VM: initialized successfully
13:17:25.687    VM: Intel CPU supported virtualized 
13:17:31.009    VM: supported disk I/O iaStor.sys
13:17:34.525    AVAST engine defs: 14090200
13:18:01.890    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:18:01.896    Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
13:18:02.058    VM: Disk 0 MBR read successfully
13:18:02.065    Disk 0 MBR scan
13:18:02.074    Disk 0 Windows 7 default MBR code
13:18:02.090    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
13:18:02.107    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       451338 MB offset 52430848
13:18:02.118    Disk 0 default boot code
13:18:02.186    Disk 0 scanning C:\Windows\system32\drivers
13:18:14.963    Service scanning
13:18:38.027    Modules scanning
13:18:38.049    Disk 0 trace - called modules:
13:18:38.119    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
13:18:38.131    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007009060]
13:18:38.141    3 CLASSPNP.SYS[fffff88001ca543f] -> nt!IofCallDriver -> [0xfffffa8004b70c50]
13:18:38.151    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b72050]
13:18:39.148    AVAST engine scan C:\Windows
13:18:41.888    AVAST engine scan C:\Windows\system32
13:21:51.823    AVAST engine scan C:\Windows\system32\drivers
13:22:09.003    AVAST engine scan C:\Users\Owner
13:24:13.161    File: C:\Users\Owner\Downloads\Setup (1).exe  **INFECTED** Win32:Adware-gen [Adw]
13:24:15.247    AVAST engine scan C:\ProgramData
13:25:01.359    Scan finished successfully
13:26:53.738    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Downloads\MBR.dat"
13:26:53.742    The log file has been saved successfully to "C:\Users\Owner\Downloads\aswMBR.txt"
 
 

  • 0

#4
dbreeze
Posted 03 September 2014 - 08:15 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hi rsw74,

Thank you for the prompt reply with the logs. I have reviewed them and have the following steps to start cleaning your system.

First >>>>

Find the copy of FRST64.exe you ran to scan your system (it should be in your Downloads folder [C:\Users\Owner\Downloads]), right click on it, select Cut, right click on an empty spot on your Desktop and select Paste. This will move the file to your desktop which will make the other steps easier on both of us. I will remove the file from you desktop when the cleaning is finished.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

start
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
HKU\S-1-5-21-4017879251-712517348-3191472780-1000\...\MountPoints2: {3808f2e2-3055-11e2-929f-c860002b2f61} - E:\MotoCastSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: ShopBuddy - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95} [2014-07-10]
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}
CHR DefaultSearchKeyword: Default -> BA76BDBA0DC0A69BBE2A63B7EC1070A0D3ED1A0432A83413A01D8147E7545948
CHR DefaultSearchProvider: Default -> 57964E7F4D8F6445AB9F80DF2EC01129845A9A501E5F28E261D82039000C949C
CHR DefaultSearchURL: Default -> FBD15F79EE25BD327B91CEC2749FBC1B7C9134B3F3BDD8AD3D0C046459B0298A
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-01]
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-01]
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 pZgHGiAO; "C:\ProgramData\pJxWIVRBLT\pZgHGiAO.exe" [X]
S2 scores; C:\Windows\score.exe [X]
C:\ProgramData\pJxWIVRBLT
C:\Windows\score.exe
U4 CltMngSvc; No ImagePath
2014-09-01 21:36 - 2014-09-01 21:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Free Download Manager
2014-09-01 14:20 - 2014-09-01 21:14 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-09-01 14:20 - 2014-09-01 14:20 - 00001069 _____ () C:\Users\Owner\Desktop\Free Download Manager.lnk
2014-09-01 14:20 - 2014-09-01 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-09-01 14:18 - 2014-09-01 14:18 - 00247160 _____ (Software Installer ) C:\Users\Owner\Downloads\Setup (1).exe
2014-08-28 22:43 - 2014-08-28 22:44 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-28 21:59 - 2014-08-28 21:59 - 00003098 _____ () C:\Windows\System32\Tasks\{BC32EEB2-9C7D-4AC0-A225-CB87BCC6233D}
2014-08-28 21:19 - 2014-08-28 21:19 - 00000046 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-08-28 20:16 - 2014-08-29 07:13 - 00000000 ____D () C:\ProgramData\pJxWIVRBLT
2014-08-28 20:13 - 2014-08-28 20:13 - 01510120 _____ () C:\Users\Owner\Downloads\Setup.exe
C:\Users\Owner\AppData\Local\Temp\Astroupdate.exe
C:\Users\Owner\AppData\Local\Temp\CloudBackup1157.exe
C:\Users\Owner\AppData\Local\Temp\ICReinstall_AdwCleaner Download Manager.exe
C:\Users\Owner\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
C:\Users\Owner\AppData\Local\Temp\optprosetup.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {437BA437-19CA-48FC-93D1-0ACED3367759} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe <==== ATTENTION
C:\Users\Owner\AppData\Local\Temp\Runner.exe
Task: {5835C90D-A734-4E80-AE02-E977AD248AC7} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {740322F4-C38A-4EAE-94D0-482E63897210} - System32\Tasks\FGRun => C:\Users\Owner\AppData\Roaming\pack.exe
C:\Users\Owner\AppData\Roaming\pack.exe
Task: {BC45C4C3-F8B6-411E-B096-C4842000112E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
EmptyTemp:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy the text and post it to your reply.


Second >>>>

Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from Here

Double Click on the mbam-setup.exe file to install the application.
  • When the installer asks, do not check Enable the Free Trial. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
  • 2a308da4-c469-4a72-b86c-84c05ca1e6a6_zps
  • Once the program has loaded and updated, select "Scan Now >>" to start the scan.
  • 5f2fe168-2571-4c73-a1e8-945d5aae9e1e_zps
  • The scan may take some time to finish, so please be patient.
  • If any malware is found, you will be presented with a screen like the one below.
  • MBAMfoundMalwarescan_zpsafe36848.png
  • Please click on the Export Log button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop).
  • After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that.
  • Please Copy and Paste the report file to a post here; I will review the file and script what needs to be removed.
Things in your reply(s):
  • The Fixlog.txt log text pasted here
  • The MBAM scan log (if it finds anything or not)

  • 0

#5
rsw74
Posted 03 September 2014 - 11:47 AM

rsw74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I'm confused. Where am I saving these logs to so that I can fix. I have saved them to the desktop but what file should they be saved to? You said they should be in the same file. 

 

Please help. Thank you


  • 0

#6
dbreeze
Posted 03 September 2014 - 02:33 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

If you are meaning the FRST64.exe program file and the Fixlist.txt text file then both of these files should be on the Desktop (same location but different files).

 

To recap what happens:

 

FRST64.exe - this PROGRAM file should be moved from the Downloads folder on to your PC's desktop (the desktop is the display that loads up when you have no programs running; in the bottom lefthand corner, the Windows Orb is displayed which you click to get the Start menu).

 

Fixlist.txt - this FILE is created by you when you save the Notepad text file with the information (text) in the Quote box above.  This file contains the 'instructions' for FRST64.exe to use to clean your PC.

 

When you run FRST64.exe AND click the Fix button, the program looks for a file named Fixlist.txt in the same location (file directory) as FRST64.exe is.  The program will not look anywhere else for this file.  So if both files (the PROGRAM file and the TEXT file) are on the Desktop then everything works without any searching or moving things at the last minute.  Does this help explain what happens better for you?


Edited by dbreeze, 03 September 2014 - 02:34 PM.

  • 0

#7
rsw74
Posted 03 September 2014 - 03:50 PM

rsw74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Fixlog: 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Owner at 2014-09-03 17:27:50 Run:2
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
HKU\S-1-5-21-4017879251-712517348-3191472780-1000\...\MountPoints2: {3808f2e2-3055-11e2-929f-c860002b2f61} - E:\MotoCastSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: ShopBuddy - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95} [2014-07-10]
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}
CHR DefaultSearchKeyword: Default -> BA76BDBA0DC0A69BBE2A63B7EC1070A0D3ED1A0432A83413A01D8147E7545948
CHR DefaultSearchProvider: Default -> 57964E7F4D8F6445AB9F80DF2EC01129845A9A501E5F28E261D82039000C949C
CHR DefaultSearchURL: Default -> FBD15F79EE25BD327B91CEC2749FBC1B7C9134B3F3BDD8AD3D0C046459B0298A
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-01]
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-01]
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 pZgHGiAO; "C:\ProgramData\pJxWIVRBLT\pZgHGiAO.exe" [X]
S2 scores; C:\Windows\score.exe [X]
C:\ProgramData\pJxWIVRBLT
C:\Windows\score.exe
U4 CltMngSvc; No ImagePath
2014-09-01 21:36 - 2014-09-01 21:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Free Download Manager
2014-09-01 14:20 - 2014-09-01 21:14 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-09-01 14:20 - 2014-09-01 14:20 - 00001069 _____ () C:\Users\Owner\Desktop\Free Download Manager.lnk
2014-09-01 14:20 - 2014-09-01 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-09-01 14:18 - 2014-09-01 14:18 - 00247160 _____ (Software Installer ) C:\Users\Owner\Downloads\Setup (1).exe
2014-08-28 22:43 - 2014-08-28 22:44 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-28 21:59 - 2014-08-28 21:59 - 00003098 _____ () C:\Windows\System32\Tasks\{BC32EEB2-9C7D-4AC0-A225-CB87BCC6233D}
2014-08-28 21:19 - 2014-08-28 21:19 - 00000046 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-08-28 20:16 - 2014-08-29 07:13 - 00000000 ____D () C:\ProgramData\pJxWIVRBLT
2014-08-28 20:13 - 2014-08-28 20:13 - 01510120 _____ () C:\Users\Owner\Downloads\Setup.exe
C:\Users\Owner\AppData\Local\Temp\Astroupdate.exe
C:\Users\Owner\AppData\Local\Temp\CloudBackup1157.exe
C:\Users\Owner\AppData\Local\Temp\ICReinstall_AdwCleaner Download Manager.exe
C:\Users\Owner\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
C:\Users\Owner\AppData\Local\Temp\optprosetup.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {437BA437-19CA-48FC-93D1-0ACED3367759} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe <==== ATTENTION
C:\Users\Owner\AppData\Local\Temp\Runner.exe
Task: {5835C90D-A734-4E80-AE02-E977AD248AC7} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {740322F4-C38A-4EAE-94D0-482E63897210} - System32\Tasks\FGRun => C:\Users\Owner\AppData\Roaming\pack.exe
C:\Users\Owner\AppData\Roaming\pack.exe
Task: {BC45C4C3-F8B6-411E-B096-C4842000112E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
EmptyTemp:
end
*****************
 
[904] C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe => Process closed successfully.
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe => No running process found
"HKU\S-1-5-21-4017879251-712517348-3191472780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3808f2e2-3055-11e2-929f-c860002b2f61}" => Key not found.
"HKCR\CLSID\{3808f2e2-3055-11e2-929f-c860002b2f61}" => Key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk not found.
C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value not found.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => Key not found.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll not found.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95} not found.
"C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}" => File/Directory not found.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> 57964E7F4D8F6445AB9F80DF2EC01129845A9A501E5F28E261D82039000C949C ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn => Moved successfully.
"C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn" => File/Directory not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf directory not found.
"C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key not found.
"HKCU\SOFTWARE\Policies\Google" => Key not found.
pZgHGiAO => Service not found.
scores => Service not found.
"C:\ProgramData\pJxWIVRBLT" => File/Directory not found.
"C:\Windows\score.exe" => File/Directory not found.
CltMngSvc => Service not found.
"C:\Users\Owner\AppData\Roaming\Free Download Manager" => File/Directory not found.
"C:\Program Files (x86)\Free Download Manager" => File/Directory not found.
"C:\Users\Owner\Desktop\Free Download Manager.lnk" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager" => File/Directory not found.
"C:\Users\Owner\Downloads\Setup (1).exe" => File/Directory not found.
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP" => File/Directory not found.
"C:\Windows\System32\Tasks\{BC32EEB2-9C7D-4AC0-A225-CB87BCC6233D}" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\WB.CFG" => File/Directory not found.
"C:\ProgramData\pJxWIVRBLT" => File/Directory not found.
"C:\Users\Owner\Downloads\Setup.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\Astroupdate.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\CloudBackup1157.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\ICReinstall_AdwCleaner Download Manager.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\optprosetup.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll" => File/Directory not found.
"HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key not found.
"HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{437BA437-19CA-48FC-93D1-0ACED3367759}" => Key not found.
C:\Windows\System32\Tasks\Test TimeTrigger not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => Key not found.
"C:\Users\Owner\AppData\Local\Temp\Runner.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5835C90D-A734-4E80-AE02-E977AD248AC7}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{740322F4-C38A-4EAE-94D0-482E63897210}" => Key not found.
C:\Windows\System32\Tasks\FGRun not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FGRun" => Key not found.
"C:\Users\Owner\AppData\Roaming\pack.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC45C4C3-F8B6-411E-B096-C4842000112E}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sndappv2" => Key not found.
EmptyTemp: => Removed 1.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/3/2014
Scan Time: 5:40:04 PM
Logfile: Malwarebytes Anti-Malware.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.03.08
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 299783
Time Elapsed: 8 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.HQPure.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQPureV1.8, , [ef556287f9825ed80512b642a2606c94], 
PUP.Optional.MediaPlayer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\videos MediaPlay-Air, , [de668960b6c562d44c10114849bbbc44], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-4017879251-712517348-3191472780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Good: (1), Bad: (0),,[81c3fdec7cff59dd0fc85f89ff0507f9]
 
Folders: 2
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\CT3289847, , [3e0634b5c2b9e155f349408c44beda26], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\CT3289847\toolbarImages, , [3e0634b5c2b9e155f349408c44beda26], 
 
Files: 2
PUP.Optional.RegCleanPro, C:\Users\Owner\Downloads\rcpsetupmapp3_mapp31278418us.exe, , [f1530cddd5a60b2b556afb39b050ed13], 
PUP.Optional.Searchqu.A, C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, , [ae968564e299dd593c67c9703bc944bc], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
dbreeze
Posted 03 September 2014 - 04:07 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Hi rsw74,
 
The Fixlist script ran fine (that was the proper locations) but it looks like a few items were not found.  Can you run a fresh log scan with FRST64.exe and post both logs for me?

  • Right click the FRST file on your desktop and select "Run as Administrator..." When the tool opens click Yes to disclaimer.
  • If the tool wants to update the version, please allow this to happen.
  • Please select the Addition option in the bottom of the main screen.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The tool will also generate another log (Addition.txt - also located in the same directory as FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#9
rsw74
Posted 03 September 2014 - 07:47 PM

rsw74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Owner (administrator) on OWNER-PC on 03-09-2014 21:43:14
Running from C:\Users\Owner\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-31] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4017879251-712517348-3191472780-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-4017879251-712517348-3191472780-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default
FF Homepage: hxxp://www.google.com/
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-31]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> 6D118E2F935E1C5729B7017D012BFD8A906D1042F33569F17D3BFBABD421F6C2
CHR DefaultSearchKeyword: Default -> BA76BDBA0DC0A69BBE2A63B7EC1070A0D3ED1A0432A83413A01D8147E7545948
CHR DefaultSearchProvider: Default -> 57964E7F4D8F6445AB9F80DF2EC01129845A9A501E5F28E261D82039000C949C
CHR DefaultSearchURL: Default -> FBD15F79EE25BD327B91CEC2749FBC1B7C9134B3F3BDD8AD3D0C046459B0298A
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-01]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-31]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-31] (AVAST Software)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-31] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-03 21:43 - 2014-09-03 21:43 - 00012300 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-03 17:50 - 2014-09-03 17:50 - 00002124 _____ () C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.txt
2014-09-03 17:39 - 2014-09-03 17:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:39 - 2014-09-03 17:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 17:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 17:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 17:38 - 2014-09-03 17:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 14:26 - 2014-09-03 14:27 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved) (1).xlsx
2014-09-03 14:26 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved).xlsx
2014-09-03 13:38 - 2014-09-03 13:38 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-03 12:26 - 2014-09-03 12:26 - 02136309 _____ () C:\Users\Owner\Desktop\Search.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00002209 _____ () C:\Users\Owner\Downloads\aswMBR.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00000512 _____ () C:\Users\Owner\Downloads\MBR.dat
2014-09-02 13:17 - 2014-09-02 13:17 - 05185536 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr (1).exe
2014-09-02 13:16 - 2014-09-02 13:16 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-02 13:13 - 2014-09-02 13:13 - 00001202 _____ () C:\Users\Owner\Downloads\[Untitled] (1) - Shortcut.lnk
2014-09-02 13:12 - 2014-09-02 13:13 - 00031583 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-02 13:11 - 2014-09-03 21:43 - 00000000 ____D () C:\FRST
2014-09-02 13:11 - 2014-09-03 13:54 - 00040296 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-02 13:09 - 2014-09-02 13:09 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-01 22:13 - 2014-09-03 12:20 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-01 22:13 - 2014-09-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 22:12 - 2014-09-03 21:26 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 22:12 - 2014-09-03 17:33 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 22:12 - 2014-09-01 22:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-01 22:12 - 2014-09-01 22:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-01 22:10 - 2014-09-01 22:10 - 00002118 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-01 21:31 - 2014-09-03 12:25 - 00000000 ____D () C:\AdwCleaner
2014-09-01 16:16 - 2014-09-01 21:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-01 11:26 - 2010-08-05 17:01 - 00014680 _____ () C:\Windows\system32\sh4native.exe
2014-08-31 22:09 - 2014-08-31 22:09 - 00284224 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00857696 _____ ( ) C:\Users\Owner\Downloads\Firefox_Setup.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00001119 _____ () C:\Users\Owner\Desktop\Continue Firefox Installation.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 22:04 - 2014-09-02 20:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-31 22:04 - 2014-08-31 22:05 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 22:04 - 2014-08-31 22:04 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 22:04 - 2014-08-31 22:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 22:03 - 2014-08-31 22:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-31 21:59 - 2014-09-01 22:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-29 11:14 - 2014-09-01 11:34 - 00003127 _____ () C:\sh4_service.log
2014-08-29 07:13 - 2014-08-29 07:13 - 00319923 _____ () C:\spyhunter.log
2014-08-28 23:50 - 2013-10-18 15:01 - 00285747 _____ () C:\shldr
2014-08-28 23:50 - 2013-10-18 15:01 - 00008192 _____ () C:\shldr.mbr
2014-08-28 22:45 - 2014-08-28 22:45 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:44 - 2014-08-28 22:44 - 00002216 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\sh4ldr
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:44 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-08-28 22:41 - 2014-08-28 22:41 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2014-08-27 20:51 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:51 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:51 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:26 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 12:26 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 12:26 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 12:26 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 12:26 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 12:26 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 12:25 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 12:25 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 16:56 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 16:56 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 16:56 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:56 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:56 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 16:56 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 16:56 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 16:56 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:56 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 16:56 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:56 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 16:56 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:56 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 16:56 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 16:56 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:56 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:56 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 16:56 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 16:56 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 16:56 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:56 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 16:56 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 16:56 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 16:56 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 16:56 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:56 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 16:56 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 16:56 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 16:56 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 16:56 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:56 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 16:56 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 16:56 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:56 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 16:56 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 16:56 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 16:56 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 16:56 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:56 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 16:56 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 16:56 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:56 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 16:56 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 16:56 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 16:56 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 16:56 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:56 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 16:56 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 16:56 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 16:56 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 16:56 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:56 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:56 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 16:56 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 16:56 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 16:56 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 16:56 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 16:56 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 16:56 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 16:56 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 16:56 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 16:56 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 16:56 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 16:56 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 16:56 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 16:55 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 16:55 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 16:55 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 16:55 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-03 21:43 - 2014-09-03 21:43 - 00012300 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-03 21:43 - 2014-09-02 13:11 - 00000000 ____D () C:\FRST
2014-09-03 21:26 - 2014-09-01 22:12 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-03 21:26 - 2013-11-02 12:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 21:26 - 2012-04-04 21:02 - 01307611 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 17:54 - 2014-09-03 17:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:50 - 2014-09-03 17:50 - 00002124 _____ () C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.txt
2014-09-03 17:40 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 17:40 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 17:39 - 2014-09-03 17:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:38 - 2014-09-03 17:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 17:33 - 2014-09-01 22:12 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-03 17:33 - 2012-04-04 21:20 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-09-03 17:32 - 2011-11-03 05:57 - 01460134 _____ () C:\Windows\PFRO.log
2014-09-03 17:32 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 17:32 - 2009-07-14 00:51 - 00074651 _____ () C:\Windows\setupact.log
2014-09-03 16:02 - 2012-04-04 18:47 - 00000000 ___HD () C:\ASUS.DAT
2014-09-03 14:27 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved) (1).xlsx
2014-09-03 14:26 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved).xlsx
2014-09-03 13:54 - 2014-09-02 13:11 - 00040296 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-03 13:38 - 2014-09-03 13:38 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-03 12:26 - 2014-09-03 12:26 - 02136309 _____ () C:\Users\Owner\Desktop\Search.txt
2014-09-03 12:25 - 2014-09-01 21:31 - 00000000 ____D () C:\AdwCleaner
2014-09-03 12:20 - 2014-09-01 22:13 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-02 20:49 - 2014-08-31 22:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 20:48 - 2009-07-14 01:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-02 20:46 - 2013-03-22 19:40 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-09-02 20:32 - 2013-03-22 19:40 - 00012045 _____ () C:\Users\Owner\Documents\Passwords RSW (Autosaved).xlsx
2014-09-02 13:26 - 2014-09-02 13:26 - 00002209 _____ () C:\Users\Owner\Downloads\aswMBR.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00000512 _____ () C:\Users\Owner\Downloads\MBR.dat
2014-09-02 13:17 - 2014-09-02 13:17 - 05185536 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr (1).exe
2014-09-02 13:16 - 2014-09-02 13:16 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-02 13:13 - 2014-09-02 13:13 - 00001202 _____ () C:\Users\Owner\Downloads\[Untitled] (1) - Shortcut.lnk
2014-09-02 13:13 - 2014-09-02 13:12 - 00031583 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-02 13:09 - 2014-09-02 13:09 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-01 22:32 - 2013-11-02 12:32 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-01 22:32 - 2013-11-02 12:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-01 22:32 - 2013-11-02 12:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-01 22:13 - 2014-09-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 22:13 - 2014-08-31 21:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-01 22:12 - 2014-09-01 22:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-01 22:12 - 2014-09-01 22:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-01 22:10 - 2014-09-01 22:10 - 00002118 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:37 - 2012-04-04 21:18 - 00002814 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-09-01 21:04 - 2014-09-01 16:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-01 11:34 - 2014-08-29 11:14 - 00003127 _____ () C:\sh4_service.log
2014-08-31 22:13 - 2012-04-04 21:18 - 00001501 _____ () C:\Windows\system32\ServiceFilter.ini
2014-08-31 22:09 - 2014-08-31 22:09 - 00284224 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00857696 _____ ( ) C:\Users\Owner\Downloads\Firefox_Setup.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00001119 _____ () C:\Users\Owner\Desktop\Continue Firefox Installation.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 22:05 - 2014-08-31 22:04 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 22:04 - 2014-08-31 22:04 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 22:04 - 2014-08-31 22:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 22:03 - 2014-08-31 22:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 22:03 - 2012-09-09 22:45 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-31 21:45 - 2012-04-09 12:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2014-08-31 20:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-29 13:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-29 07:13 - 2014-08-29 07:13 - 00319923 _____ () C:\spyhunter.log
2014-08-29 07:13 - 2013-04-15 15:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE
2014-08-28 22:45 - 2014-08-28 22:45 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:44 - 2014-08-28 22:44 - 00002216 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\sh4ldr
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:41 - 2014-08-28 22:41 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2014-08-28 21:44 - 2009-07-13 22:34 - 00000580 _____ () C:\Windows\win.ini
2014-08-28 21:39 - 2012-04-04 18:48 - 00001415 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-28 12:40 - 2009-07-14 00:45 - 00410024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 22:07 - 2014-08-27 20:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 20:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 20:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:53 - 2012-04-09 13:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 12:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 12:42 - 2013-08-09 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 12:38 - 2012-04-08 00:12 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 12:24 - 2014-05-07 13:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-06 22:06 - 2014-08-15 16:55 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 16:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2012-04-04 19:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-29 13:22
 
==================== End Of Log ============================
 
A new Additional didn't pop up like last time. But this was the one in the folder with FRST64
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Owner at 2014-09-02 13:12:50
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.2.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.0 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Canon MX870 series User Registration (HKLM-x32\...\Canon MX870 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
27-08-2014 03:28:44 Windows Update
28-08-2014 16:22:00 Windows Update
29-08-2014 02:43:11 Installed SpyHunter
01-09-2014 00:21:21 Installed RegHunter
01-09-2014 01:46:19 avast! antivirus system restore point
01-09-2014 02:03:09 avast! antivirus system restore point
02-09-2014 17:03:39 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00DE9F6B-8149-4BAA-8DE5-21338A8E2F05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-01] (Google Inc.)
Task: {0DBB72A7-5ACA-47CB-83AD-24FF22E568EC} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {38F12685-C77D-4E42-8F73-5D03AF5D6B3D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-31] (AVAST Software)
Task: {426E0069-18B3-4A26-A5EF-A0E8AD329D9F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {437BA437-19CA-48FC-93D1-0ACED3367759} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {4A668960-5F3B-4AAE-931D-A3994EF9656D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5835C90D-A734-4E80-AE02-E977AD248AC7} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {740322F4-C38A-4EAE-94D0-482E63897210} - System32\Tasks\FGRun => C:\Users\Owner\AppData\Roaming\pack.exe
Task: {779B9285-A4CA-4F86-8583-2AF5351FF13A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-01] (Google Inc.)
Task: {B864484C-BC61-43A4-8610-67BDE5A1DAF5} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {BC45C4C3-F8B6-411E-B096-C4842000112E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {CD8E26DD-00CB-440E-8D94-0535E4AE228E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-01] (Adobe Systems Incorporated)
Task: {D4BDD540-B484-4948-93AD-A2ECF2BFB116} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {E4C22D49-D93A-492B-B10E-C480E148F81F} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)
Task: {EF315285-B3EC-4BBF-AE8E-CD39EF4FD0EA} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2011-12-20 07:55 - 2011-07-26 03:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-31 22:04 - 2014-08-31 22:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-02 12:57 - 2014-09-02 12:57 - 02807296 _____ () C:\Program Files\AVAST Software\Avast\defs\14090200\algo.dll
2011-12-06 19:21 - 2011-12-06 19:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-08-31 22:04 - 2014-08-31 22:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-01 22:13 - 2014-08-28 00:54 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\libglesv2.dll
2014-09-01 22:13 - 2014-08-28 00:53 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\libegl.dll
2014-09-01 22:13 - 2014-08-28 00:54 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\pdf.dll
2014-09-01 22:13 - 2014-08-28 00:54 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\ppGoogleNaClPluginChrome.dll
2014-09-01 22:13 - 2014-08-28 00:53 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\ffmpegsumo.dll
2014-09-01 22:13 - 2014-08-28 00:54 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (09/02/2014 00:57:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pZgHGiAO service failed to start due to the following error: 
%%2
 
Error: (09/02/2014 00:57:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The scores service failed to start due to the following error: 
%%2
 
Error: (09/01/2014 10:20:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pZgHGiAO service failed to start due to the following error: 
%%2
 
Error: (09/01/2014 10:20:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The scores service failed to start due to the following error: 
%%2
 
Error: (09/01/2014 10:17:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pZgHGiAO service failed to start due to the following error: 
%%2
 
Error: (09/01/2014 10:17:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The scores service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 3873.14 MB
Available physical RAM: 2023.87 MB
Total Pagefile: 9680.32 MB
Available Pagefile: 7255.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:390.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=440.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#10
rsw74
Posted 03 September 2014 - 07:54 PM

rsw74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Sorry disregard the last post. I'm a little sleepy and kinda brain farted on that last one. :)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Owner (administrator) on OWNER-PC on 03-09-2014 21:51:28
Running from C:\Users\Owner\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-31] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4017879251-712517348-3191472780-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-4017879251-712517348-3191472780-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default
FF Homepage: hxxp://www.google.com/
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-31]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> 6D118E2F935E1C5729B7017D012BFD8A906D1042F33569F17D3BFBABD421F6C2
CHR DefaultSearchKeyword: Default -> BA76BDBA0DC0A69BBE2A63B7EC1070A0D3ED1A0432A83413A01D8147E7545948
CHR DefaultSearchProvider: Default -> 57964E7F4D8F6445AB9F80DF2EC01129845A9A501E5F28E261D82039000C949C
CHR DefaultSearchURL: Default -> FBD15F79EE25BD327B91CEC2749FBC1B7C9134B3F3BDD8AD3D0C046459B0298A
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-01]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-31]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-31] (AVAST Software)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-31] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-03 21:43 - 2014-09-03 21:51 - 00012132 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-03 17:50 - 2014-09-03 17:50 - 00002124 _____ () C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.txt
2014-09-03 17:39 - 2014-09-03 17:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:39 - 2014-09-03 17:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 17:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 17:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 17:38 - 2014-09-03 17:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 14:26 - 2014-09-03 14:27 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved) (1).xlsx
2014-09-03 14:26 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved).xlsx
2014-09-03 13:38 - 2014-09-03 13:38 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-03 12:26 - 2014-09-03 12:26 - 02136309 _____ () C:\Users\Owner\Desktop\Search.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00002209 _____ () C:\Users\Owner\Downloads\aswMBR.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00000512 _____ () C:\Users\Owner\Downloads\MBR.dat
2014-09-02 13:17 - 2014-09-02 13:17 - 05185536 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr (1).exe
2014-09-02 13:16 - 2014-09-02 13:16 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-02 13:13 - 2014-09-02 13:13 - 00001202 _____ () C:\Users\Owner\Downloads\[Untitled] (1) - Shortcut.lnk
2014-09-02 13:12 - 2014-09-02 13:13 - 00031583 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-02 13:11 - 2014-09-03 21:51 - 00000000 ____D () C:\FRST
2014-09-02 13:11 - 2014-09-03 13:54 - 00040296 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-02 13:09 - 2014-09-02 13:09 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-01 22:13 - 2014-09-03 12:20 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-01 22:13 - 2014-09-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 22:12 - 2014-09-03 21:26 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 22:12 - 2014-09-03 17:33 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 22:12 - 2014-09-01 22:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-01 22:12 - 2014-09-01 22:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-01 22:10 - 2014-09-01 22:10 - 00002118 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-01 21:31 - 2014-09-03 12:25 - 00000000 ____D () C:\AdwCleaner
2014-09-01 16:16 - 2014-09-01 21:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-01 11:26 - 2010-08-05 17:01 - 00014680 _____ () C:\Windows\system32\sh4native.exe
2014-08-31 22:09 - 2014-08-31 22:09 - 00284224 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00857696 _____ ( ) C:\Users\Owner\Downloads\Firefox_Setup.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00001119 _____ () C:\Users\Owner\Desktop\Continue Firefox Installation.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 22:04 - 2014-09-02 20:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-31 22:04 - 2014-08-31 22:05 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 22:04 - 2014-08-31 22:04 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 22:04 - 2014-08-31 22:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 22:03 - 2014-08-31 22:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-31 21:59 - 2014-09-01 22:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-29 11:14 - 2014-09-01 11:34 - 00003127 _____ () C:\sh4_service.log
2014-08-29 07:13 - 2014-08-29 07:13 - 00319923 _____ () C:\spyhunter.log
2014-08-28 23:50 - 2013-10-18 15:01 - 00285747 _____ () C:\shldr
2014-08-28 23:50 - 2013-10-18 15:01 - 00008192 _____ () C:\shldr.mbr
2014-08-28 22:45 - 2014-08-28 22:45 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:44 - 2014-08-28 22:44 - 00002216 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\sh4ldr
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:44 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-08-28 22:41 - 2014-08-28 22:41 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2014-08-27 20:51 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:51 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:51 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:26 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 12:26 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 12:26 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 12:26 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 12:26 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 12:26 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 12:25 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 12:25 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 16:56 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 16:56 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 16:56 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:56 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:56 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 16:56 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 16:56 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 16:56 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:56 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 16:56 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:56 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 16:56 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:56 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 16:56 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 16:56 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:56 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:56 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 16:56 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 16:56 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 16:56 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:56 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 16:56 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 16:56 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 16:56 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 16:56 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:56 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 16:56 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 16:56 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 16:56 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 16:56 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:56 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 16:56 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 16:56 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:56 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 16:56 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 16:56 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 16:56 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 16:56 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:56 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 16:56 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 16:56 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:56 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 16:56 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 16:56 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 16:56 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 16:56 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:56 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 16:56 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 16:56 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 16:56 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 16:56 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:56 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:56 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 16:56 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 16:56 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 16:56 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 16:56 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 16:56 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 16:56 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 16:56 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 16:56 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 16:56 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 16:56 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 16:56 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 16:56 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 16:55 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 16:55 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 16:55 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 16:55 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-03 21:51 - 2014-09-03 21:43 - 00012132 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-03 21:51 - 2014-09-02 13:11 - 00000000 ____D () C:\FRST
2014-09-03 21:26 - 2014-09-01 22:12 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-03 21:26 - 2013-11-02 12:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 21:26 - 2012-04-04 21:02 - 01307611 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 17:54 - 2014-09-03 17:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:50 - 2014-09-03 17:50 - 00002124 _____ () C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.txt
2014-09-03 17:40 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 17:40 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 17:39 - 2014-09-03 17:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:38 - 2014-09-03 17:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 17:33 - 2014-09-01 22:12 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-03 17:33 - 2012-04-04 21:20 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-09-03 17:32 - 2011-11-03 05:57 - 01460134 _____ () C:\Windows\PFRO.log
2014-09-03 17:32 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 17:32 - 2009-07-14 00:51 - 00074651 _____ () C:\Windows\setupact.log
2014-09-03 16:02 - 2012-04-04 18:47 - 00000000 ___HD () C:\ASUS.DAT
2014-09-03 14:27 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved) (1).xlsx
2014-09-03 14:26 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved).xlsx
2014-09-03 13:54 - 2014-09-02 13:11 - 00040296 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-03 13:38 - 2014-09-03 13:38 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-03 12:26 - 2014-09-03 12:26 - 02136309 _____ () C:\Users\Owner\Desktop\Search.txt
2014-09-03 12:25 - 2014-09-01 21:31 - 00000000 ____D () C:\AdwCleaner
2014-09-03 12:20 - 2014-09-01 22:13 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-02 20:49 - 2014-08-31 22:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 20:48 - 2009-07-14 01:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-02 20:46 - 2013-03-22 19:40 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-09-02 20:32 - 2013-03-22 19:40 - 00012045 _____ () C:\Users\Owner\Documents\Passwords RSW (Autosaved).xlsx
2014-09-02 13:26 - 2014-09-02 13:26 - 00002209 _____ () C:\Users\Owner\Downloads\aswMBR.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00000512 _____ () C:\Users\Owner\Downloads\MBR.dat
2014-09-02 13:17 - 2014-09-02 13:17 - 05185536 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr (1).exe
2014-09-02 13:16 - 2014-09-02 13:16 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-02 13:13 - 2014-09-02 13:13 - 00001202 _____ () C:\Users\Owner\Downloads\[Untitled] (1) - Shortcut.lnk
2014-09-02 13:13 - 2014-09-02 13:12 - 00031583 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-02 13:09 - 2014-09-02 13:09 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-01 22:32 - 2013-11-02 12:32 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-01 22:32 - 2013-11-02 12:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-01 22:32 - 2013-11-02 12:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-01 22:13 - 2014-09-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 22:13 - 2014-08-31 21:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-01 22:12 - 2014-09-01 22:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-01 22:12 - 2014-09-01 22:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-01 22:10 - 2014-09-01 22:10 - 00002118 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:37 - 2012-04-04 21:18 - 00002814 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-09-01 21:04 - 2014-09-01 16:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-01 11:34 - 2014-08-29 11:14 - 00003127 _____ () C:\sh4_service.log
2014-08-31 22:13 - 2012-04-04 21:18 - 00001501 _____ () C:\Windows\system32\ServiceFilter.ini
2014-08-31 22:09 - 2014-08-31 22:09 - 00284224 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00857696 _____ ( ) C:\Users\Owner\Downloads\Firefox_Setup.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00001119 _____ () C:\Users\Owner\Desktop\Continue Firefox Installation.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 22:05 - 2014-08-31 22:04 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 22:04 - 2014-08-31 22:04 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 22:04 - 2014-08-31 22:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 22:03 - 2014-08-31 22:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 22:03 - 2012-09-09 22:45 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-31 21:45 - 2012-04-09 12:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2014-08-31 20:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-29 13:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-29 07:13 - 2014-08-29 07:13 - 00319923 _____ () C:\spyhunter.log
2014-08-29 07:13 - 2013-04-15 15:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE
2014-08-28 22:45 - 2014-08-28 22:45 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:44 - 2014-08-28 22:44 - 00002216 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\sh4ldr
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:41 - 2014-08-28 22:41 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2014-08-28 21:44 - 2009-07-13 22:34 - 00000580 _____ () C:\Windows\win.ini
2014-08-28 21:39 - 2012-04-04 18:48 - 00001415 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-28 12:40 - 2009-07-14 00:45 - 00410024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 22:07 - 2014-08-27 20:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 20:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 20:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:53 - 2012-04-09 13:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 12:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 12:42 - 2013-08-09 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 12:38 - 2012-04-08 00:12 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 12:24 - 2014-05-07 13:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-06 22:06 - 2014-08-15 16:55 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 16:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2012-04-04 19:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-29 13:22
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Owner at 2014-09-03 21:51:50
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.2.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.0 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Canon MX870 series User Registration (HKLM-x32\...\Canon MX870 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017879251-712517348-3191472780-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
27-08-2014 03:28:44 Windows Update
28-08-2014 16:22:00 Windows Update
29-08-2014 02:43:11 Installed SpyHunter
01-09-2014 00:21:21 Installed RegHunter
01-09-2014 01:46:19 avast! antivirus system restore point
01-09-2014 02:03:09 avast! antivirus system restore point
02-09-2014 17:03:39 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00DE9F6B-8149-4BAA-8DE5-21338A8E2F05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-01] (Google Inc.)
Task: {38F12685-C77D-4E42-8F73-5D03AF5D6B3D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-31] (AVAST Software)
Task: {426E0069-18B3-4A26-A5EF-A0E8AD329D9F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {4A668960-5F3B-4AAE-931D-A3994EF9656D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {66955FD2-C674-442A-91DB-689142BD0AF0} - \{BC32EEB2-9C7D-4AC0-A225-CB87BCC6233D} No Task File <==== ATTENTION
Task: {779B9285-A4CA-4F86-8583-2AF5351FF13A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-01] (Google Inc.)
Task: {B864484C-BC61-43A4-8610-67BDE5A1DAF5} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {CD8E26DD-00CB-440E-8D94-0535E4AE228E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-01] (Adobe Systems Incorporated)
Task: {D4BDD540-B484-4948-93AD-A2ECF2BFB116} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {E4C22D49-D93A-492B-B10E-C480E148F81F} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)
Task: {EF315285-B3EC-4BBF-AE8E-CD39EF4FD0EA} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2011-12-20 07:55 - 2011-07-26 03:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-31 22:04 - 2014-08-31 22:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-03 12:14 - 2014-09-03 12:14 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\14090300\algo.dll
2011-12-06 19:21 - 2011-12-06 19:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-08-31 22:04 - 2014-08-31 22:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-03 12:19 - 2014-08-29 22:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-03 12:19 - 2014-08-29 22:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-03 12:19 - 2014-08-29 22:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-03 12:19 - 2014-08-29 22:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-03 12:19 - 2014-08-29 22:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2014-09-03 12:19 - 2014-08-29 22:49 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/03/2014 05:24:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 31.8.2014.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1154
 
Start Time: 01cfc7bcf96efd66
 
Termination Time: 16
 
Application Path: C:\Users\Owner\Desktop\FRST64.exe
 
Report Id: 7f2d4438-33b0-11e4-98ae-c860002b2f61
 
 
System errors:
=============
Error: (09/03/2014 05:27:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SpyHunter 4 Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/03/2014 05:22:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/03/2014 05:22:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SpyHunter 4 Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/03/2014 04:02:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pZgHGiAO service failed to start due to the following error: 
%%2
 
Error: (09/03/2014 04:02:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The scores service failed to start due to the following error: 
%%2
 
Error: (09/02/2014 08:48:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pZgHGiAO service failed to start due to the following error: 
%%2
 
Error: (09/02/2014 08:48:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The scores service failed to start due to the following error: 
%%2
 
Error: (09/02/2014 08:34:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pZgHGiAO service failed to start due to the following error: 
%%2
 
Error: (09/02/2014 08:34:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The scores service failed to start due to the following error: 
%%2
 
Error: (09/02/2014 00:57:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pZgHGiAO service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (09/03/2014 05:24:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe31.8.2014.2115401cfc7bcf96efd6616C:\Users\Owner\Desktop\FRST64.exe7f2d4438-33b0-11e4-98ae-c860002b2f61
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 3873.14 MB
Available physical RAM: 2025.59 MB
Total Pagefile: 9680.32 MB
Available Pagefile: 7516.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:390.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=440.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

Advertisements

#11
dbreeze
Posted 04 September 2014 - 08:14 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Hi rsw74,

Don't worry about the logs double posting; we all have those kinds of days. :spoton:

I have looked at the Fixlog, the FRST & Addition and the Malwarebytes AM logs you posted. It looks as if this infection is a little more stubborn than first indicated but we will get it.  I know that this is a lot to do but we need to hit this infection fast; if you have any questions or something doesn't go as you think it should, please stop and come here for clarification of the matter until you understand. 

 

Also, until I can see the resulting logs and check them, can you limit your usage of this system as much as possible?  Thank you.

First >>>>

Download the attached fixlist.txt file and save it to the Desktop or Downloads (wherever you have FRST64.exe saved to).

File to download >> Attached File  Fixlist.txt   1.68KB   214 downloads

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Second >>>

Please fix the Chrome DefaultSearchProvider by doing the following:

Search Engines in Chrome - Search Engines are the search providers that your browser uses to search the web for whatever information you want searched for. Should malware change the browser's search engines to use the ones that benefit the malware writers more than it benefits you, you can change this setting back to remove the malicious search engines (usually referred to search redirects).

1) Start Chrome and click on the Menu Button in the upper right hand corner of Chrome.

Menubutton_zps786b9612.jpg

2) In the drop down menu, select Settings.

Menudropdown_zps78855c3e.jpg

3) on the Settings page, look for the Search section and click on "Manage search engines ..."

Searchonsettings_zps20402b0c.jpg

4) On the window that opens, use your mouse to highlight the search engine you want and click on the option that shows in the highlight bar. You can make the focused line the Default Search engine to use all the time or delete that Search Engine from Chrome. In the picture below, one could choose to make Ask.com the Default Search engine by clicking on the words "Make Default" or one could delete the search engine by clicking on the X. Once you are finished making the changes you would like, click on the Done button on the bottom and then close the Settings tab.

SearchEnginessettings_zpse70f8fdf.jpg

Third >>>>

Please run a scan and clean with AdwCleaner ---

AdwCleaner by Xplode

Please delete the copy of AdwCleaner you have on your system now and download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Fourth>>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.

Fifth>>>>

Please check you Avast! Free AntiVirus to see if it reports any problems. Some of the logs show that the AntiVirus is disabled and some files are not showing where I would think they should be. Please let me know what the Avast user interface (Avast main screen) tells you.

Sixth>>>>

A follow-up scan with FRST64

  • Right click on the FRST64.exe file and select "Run as Administrator..." When the tool opens click Yes to disclaimer.
  • Allow the program to update if it says there is a new version.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

Things I'd like to see next >>>>

  • The Fixlog.txt log text.
  • The AdwCleaner log text.
  • The JRT log text.
  • How did the Chrome reset go?
  • What did the Avast main screen say?
  • The latest FRST scan log (no need for Addition this time).

  • 0

#12
rsw74
Posted 04 September 2014 - 01:01 PM

rsw74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

STEP ONE: 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Owner (administrator) on OWNER-PC on 04-09-2014 14:38:28
Running from C:\Users\Owner\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-31] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default
FF Homepage: hxxp://www.google.com/
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-31]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSearchProvider: Default -> Ask
CHR DefaultSearchURL: Default -> http://www.ask.com/web?q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ss.ask.com/qu...rchTerms}&li=ff
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-01]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-31]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-31] (AVAST Software)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-31] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 14:34 - 2014-09-04 14:34 - 00000633 _____ () C:\Users\Owner\Downloads\JRT.txt
2014-09-04 14:33 - 2014-09-04 14:33 - 00000633 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-04 14:24 - 2014-09-04 14:24 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-09-04 14:11 - 2014-09-04 14:11 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-09-04 13:37 - 2014-09-04 13:37 - 01370467 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-09-03 21:43 - 2014-09-03 21:52 - 00039844 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-03 17:50 - 2014-09-03 17:50 - 00002124 _____ () C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.txt
2014-09-03 17:39 - 2014-09-03 17:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:39 - 2014-09-03 17:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 17:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 17:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 17:38 - 2014-09-03 17:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 14:26 - 2014-09-03 14:27 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved) (1).xlsx
2014-09-03 14:26 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved).xlsx
2014-09-03 13:38 - 2014-09-03 13:38 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-03 12:26 - 2014-09-03 12:26 - 02136309 _____ () C:\Users\Owner\Desktop\Search.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00002209 _____ () C:\Users\Owner\Downloads\aswMBR.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00000512 _____ () C:\Users\Owner\Downloads\MBR.dat
2014-09-02 13:17 - 2014-09-02 13:17 - 05185536 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr (1).exe
2014-09-02 13:16 - 2014-09-02 13:16 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-02 13:13 - 2014-09-02 13:13 - 00001202 _____ () C:\Users\Owner\Downloads\[Untitled] (1) - Shortcut.lnk
2014-09-02 13:12 - 2014-09-03 21:52 - 00032074 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-02 13:11 - 2014-09-04 14:39 - 00011003 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-02 13:11 - 2014-09-04 14:38 - 00000000 ____D () C:\FRST
2014-09-02 13:09 - 2014-09-02 13:09 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-01 22:13 - 2014-09-03 12:20 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-01 22:13 - 2014-09-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 22:12 - 2014-09-04 14:37 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 22:12 - 2014-09-04 14:17 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 22:12 - 2014-09-01 22:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-01 22:12 - 2014-09-01 22:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-01 21:31 - 2014-09-04 13:57 - 00000000 ____D () C:\AdwCleaner
2014-09-01 16:16 - 2014-09-01 21:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-01 11:26 - 2010-08-05 17:01 - 00014680 _____ () C:\Windows\system32\sh4native.exe
2014-08-31 22:09 - 2014-08-31 22:09 - 00284224 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00857696 _____ ( ) C:\Users\Owner\Downloads\Firefox_Setup.exe
2014-08-31 22:05 - 2014-08-31 22:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 22:04 - 2014-09-04 13:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-31 22:04 - 2014-08-31 22:05 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 22:04 - 2014-08-31 22:04 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 22:04 - 2014-08-31 22:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 22:03 - 2014-08-31 22:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-31 21:59 - 2014-09-01 22:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-29 11:14 - 2014-09-01 11:34 - 00003127 _____ () C:\sh4_service.log
2014-08-29 07:13 - 2014-08-29 07:13 - 00319923 _____ () C:\spyhunter.log
2014-08-28 23:50 - 2013-10-18 15:01 - 00285747 _____ () C:\shldr
2014-08-28 23:50 - 2013-10-18 15:01 - 00008192 _____ () C:\shldr.mbr
2014-08-28 22:45 - 2014-08-28 22:45 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:44 - 2014-08-28 22:44 - 00002216 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\sh4ldr
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:44 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-08-28 22:41 - 2014-08-28 22:41 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2014-08-27 20:51 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:51 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:51 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:26 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 12:26 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 12:26 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 12:26 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 12:26 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 12:26 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 12:25 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 12:25 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 16:56 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 16:56 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 16:56 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:56 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:56 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 16:56 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 16:56 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 16:56 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:56 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 16:56 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:56 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 16:56 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:56 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 16:56 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 16:56 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:56 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:56 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 16:56 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 16:56 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 16:56 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:56 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 16:56 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 16:56 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 16:56 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 16:56 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:56 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 16:56 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 16:56 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 16:56 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 16:56 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:56 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 16:56 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 16:56 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:56 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 16:56 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 16:56 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 16:56 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 16:56 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:56 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 16:56 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 16:56 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:56 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 16:56 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 16:56 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 16:56 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 16:56 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:56 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 16:56 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 16:56 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 16:56 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 16:56 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:56 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:56 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 16:56 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 16:56 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 16:56 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 16:56 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 16:56 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 16:56 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 16:56 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 16:56 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 16:56 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 16:56 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 16:56 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 16:56 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 16:55 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 16:55 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 16:55 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 16:55 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 14:39 - 2014-09-02 13:11 - 00011003 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-04 14:38 - 2014-09-02 13:11 - 00000000 ____D () C:\FRST
2014-09-04 14:37 - 2014-09-01 22:12 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 14:37 - 2012-04-04 21:20 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-09-04 14:37 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 14:37 - 2009-07-14 00:51 - 00074819 _____ () C:\Windows\setupact.log
2014-09-04 14:36 - 2012-04-04 21:02 - 01346267 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 14:34 - 2014-09-04 14:34 - 00000633 _____ () C:\Users\Owner\Downloads\JRT.txt
2014-09-04 14:33 - 2014-09-04 14:33 - 00000633 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-04 14:24 - 2014-09-04 14:24 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-09-04 14:17 - 2014-09-01 22:12 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 14:11 - 2014-09-04 14:11 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-09-04 14:05 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 14:05 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 13:58 - 2014-08-31 22:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-04 13:57 - 2014-09-01 21:31 - 00000000 ____D () C:\AdwCleaner
2014-09-04 13:57 - 2013-11-02 12:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 13:57 - 2011-11-03 05:57 - 01460776 _____ () C:\Windows\PFRO.log
2014-09-04 13:37 - 2014-09-04 13:37 - 01370467 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-09-03 21:52 - 2014-09-03 21:43 - 00039844 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-03 21:52 - 2014-09-02 13:12 - 00032074 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-03 17:54 - 2014-09-03 17:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:50 - 2014-09-03 17:50 - 00002124 _____ () C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.txt
2014-09-03 17:39 - 2014-09-03 17:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:38 - 2014-09-03 17:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 16:02 - 2012-04-04 18:47 - 00000000 ___HD () C:\ASUS.DAT
2014-09-03 14:27 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved) (1).xlsx
2014-09-03 14:26 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved).xlsx
2014-09-03 13:38 - 2014-09-03 13:38 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-03 12:26 - 2014-09-03 12:26 - 02136309 _____ () C:\Users\Owner\Desktop\Search.txt
2014-09-03 12:20 - 2014-09-01 22:13 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-02 20:48 - 2009-07-14 01:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-02 20:46 - 2013-03-22 19:40 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-09-02 20:32 - 2013-03-22 19:40 - 00012045 _____ () C:\Users\Owner\Documents\Passwords RSW (Autosaved).xlsx
2014-09-02 13:26 - 2014-09-02 13:26 - 00002209 _____ () C:\Users\Owner\Downloads\aswMBR.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00000512 _____ () C:\Users\Owner\Downloads\MBR.dat
2014-09-02 13:17 - 2014-09-02 13:17 - 05185536 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr (1).exe
2014-09-02 13:16 - 2014-09-02 13:16 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-02 13:13 - 2014-09-02 13:13 - 00001202 _____ () C:\Users\Owner\Downloads\[Untitled] (1) - Shortcut.lnk
2014-09-02 13:09 - 2014-09-02 13:09 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-01 22:32 - 2013-11-02 12:32 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-01 22:32 - 2013-11-02 12:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-01 22:32 - 2013-11-02 12:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-01 22:13 - 2014-09-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 22:13 - 2014-08-31 21:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-01 22:12 - 2014-09-01 22:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-01 22:12 - 2014-09-01 22:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:37 - 2012-04-04 21:18 - 00002814 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-09-01 21:04 - 2014-09-01 16:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-01 11:34 - 2014-08-29 11:14 - 00003127 _____ () C:\sh4_service.log
2014-08-31 22:13 - 2012-04-04 21:18 - 00001501 _____ () C:\Windows\system32\ServiceFilter.ini
2014-08-31 22:09 - 2014-08-31 22:09 - 00284224 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00857696 _____ ( ) C:\Users\Owner\Downloads\Firefox_Setup.exe
2014-08-31 22:05 - 2014-08-31 22:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 22:05 - 2014-08-31 22:04 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 22:04 - 2014-08-31 22:04 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 22:04 - 2014-08-31 22:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 22:03 - 2014-08-31 22:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 22:03 - 2012-09-09 22:45 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-31 21:45 - 2012-04-09 12:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2014-08-31 20:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-29 13:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-29 07:13 - 2014-08-29 07:13 - 00319923 _____ () C:\spyhunter.log
2014-08-29 07:13 - 2013-04-15 15:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE
2014-08-28 22:45 - 2014-08-28 22:45 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:44 - 2014-08-28 22:44 - 00002216 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\sh4ldr
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:41 - 2014-08-28 22:41 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2014-08-28 21:44 - 2009-07-13 22:34 - 00000580 _____ () C:\Windows\win.ini
2014-08-28 21:39 - 2012-04-04 18:48 - 00001415 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-28 12:40 - 2009-07-14 00:45 - 00410024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 22:07 - 2014-08-27 20:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 20:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 20:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:53 - 2012-04-09 13:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 12:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 12:42 - 2013-08-09 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 12:38 - 2012-04-08 00:12 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 12:24 - 2014-05-07 13:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-06 22:06 - 2014-08-15 16:55 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 16:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2012-04-04 19:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-29 13:22
 
==================== End Of Log ============================
 
STEP 2: 
Chrome setting changed from Default Google to ASK ... FYI I hate ASK
 
STEP 3: 
AdwCleaner: 
# AdwCleaner v3.309 - Report created 04/09/2014 at 13:57:19
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v19.0.2 (en-US)
 
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [16305 octets] - [01/09/2014 21:32:03]
AdwCleaner[R1].txt - [1059 octets] - [04/09/2014 13:37:58]
AdwCleaner[R2].txt - [1120 octets] - [04/09/2014 13:52:32]
AdwCleaner[S0].txt - [16283 octets] - [01/09/2014 21:34:37]
AdwCleaner[S1].txt - [1188 octets] - [04/09/2014 13:57:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1248 octets] ##########
 
STEP 4: Junkware Removal Tool Log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Thu 09/04/2014 at 14:12:22.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/04/2014 at 14:33:48.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
STEP 5: Avast

 

Turned on. Everything is good is what it reads. Rebooted. Still same

 

STEP 6: 

Reran FRST64.exe

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Owner (administrator) on OWNER-PC on 04-09-2014 14:58:16
Running from C:\Users\Owner\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-31] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default
FF Homepage: hxxp://www.google.com/
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-31]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSearchProvider: Default -> Ask
CHR DefaultSearchURL: Default -> http://www.ask.com/web?q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ss.ask.com/qu...rchTerms}&li=ff
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-01]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-31]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-31] (AVAST Software)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-31] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 14:34 - 2014-09-04 14:34 - 00000633 _____ () C:\Users\Owner\Downloads\JRT.txt
2014-09-04 14:33 - 2014-09-04 14:33 - 00000633 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-04 14:24 - 2014-09-04 14:24 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-09-04 14:11 - 2014-09-04 14:11 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-09-04 13:37 - 2014-09-04 13:37 - 01370467 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-09-03 21:43 - 2014-09-03 21:52 - 00039844 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-03 17:50 - 2014-09-03 17:50 - 00002124 _____ () C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.txt
2014-09-03 17:39 - 2014-09-03 17:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:39 - 2014-09-03 17:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 17:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 17:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 17:38 - 2014-09-03 17:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 14:26 - 2014-09-03 14:27 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved) (1).xlsx
2014-09-03 14:26 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved).xlsx
2014-09-03 13:38 - 2014-09-03 13:38 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-03 12:26 - 2014-09-03 12:26 - 02136309 _____ () C:\Users\Owner\Desktop\Search.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00002209 _____ () C:\Users\Owner\Downloads\aswMBR.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00000512 _____ () C:\Users\Owner\Downloads\MBR.dat
2014-09-02 13:17 - 2014-09-02 13:17 - 05185536 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr (1).exe
2014-09-02 13:16 - 2014-09-02 13:16 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-02 13:13 - 2014-09-02 13:13 - 00001202 _____ () C:\Users\Owner\Downloads\[Untitled] (1) - Shortcut.lnk
2014-09-02 13:12 - 2014-09-03 21:52 - 00032074 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-02 13:11 - 2014-09-04 14:58 - 00011422 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-02 13:11 - 2014-09-04 14:58 - 00000000 ____D () C:\FRST
2014-09-02 13:09 - 2014-09-02 13:09 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-01 22:13 - 2014-09-03 12:20 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-01 22:13 - 2014-09-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 22:12 - 2014-09-04 14:37 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 22:12 - 2014-09-04 14:17 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 22:12 - 2014-09-01 22:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-01 22:12 - 2014-09-01 22:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-01 21:31 - 2014-09-04 13:57 - 00000000 ____D () C:\AdwCleaner
2014-09-01 16:16 - 2014-09-01 21:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-01 11:26 - 2010-08-05 17:01 - 00014680 _____ () C:\Windows\system32\sh4native.exe
2014-08-31 22:09 - 2014-08-31 22:09 - 00284224 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00857696 _____ ( ) C:\Users\Owner\Downloads\Firefox_Setup.exe
2014-08-31 22:05 - 2014-08-31 22:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 22:04 - 2014-09-04 13:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-31 22:04 - 2014-08-31 22:05 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 22:04 - 2014-08-31 22:04 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 22:04 - 2014-08-31 22:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 22:03 - 2014-08-31 22:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-31 21:59 - 2014-09-01 22:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-29 11:14 - 2014-09-01 11:34 - 00003127 _____ () C:\sh4_service.log
2014-08-29 07:13 - 2014-08-29 07:13 - 00319923 _____ () C:\spyhunter.log
2014-08-28 23:50 - 2013-10-18 15:01 - 00285747 _____ () C:\shldr
2014-08-28 23:50 - 2013-10-18 15:01 - 00008192 _____ () C:\shldr.mbr
2014-08-28 22:45 - 2014-08-28 22:45 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:44 - 2014-08-28 22:44 - 00002216 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\sh4ldr
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:44 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-08-28 22:41 - 2014-08-28 22:41 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2014-08-27 20:51 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:51 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:51 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:26 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 12:26 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 12:26 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 12:26 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 12:26 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 12:26 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 12:25 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 12:25 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 16:56 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 16:56 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 16:56 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:56 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:56 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 16:56 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 16:56 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 16:56 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:56 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 16:56 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:56 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 16:56 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:56 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 16:56 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 16:56 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:56 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:56 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 16:56 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 16:56 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 16:56 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:56 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 16:56 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 16:56 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 16:56 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 16:56 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:56 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 16:56 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 16:56 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 16:56 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 16:56 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:56 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 16:56 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 16:56 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:56 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 16:56 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 16:56 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 16:56 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 16:56 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:56 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 16:56 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 16:56 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:56 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 16:56 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 16:56 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 16:56 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 16:56 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:56 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 16:56 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 16:56 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 16:56 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 16:56 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:56 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:56 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 16:56 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 16:56 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 16:56 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 16:56 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 16:56 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 16:56 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 16:56 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 16:56 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 16:56 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 16:56 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 16:56 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 16:56 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 16:56 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 16:55 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 16:55 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 16:55 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 16:55 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 14:58 - 2014-09-02 13:11 - 00011422 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-09-04 14:58 - 2014-09-02 13:11 - 00000000 ____D () C:\FRST
2014-09-04 14:57 - 2013-11-02 12:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 14:44 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 14:44 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 14:37 - 2014-09-01 22:12 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 14:37 - 2012-04-04 21:20 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-09-04 14:37 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 14:37 - 2009-07-14 00:51 - 00074819 _____ () C:\Windows\setupact.log
2014-09-04 14:36 - 2012-04-04 21:02 - 01349627 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 14:34 - 2014-09-04 14:34 - 00000633 _____ () C:\Users\Owner\Downloads\JRT.txt
2014-09-04 14:33 - 2014-09-04 14:33 - 00000633 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-09-04 14:24 - 2014-09-04 14:24 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-09-04 14:17 - 2014-09-01 22:12 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 14:11 - 2014-09-04 14:11 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-09-04 13:58 - 2014-08-31 22:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-04 13:57 - 2014-09-01 21:31 - 00000000 ____D () C:\AdwCleaner
2014-09-04 13:57 - 2011-11-03 05:57 - 01460776 _____ () C:\Windows\PFRO.log
2014-09-04 13:37 - 2014-09-04 13:37 - 01370467 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-09-03 21:52 - 2014-09-03 21:43 - 00039844 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-03 21:52 - 2014-09-02 13:12 - 00032074 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-03 17:54 - 2014-09-03 17:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:50 - 2014-09-03 17:50 - 00002124 _____ () C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.txt
2014-09-03 17:39 - 2014-09-03 17:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 17:39 - 2014-09-03 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:38 - 2014-09-03 17:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 16:02 - 2012-04-04 18:47 - 00000000 ___HD () C:\ASUS.DAT
2014-09-03 14:27 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved) (1).xlsx
2014-09-03 14:26 - 2014-09-03 14:26 - 00012045 _____ () C:\Users\Owner\Downloads\Passwords_RSW_(Autosaved).xlsx
2014-09-03 13:38 - 2014-09-03 13:38 - 02104832 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-03 12:26 - 2014-09-03 12:26 - 02136309 _____ () C:\Users\Owner\Desktop\Search.txt
2014-09-03 12:20 - 2014-09-01 22:13 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-02 20:48 - 2009-07-14 01:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-02 20:46 - 2013-03-22 19:40 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-09-02 20:32 - 2013-03-22 19:40 - 00012045 _____ () C:\Users\Owner\Documents\Passwords RSW (Autosaved).xlsx
2014-09-02 13:26 - 2014-09-02 13:26 - 00002209 _____ () C:\Users\Owner\Downloads\aswMBR.txt
2014-09-02 13:26 - 2014-09-02 13:26 - 00000512 _____ () C:\Users\Owner\Downloads\MBR.dat
2014-09-02 13:17 - 2014-09-02 13:17 - 05185536 _____ (AVAST Software) C:\Users\Owner\Downloads\aswmbr (1).exe
2014-09-02 13:16 - 2014-09-02 13:16 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-02 13:13 - 2014-09-02 13:13 - 00001202 _____ () C:\Users\Owner\Downloads\[Untitled] (1) - Shortcut.lnk
2014-09-02 13:09 - 2014-09-02 13:09 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-09-01 22:32 - 2013-11-02 12:32 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-01 22:32 - 2013-11-02 12:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-01 22:32 - 2013-11-02 12:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-01 22:13 - 2014-09-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 22:13 - 2014-08-31 21:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-01 22:12 - 2014-09-01 22:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-01 22:12 - 2014-09-01 22:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 21:37 - 2012-04-04 21:18 - 00002814 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-09-01 21:04 - 2014-09-01 16:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-01 11:34 - 2014-08-29 11:14 - 00003127 _____ () C:\sh4_service.log
2014-08-31 22:13 - 2012-04-04 21:18 - 00001501 _____ () C:\Windows\system32\ServiceFilter.ini
2014-08-31 22:09 - 2014-08-31 22:09 - 00284224 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-31 22:08 - 2014-08-31 22:08 - 00857696 _____ ( ) C:\Users\Owner\Downloads\Firefox_Setup.exe
2014-08-31 22:05 - 2014-08-31 22:05 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-31 22:05 - 2014-08-31 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 22:05 - 2014-08-31 22:04 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 22:04 - 2014-08-31 22:04 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 22:04 - 2014-08-31 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 22:04 - 2014-08-31 22:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 22:03 - 2014-08-31 22:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 22:03 - 2012-09-09 22:45 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-08-31 22:02 - 2014-08-31 22:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-31 21:45 - 2012-04-09 12:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2014-08-31 20:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-29 13:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-29 07:13 - 2014-08-29 07:13 - 00319923 _____ () C:\spyhunter.log
2014-08-29 07:13 - 2013-04-15 15:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE
2014-08-28 22:45 - 2014-08-28 22:45 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:44 - 2014-08-28 22:44 - 00002216 _____ () C:\Users\Owner\Desktop\SpyHunter.lnk
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\sh4ldr
2014-08-28 22:44 - 2014-08-28 22:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:41 - 2014-08-28 22:41 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2014-08-28 21:44 - 2009-07-13 22:34 - 00000580 _____ () C:\Windows\win.ini
2014-08-28 21:39 - 2012-04-04 18:48 - 00001415 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-28 12:40 - 2009-07-14 00:45 - 00410024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 22:07 - 2014-08-27 20:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 20:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 20:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 12:53 - 2012-04-09 13:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 12:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 12:42 - 2013-08-09 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 12:38 - 2012-04-08 00:12 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 12:24 - 2014-05-07 13:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-06 22:06 - 2014-08-15 16:55 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 16:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2012-04-04 19:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-29 13:22
 
==================== End Of Log ============================
 
Hope this helps. 

  • 0

#13
dbreeze
Posted 04 September 2014 - 01:10 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Hi rsw74,

 

The logs look really good but I need the Fixlog.txt log.  Is there one on your desktop from today?  The first step was to run a Fix script so I'm just wondering about that.  You can change the default on Chrome back to Google if you want; the last FRST log you posted yesterday showed that it was set to something bad.


  • 0

#14
rsw74
Posted 04 September 2014 - 03:19 PM

rsw74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Owner at 2014-09-04 13:32:16 Run:3
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-4017879251-712517348-3191472780-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-4017879251-712517348-3191472780-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
CHR HomePage: Default -> 6D118E2F935E1C5729B7017D012BFD8A906D1042F33569F17D3BFBABD421F6C2
CHR DefaultSearchKeyword: Default -> BA76BDBA0DC0A69BBE2A63B7EC1070A0D3ED1A0432A83413A01D8147E7545948
CHR DefaultSearchURL: Default -> FBD15F79EE25BD327B91CEC2749FBC1B7C9134B3F3BDD8AD3D0C046459B0298A
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
Task: {66955FD2-C674-442A-91DB-689142BD0AF0} - \{BC32EEB2-9C7D-4AC0-A225-CB87BCC6233D} No Task File <==== ATTENTION
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\CT3289847
C:\Users\Owner\Downloads\rcpsetupmapp3_mapp31278418us.exe 
C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} 
DeleteKey: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQPureV1.8 
DeleteKey: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\videos MediaPlay-Air 
Reg: reg add HKU\S-1-5-21-4017879251-712517348-3191472780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED /v Start_ShowSearch /t REG_DWORD /d 1 /f
Folder: C:\FRST
EmptyTemp:
end
 
*****************
 
HKU\S-1-5-21-4017879251-712517348-3191472780-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktopCleanupWizard => value deleted successfully.
HKU\S-1-5-21-4017879251-712517348-3191472780-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetOpenWith => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66955FD2-C674-442A-91DB-689142BD0AF0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66955FD2-C674-442A-91DB-689142BD0AF0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BC32EEB2-9C7D-4AC0-A225-CB87BCC6233D}" => Key deleted successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\CT3289847 => Moved successfully.
"C:\Users\Owner\Downloads\rcpsetupmapp3_mapp31278418us.exe " => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} " => File/Directory not found.
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQPureV1.8  => Key not found.
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\videos MediaPlay-Air  => Key not found.
 
========= reg add HKU\S-1-5-21-4017879251-712517348-3191472780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED /v Start_ShowSearch /t REG_DWORD /d 1 /f =========
 
ERROR: The parameter is incorrect.
 
 
 
========= End of Reg: =========
 
 
========================= Folder: C:\FRST ========================
 
2014-09-04 13:32 - 2014-09-04 13:32 - 0000093 _____ () C:\FRST\users00
2014-09-02 13:11 - 2014-09-02 13:11 - 0000000 ____D () C:\FRST\Hives
2014-09-02 13:11 - 2014-09-02 13:11 - 0032768 _____ () C:\FRST\Hives\BCD
2014-09-02 13:11 - 2014-09-02 13:11 - 83259392 _____ () C:\FRST\Hives\COMPONENTS
2014-09-02 13:11 - 2014-09-02 13:11 - 0262144 _____ () C:\FRST\Hives\DEFAULT
2014-09-02 13:11 - 2014-09-02 13:11 - 0000884 _____ () C:\FRST\Hives\ERDNT.CON
2014-09-02 13:11 - 2013-02-21 22:04 - 0163328 _____ () C:\FRST\Hives\ERDNT.EXE
2014-09-02 13:11 - 2014-09-02 13:11 - 0000901 _____ () C:\FRST\Hives\ERDNT.INF
2014-09-02 13:11 - 2013-02-21 22:04 - 0002815 _____ () C:\FRST\Hives\ERDNTDOS.LOC
2014-09-02 13:11 - 2013-02-21 22:04 - 0003275 _____ () C:\FRST\Hives\ERDNTWIN.LOC
2014-09-02 13:11 - 2014-09-02 13:11 - 0024576 _____ () C:\FRST\Hives\SAM
2014-09-02 13:11 - 2014-09-02 13:11 - 0024576 _____ () C:\FRST\Hives\SECURITY
2014-09-02 13:11 - 2014-09-02 13:11 - 75751424 _____ () C:\FRST\Hives\software
2014-09-02 13:11 - 2014-09-02 13:11 - 20889600 _____ () C:\FRST\Hives\system
2014-09-02 13:11 - 2014-09-02 13:11 - 0000000 ____D () C:\FRST\Hives\Users
2014-09-02 13:11 - 2014-09-02 13:11 - 0000000 ____D () C:\FRST\Hives\Users\00000001
2014-09-02 13:11 - 2014-09-02 13:11 - 3375104 _____ () C:\FRST\Hives\Users\00000001\ntuser.dat
2014-09-02 13:11 - 2014-09-02 13:11 - 0000000 ____D () C:\FRST\Hives\Users\00000002
2014-09-02 13:11 - 2014-09-02 13:11 - 2236416 _____ () C:\FRST\Hives\Users\00000002\usrclass.dat
2014-09-02 13:11 - 2014-09-04 13:32 - 0000000 ____D () C:\FRST\Logs
2014-09-03 21:52 - 2014-09-03 21:52 - 0031184 _____ () C:\FRST\Logs\Addition.txt
2014-09-02 13:13 - 2014-09-02 13:13 - 0030693 _____ () C:\FRST\Logs\Addition_03-09-2014_21-51-50.txt
2014-09-03 17:22 - 2014-09-04 13:32 - 0000001 _____ () C:\FRST\Logs\ct
2014-09-03 13:56 - 2014-09-03 13:56 - 0004906 _____ () C:\FRST\Logs\fixlist.txt.txt
2014-09-03 17:32 - 2014-09-03 17:31 - 0010862 _____ () C:\FRST\Logs\Fixlog_03-09-2014_17-32-11.txt
2014-09-02 13:13 - 2014-09-02 13:13 - 0040299 _____ () C:\FRST\Logs\FRST_02-09-2014_13-13-22.txt
2014-09-03 12:35 - 2014-09-03 12:35 - 0041146 _____ () C:\FRST\Logs\FRST_03-09-2014_12-35-13.txt
2014-09-03 21:43 - 2014-09-03 21:43 - 0040012 _____ () C:\FRST\Logs\FRST_03-09-2014_21-43-57.txt
2014-09-03 21:51 - 2014-09-03 21:51 - 0039844 _____ () C:\FRST\Logs\FRST_03-09-2014_21-51-20.txt
2014-09-03 21:52 - 2014-09-03 21:52 - 0039844 _____ () C:\FRST\Logs\FRST_03-09-2014_21-52-15.txt
2014-09-02 13:11 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)
2014-09-01 14:20 - 2014-09-01 21:14 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager
2014-09-01 14:20 - 2012-08-12 17:01 - 0020569 _____ (Microsoft Corporation) C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\detoured.dll
2014-09-01 14:20 - 2012-08-12 17:01 - 0000893 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\dlall.htm
2014-09-01 14:20 - 2013-07-18 21:04 - 0001970 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\dlfvideo.htm
2014-09-01 14:20 - 2013-09-30 21:01 - 0002350 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\dllink.htm
2014-09-01 14:20 - 2012-08-12 17:01 - 0000454 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\dlpage.htm
2014-09-01 14:20 - 2012-08-12 17:01 - 0000463 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\dlselected.htm
2014-09-01 14:20 - 2014-04-22 21:53 - 0056320 _____ (FreeDownloadManager.ORG) C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\etasks.exe
2014-09-01 14:20 - 2014-05-09 01:29 - 6983168 _____ (FreeDownloadManager.ORG) C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\fdm.exe
2014-09-01 14:20 - 2014-04-22 21:54 - 0011436 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\fdm.tlb
2014-09-01 14:20 - 2014-09-01 14:20 - 0000054 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\fdm.url
2014-09-01 14:20 - 2012-08-12 17:01 - 0002714 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\fdm_01.gif
2014-09-01 14:20 - 2014-04-29 12:43 - 3553280 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
2014-09-01 14:20 - 2012-08-12 17:01 - 0000008 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\fdmcs.dat
2014-09-01 14:20 - 2014-04-22 21:52 - 0106496 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\fdmumsp.dll
2014-09-01 14:20 - 2014-04-29 15:44 - 1724928 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\fdmwi.exe
2014-09-01 14:20 - 2014-04-29 15:44 - 0622592 _____ ( ) C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\flvsniff.dll
2014-09-01 14:20 - 2014-04-29 15:46 - 0365056 _____ (FreeDownloadManager.ORG) C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\iefdm2.dll
2014-09-01 14:20 - 2014-04-29 15:44 - 0397312 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\iefdmdm.dll
2014-09-01 14:20 - 2012-08-12 17:01 - 0035801 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\license.txt
2014-09-01 14:20 - 2012-08-12 17:01 - 6368270 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\MediaConverter.dll
2014-09-01 14:20 - 2014-04-22 21:53 - 0196608 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\msdl.dll
2014-09-01 14:20 - 2014-04-29 15:44 - 0144896 _____ (FreeDownloadManager.org) C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\npfdm.dll
2014-09-01 14:20 - 2012-08-12 17:01 - 0034460 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\player.swf
2014-09-01 14:20 - 2012-08-12 17:01 - 0000148 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\sigkey.dat
2014-09-01 14:20 - 2012-08-12 17:02 - 0001362 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\tips.dat
2014-09-01 14:20 - 2014-09-01 14:20 - 0074437 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\unins000.dat
2014-09-01 14:20 - 2014-04-22 21:53 - 0049664 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Updater.exe
2014-09-01 14:20 - 2014-04-22 21:51 - 0039936 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\vistafx.dll
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Archive
2014-09-01 14:20 - 2012-08-12 17:01 - 0160768 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Archive\unrar.dll
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Archive\7-zip
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Archive\7-zip\Codecs
2014-09-01 14:20 - 2012-08-12 17:01 - 0026624 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Archive\7-zip\Codecs\Deflate.dll
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Archive\7-zip\Formats
2014-09-01 14:20 - 2012-08-12 17:01 - 0026112 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Archive\7-zip\Formats\arj.dll
2014-09-01 14:20 - 2012-08-12 17:01 - 0066048 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Archive\7-zip\Formats\zip.dll
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Chrome
2014-09-01 14:20 - 2014-05-09 01:28 - 0119808 _____ (FreeDownloadManager.ORG) C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Chrome\fdm_nativehost.exe
2014-09-01 14:20 - 2014-04-19 17:38 - 0000197 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Chrome\manifest.json
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension
2014-09-01 14:20 - 2014-05-10 05:52 - 0000466 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\chrome.manifest
2014-09-01 14:20 - 2014-05-10 05:54 - 0001367 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\install.rdf
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\chrome
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\chrome\content
2014-09-01 14:20 - 2013-01-02 16:23 - 0007706 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\chrome\content\fdm_brcache.js
2014-09-01 14:20 - 2012-08-12 17:01 - 0001840 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\chrome\content\fdm_dldObserver.js
2014-09-01 14:20 - 2014-04-19 17:38 - 0009520 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\chrome\content\fdm_ffext.js
2014-09-01 14:20 - 2012-08-12 17:01 - 0001222 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\chrome\content\fdm_ffext.xul
2014-09-01 14:20 - 2013-09-16 14:06 - 0005059 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\chrome\content\fdm_ffextDM.js
2014-09-01 14:20 - 2012-08-12 17:01 - 0000206 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\chrome\content\fdm_ffextDM.xul
2014-09-01 14:20 - 2012-08-12 17:01 - 0001850 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\chrome\content\fdm_ffpxy.js
2014-09-01 14:20 - 2012-08-12 17:01 - 0016695 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\chrome\content\fdm_fmbtn.js
2014-09-01 14:20 - 2014-05-07 16:00 - 0002796 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\chrome\content\fdm_objtabs.css
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\components
2014-09-01 14:20 - 2012-08-12 17:01 - 0000000 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\components\.autoreg
2014-09-01 14:20 - 2014-04-29 13:22 - 0001496 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\components\ivmsfdmff.xpt
2014-09-01 14:20 - 2014-04-29 13:22 - 0001499 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\components\ivmsfdmff22.xpt
2014-09-01 14:20 - 2014-04-29 13:22 - 0001499 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\components\ivmsfdmff30.xpt
2014-09-01 14:20 - 2013-03-11 12:35 - 0283648 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\components\vmsfdmff.dll
2014-09-01 14:20 - 2014-04-22 22:02 - 0283648 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\components\vmsfdmff22.dll
2014-09-01 14:20 - 2014-04-29 20:20 - 0284160 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Firefox\extension\components\vmsfdmff30.dll
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Help
2014-09-01 14:20 - 2012-08-12 17:01 - 0740066 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Help\Free Download Manager.chm
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language
2014-09-01 14:20 - 2012-08-12 17:01 - 0042064 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\alb.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0058196 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\arb.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0070225 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\bul.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0067998 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\cat.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0039596 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\chs.lng
2014-09-01 14:20 - 2013-10-03 05:49 - 0044530 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\cht.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0057160 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\cro.lng
2014-09-01 14:20 - 2013-03-11 12:10 - 0068019 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\czk.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0049447 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\dan.lng
2014-09-01 14:20 - 2013-03-11 12:10 - 0070644 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\dut.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0048416 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\ell.lng
2014-09-01 14:20 - 2014-07-09 07:35 - 0068020 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\eng.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0063378 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\far.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0040149 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\fin.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0072913 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\fre.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0064553 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\gal.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0067035 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\ger.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0031226 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\heb.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0067671 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\hun.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0067057 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\id.lng
2014-09-01 14:20 - 2013-09-25 22:46 - 0077898 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\ita.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0060776 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\jpn.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0052225 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\kor.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0060130 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\lt.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0040454 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\mac.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0049526 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\nor.LNG
2014-09-01 14:20 - 2013-09-23 21:21 - 0071699 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\pol.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0072635 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\pt_PT.lng
2014-09-01 14:20 - 2013-01-11 07:42 - 0075519 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\ptbr.lng
2014-09-01 14:20 - 2013-03-11 12:10 - 0077100 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\rom.lng
2014-09-01 14:20 - 2014-07-09 07:35 - 0066420 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\rus.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0068946 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\slo.lng
2014-09-01 14:20 - 2013-11-04 17:57 - 0077171 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\spn.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0063249 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\srb.lng
2014-09-01 14:20 - 2013-01-02 16:23 - 0068570 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\svk.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0053481 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\swe.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0062549 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\tha.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0069246 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\tur.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0060904 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\ukr.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0047005 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\uzb.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0067258 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\val.lng
2014-09-01 14:20 - 2012-08-12 17:01 - 0059220 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Language\vie.lng
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Plugins
2014-09-01 14:20 - 2012-08-12 17:01 - 0000103 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Plugins\FDM plugins SDK.url
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Server
2014-09-01 14:20 - 2012-10-12 00:11 - 0000978 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Server\adddownloadres_err.html
2014-09-01 14:20 - 2012-08-12 17:02 - 0000990 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Server\adddownloadres_ok.html
2014-09-01 14:20 - 2012-08-12 17:02 - 0000870 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Server\compdlds.html
2014-09-01 14:20 - 2012-10-12 00:11 - 0001492 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Server\index.html
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins
2014-09-01 14:20 - 2012-08-12 17:01 - 0000071 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\How to create a skin.url
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style
2014-09-01 14:20 - 2012-08-12 17:01 - 0001398 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\back.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0001398 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\back_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0001798 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\checks.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0002238 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\choosefolder.ico
2014-09-01 14:20 - 2012-08-12 17:01 - 0002238 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\creategroup.ico
2014-09-01 14:20 - 2012-08-12 17:01 - 0006582 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\dldtasks.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0006582 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\dldtasks_sel.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0003894 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\dlinfo.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0003638 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\dropbox.ico
2014-09-01 14:20 - 2012-08-12 17:01 - 0003318 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\filelist.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0003318 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\filelist_sel.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0000822 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\go.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0006534 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\groups.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0003654 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\groupsmenu.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0003654 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\groupsmenu_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0002238 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\login.ico
2014-09-01 14:20 - 2012-08-12 17:01 - 0004374 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\logstat.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0001590 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\mute.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0002502 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\scheduler.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0002502 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\scheduler_sel.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0002238 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\settime.ico
2014-09-01 14:20 - 2012-08-12 17:01 - 0001686 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\sitelist.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0001686 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\sitelist_sel.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0000153 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\skin.ini
2014-09-01 14:20 - 2012-08-12 17:01 - 0011320 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_bt.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0011318 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_bt_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0011320 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_bt_small.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0011318 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_bt_small_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0009270 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_dld.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0009270 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_dld_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0009270 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_dld_small.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0009270 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_dld_small_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0008246 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_hfe.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0008246 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_hfe_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0008246 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_hfe_small.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0008246 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_hfe_small_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0008246 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_sch.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0008246 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_sch_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0008246 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_sch_small.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0008246 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_sch_small_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0003126 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_sites.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0003126 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_sites_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0003126 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_sites_small.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0003126 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_sites_small_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0008246 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_spider.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0008246 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_spider_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0008246 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_spider_small.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0008246 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool_spider_small_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0018486 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool0.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0018486 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool0_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0018486 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool0_small.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0018486 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tool0_small_d.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0002238 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tosel.ico
2014-09-01 14:20 - 2012-08-12 17:01 - 0002238 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tounsel.ico
2014-09-01 14:20 - 2012-08-12 17:01 - 0001718 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tray.ico
2014-09-01 14:20 - 2012-08-12 17:01 - 0001718 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tray_down.ico
2014-09-01 14:20 - 2012-08-12 17:01 - 0001718 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tray_err.ico
2014-09-01 14:20 - 2012-08-12 17:01 - 0001718 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\tray_starting.ico
2014-09-01 14:20 - 2012-08-12 17:01 - 0002358 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\vidman.bmp
2014-09-01 14:20 - 2012-08-12 17:01 - 0002358 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Free Download Manager\Skins\old style\vidman_d.bmp
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Windows Live
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Program Files (x86)\Windows Live\Photo Gallery
2011-05-13 18:42 - 2011-05-13 18:42 - 0014704 _____ (Microsoft Corporation) C:\FRST\Quarantine\C\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll.xBAD
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\ProgramData
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\ProgramData\Microsoft
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs
2014-09-01 14:20 - 2014-09-01 14:20 - 0000000 ____D () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-09-01 14:20 - 2014-09-01 14:20 - 0001282 _____ () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager\Documentation.lnk
2014-09-01 14:20 - 2014-09-01 14:20 - 0001099 _____ () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager\FDM remote control server.lnk
2014-09-01 14:20 - 2014-09-01 14:20 - 0000872 _____ () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager\Free Download Manager on the Web.lnk
2014-09-01 14:20 - 2014-09-01 14:20 - 0001087 _____ () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager\Free Download Manager.lnk
2014-09-01 14:20 - 2014-09-01 14:20 - 0001118 _____ () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager\Uninstall Free Download Manager.lnk
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2012-04-04 21:18 - 2012-04-04 21:18 - 0002617 _____ () C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk.xBAD
2014-08-28 20:16 - 2014-08-29 07:13 - 0000000 ____D () C:\FRST\Quarantine\C\ProgramData\pJxWIVRBLT
2014-08-28 20:16 - 2014-08-28 20:21 - 0000144 _____ () C:\FRST\Quarantine\C\ProgramData\pJxWIVRBLT\info.dat
2014-08-28 20:16 - 2014-08-28 20:21 - 0000144 _____ () C:\FRST\Quarantine\C\ProgramData\pJxWIVRBLT\pZgHGiAO.dat
2014-08-28 20:16 - 2014-08-28 20:16 - 0000189 _____ () C:\FRST\Quarantine\C\ProgramData\pJxWIVRBLT\pZgHGiAO.exe.config
2014-08-28 20:16 - 2014-08-28 22:38 - 0000000 ____D () C:\FRST\Quarantine\C\ProgramData\pJxWIVRBLT\dat
2014-08-28 22:38 - 2014-08-28 22:38 - 1184112 _____ () C:\FRST\Quarantine\C\ProgramData\pJxWIVRBLT\dat\FtzITSXD.dll
2014-08-28 22:38 - 2014-08-28 22:38 - 0050032 _____ (Small Island Development) C:\FRST\Quarantine\C\ProgramData\pJxWIVRBLT\dat\iSxhABOh.exe
2014-08-28 22:38 - 2014-08-28 22:38 - 0000190 _____ () C:\FRST\Quarantine\C\ProgramData\pJxWIVRBLT\dat\iSxhABOh.exe.config
2014-08-28 22:38 - 2014-08-28 22:38 - 1387376 _____ () C:\FRST\Quarantine\C\ProgramData\pJxWIVRBLT\dat\qhsASBeVpHN.dll
2014-08-28 22:38 - 2014-08-28 22:38 - 0050032 _____ (Small Island Development) C:\FRST\Quarantine\C\ProgramData\pJxWIVRBLT\dat\SpsdCItTq.exe
2014-08-28 22:38 - 2014-08-28 22:38 - 0000190 _____ () C:\FRST\Quarantine\C\ProgramData\pJxWIVRBLT\dat\SpsdCItTq.exe.config
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions
2014-09-01 21:04 - 2014-09-03 17:27 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0
2014-09-01 21:04 - 2014-07-08 15:53 - 0000175 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio_input.html
2014-09-01 21:04 - 2014-07-08 15:53 - 0030773 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio-input-compiled.js
2014-09-01 21:04 - 2014-07-08 15:53 - 0055089 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio-manager-compiled.js
2014-09-01 21:04 - 2014-07-08 15:53 - 0000276 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\background.html
2014-09-01 21:04 - 2014-07-08 15:53 - 0030427 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\content-bundle-compiled.js
2014-09-01 21:04 - 2014-07-08 15:53 - 0000237 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\hotword_.nmf
2014-09-01 21:04 - 2014-07-08 15:53 - 0000243 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\hotword_de.nmf
2014-09-01 21:04 - 2014-07-08 15:53 - 0000252 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\hotword_en-gb.nmf
2014-09-01 21:04 - 2014-07-08 15:53 - 0000243 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\hotword_fr.nmf
2014-09-01 21:04 - 2014-07-08 15:53 - 0000243 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\hotword_ru.nmf
2014-09-01 21:04 - 2014-09-01 21:04 - 0003007 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\manifest.json
2014-09-01 21:04 - 2014-07-08 15:53 - 0019510 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\options.css
2014-09-01 21:04 - 2014-07-08 15:53 - 0002691 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\options.html
2014-09-01 21:04 - 2014-07-08 15:53 - 0010942 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\options-compiled.js
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_metadata
2014-09-01 21:04 - 2014-07-08 15:53 - 0004232 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_metadata\verified_contents.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific\x86-64_
2014-09-01 21:04 - 2014-07-08 15:53 - 0273631 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific\x86-64_\hotword.data
2014-09-01 21:04 - 2014-07-08 15:53 - 0394688 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific\x86-64_\hotword-x86-64.nexe
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio
2014-09-01 21:04 - 2014-07-08 15:53 - 0008918 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio\1_short_Open_16_16.wav
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images
2014-09-01 21:04 - 2014-07-08 15:53 - 0001067 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\error.png
2014-09-01 21:04 - 2014-07-08 15:53 - 0001909 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\hotword.png
2014-09-01 21:04 - 2014-09-01 21:04 - 0003932 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\icon-128.png
2014-09-01 21:04 - 2014-09-01 21:04 - 0000547 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\icon-16.png
2014-09-01 21:04 - 2014-09-01 21:04 - 0001493 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\icon-48.png
2014-09-01 21:04 - 2014-07-08 15:53 - 0000482 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\mic-hotword.gif
2014-09-01 21:04 - 2014-07-08 15:53 - 0000524 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\mic-normal.gif
2014-09-01 21:04 - 2014-07-08 15:53 - 0001809 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\off.png
2014-09-01 21:04 - 2014-07-08 15:53 - 0001873 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\speech.png
2014-09-03 17:36 - 2014-09-03 17:36 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn
2014-09-03 17:36 - 2014-09-04 13:32 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0
2014-09-03 17:36 - 2014-07-08 15:53 - 0000175 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio_input.html
2014-09-03 17:36 - 2014-07-08 15:53 - 0030773 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio-input-compiled.js
2014-09-03 17:36 - 2014-07-08 15:53 - 0055089 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio-manager-compiled.js
2014-09-03 17:36 - 2014-07-08 15:53 - 0000276 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\background.html
2014-09-03 17:36 - 2014-07-08 15:53 - 0030427 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\content-bundle-compiled.js
2014-09-03 17:36 - 2014-07-08 15:53 - 0000237 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\hotword_.nmf
2014-09-03 17:36 - 2014-07-08 15:53 - 0000243 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\hotword_de.nmf
2014-09-03 17:36 - 2014-07-08 15:53 - 0000252 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\hotword_en-gb.nmf
2014-09-03 17:36 - 2014-07-08 15:53 - 0000243 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\hotword_fr.nmf
2014-09-03 17:36 - 2014-07-08 15:53 - 0000243 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\hotword_ru.nmf
2014-09-03 17:36 - 2014-09-03 17:36 - 0003007 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\manifest.json
2014-09-03 17:36 - 2014-07-08 15:53 - 0019510 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\options.css
2014-09-03 17:36 - 2014-07-08 15:53 - 0002691 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\options.html
2014-09-03 17:36 - 2014-07-08 15:53 - 0010942 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\options-compiled.js
2014-09-03 17:36 - 2014-09-04 13:32 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_metadata
2014-09-03 17:36 - 2014-07-08 15:53 - 0004232 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_metadata\verified_contents.json
2014-09-03 17:36 - 2014-09-03 17:36 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific
2014-09-03 17:36 - 2014-09-04 13:32 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific\x86-64_
2014-09-03 17:36 - 2014-07-08 15:53 - 0273631 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific\x86-64_\hotword.data
2014-09-03 17:36 - 2014-07-08 15:53 - 0394688 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific\x86-64_\hotword-x86-64.nexe
2014-09-03 17:36 - 2014-09-04 13:32 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio
2014-09-03 17:36 - 2014-07-08 15:53 - 0008918 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio\1_short_Open_16_16.wav
2014-09-03 17:36 - 2014-09-04 13:32 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images
2014-09-03 17:36 - 2014-07-08 15:53 - 0001067 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\error.png
2014-09-03 17:36 - 2014-07-08 15:53 - 0001909 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\hotword.png
2014-09-03 17:36 - 2014-09-03 17:36 - 0003932 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\icon-128.png
2014-09-03 17:36 - 2014-09-03 17:36 - 0000547 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\icon-16.png
2014-09-03 17:36 - 2014-09-03 17:36 - 0001493 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\icon-48.png
2014-09-03 17:36 - 2014-07-08 15:53 - 0000482 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\mic-hotword.gif
2014-09-03 17:36 - 2014-07-08 15:53 - 0000524 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\mic-normal.gif
2014-09-03 17:36 - 2014-07-08 15:53 - 0001809 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\off.png
2014-09-03 17:36 - 2014-07-08 15:53 - 0001873 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images\speech.png
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
2014-09-01 21:04 - 2014-09-01 21:04 - 0005367 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\128.png
2014-09-01 21:04 - 2014-09-01 21:04 - 0000499 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\16.png
2014-09-01 21:04 - 2014-09-01 21:04 - 0001154 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\32.png
2014-09-01 21:04 - 2014-09-01 21:04 - 0001872 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\48.png
2014-09-01 21:04 - 2014-09-01 21:04 - 0000817 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\manifest.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ar
2014-09-01 21:04 - 2014-09-01 21:04 - 0000327 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ar\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\bg
2014-09-01 21:04 - 2014-09-01 21:04 - 0000359 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\bg\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ca
2014-09-01 21:04 - 2014-09-01 21:04 - 0000322 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ca\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\cs
2014-09-01 21:04 - 2014-09-01 21:04 - 0000331 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\cs\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\da
2014-09-01 21:04 - 2014-09-01 21:04 - 0000316 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\da\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\de
2014-09-01 21:04 - 2014-09-01 21:04 - 0000307 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\de\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\el
2014-09-01 21:04 - 2014-09-01 21:04 - 0000377 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\el\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\en
2014-09-01 21:04 - 2014-09-01 21:04 - 0000314 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\en\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\en_GB
2014-09-01 21:04 - 2014-09-01 21:04 - 0000314 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\en_GB\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\en_US
2014-09-01 21:04 - 2014-09-01 21:04 - 0000314 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\en_US\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\es
2014-09-01 21:04 - 2014-09-01 21:04 - 0000328 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\es\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\es_419
2014-09-01 21:04 - 2014-09-01 21:04 - 0000329 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\es_419\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\et
2014-09-01 21:04 - 2014-09-01 21:04 - 0000314 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\et\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\fi
2014-09-01 21:04 - 2014-09-01 21:04 - 0000305 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\fi\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\fil
2014-09-01 21:04 - 2014-09-01 21:04 - 0000337 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\fil\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\fr
2014-09-01 21:04 - 2014-09-01 21:04 - 0000325 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\fr\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\he
2014-09-01 21:04 - 2014-09-01 21:04 - 0000343 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\he\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\hi
2014-09-01 21:04 - 2014-09-01 21:04 - 0000317 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\hi\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\hr
2014-09-01 21:04 - 2014-09-01 21:04 - 0000324 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\hr\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\hu
2014-09-01 21:04 - 2014-09-01 21:04 - 0000324 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\hu\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\id
2014-09-01 21:04 - 2014-09-01 21:04 - 0000319 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\id\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\it
2014-09-01 21:04 - 2014-09-01 21:04 - 0000320 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\it\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ja
2014-09-01 21:04 - 2014-09-01 21:04 - 0000331 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ja\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ko
2014-09-01 21:04 - 2014-09-01 21:04 - 0000329 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ko\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\lt
2014-09-01 21:04 - 2014-09-01 21:04 - 0000333 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\lt\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\lv
2014-09-01 21:04 - 2014-09-01 21:04 - 0000328 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\lv\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\nl
2014-09-01 21:04 - 2014-09-01 21:04 - 0000323 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\nl\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\no
2014-09-01 21:04 - 2013-03-27 19:53 - 0000300 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\no\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\pl
2014-09-01 21:04 - 2014-09-01 21:04 - 0000328 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\pl\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\pt_BR
2014-09-01 21:04 - 2014-09-01 21:04 - 0000328 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\pt_BR\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\pt_PT
2014-09-01 21:04 - 2014-09-01 21:04 - 0000327 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\pt_PT\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ro
2014-09-01 21:04 - 2014-09-01 21:04 - 0000324 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ro\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ru
2014-09-01 21:04 - 2014-09-01 21:04 - 0000343 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ru\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sk
2014-09-01 21:04 - 2014-09-01 21:04 - 0000318 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sk\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sl
2014-09-01 21:04 - 2014-09-01 21:04 - 0000321 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sl\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sr
2014-09-01 21:04 - 2014-09-01 21:04 - 0000347 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sr\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sv
2014-09-01 21:04 - 2014-09-01 21:04 - 0000317 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sv\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\th
2014-09-01 21:04 - 2014-09-01 21:04 - 0000373 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\th\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\tr
2014-09-01 21:04 - 2014-09-01 21:04 - 0000318 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\tr\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\uk
2014-09-01 21:04 - 2014-09-01 21:04 - 0000353 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\uk\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\vi
2014-09-01 21:04 - 2014-09-01 21:04 - 0000331 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\vi\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\zh_CN
2014-09-01 21:04 - 2014-09-01 21:04 - 0000310 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\zh_CN\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\zh_TW
2014-09-01 21:04 - 2014-09-01 21:04 - 0000310 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\zh_TW\messages.json
2014-09-01 21:04 - 2014-09-01 21:04 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_metadata
2014-09-01 21:04 - 2013-03-27 19:53 - 0011306 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_metadata\verified_contents.json
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp
2014-09-01 21:22 - 2014-09-01 21:22 - 0136192 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\Astroupdate.exe.xBAD
2014-09-01 21:21 - 2014-09-01 21:21 - 5590768 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\CloudBackup1157.exe.xBAD
2014-09-01 21:21 - 2014-09-01 21:21 - 0782840 _____ (                                                            ) C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\ICReinstall_AdwCleaner Download Manager.exe.xBAD
2014-08-31 22:08 - 2014-08-31 22:08 - 0857696 _____ (                                                            ) C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe.xBAD
2014-09-01 21:21 - 2014-09-01 21:21 - 5777584 _____ (                                                            ) C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\optprosetup.exe.xBAD
2014-08-06 11:48 - 2014-08-20 16:55 - 0377099 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\Quarantine.exe.xBAD
2014-09-01 14:19 - 2014-09-01 14:19 - 1118208 _____ (Robert Simpson, et al.) C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll.xBAD
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming
2014-08-28 21:19 - 2014-08-28 21:19 - 0000046 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\WB.CFG.xBAD
2014-09-01 21:36 - 2014-09-01 21:39 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Free Download Manager
2014-09-01 21:39 - 2014-09-01 21:39 - 0000292 ____H () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Free Download Manager\groups.sav
2014-09-01 21:36 - 2014-09-01 21:36 - 0000000 ____H () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Free Download Manager\spider.sav
2014-09-01 21:36 - 2012-08-12 17:02 - 0001362 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Free Download Manager\tips.dat
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles
2014-09-03 17:22 - 2014-09-04 13:32 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default
2013-04-16 08:04 - 2014-08-29 07:13 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\CT3289847
2013-04-16 08:04 - 2014-08-29 07:13 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\CT3289847\toolbarImages
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions
2014-07-10 08:48 - 2014-07-10 08:48 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}
2014-07-10 08:19 - 2014-07-10 08:19 - 0000777 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\chrome.manifest
2014-07-10 08:19 - 2014-07-10 08:19 - 0000880 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\install.rdf
2014-07-10 08:48 - 2014-07-10 08:48 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\chrome
2014-07-10 08:48 - 2014-07-10 08:48 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\chrome\content
2014-07-10 08:19 - 2014-07-10 08:19 - 0006909 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\chrome\content\shopbuddy.js
2014-07-10 08:19 - 2014-07-10 08:19 - 0001004 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\chrome\content\shopbuddy.xul
2014-07-10 08:48 - 2014-07-10 08:48 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\chrome\content\nci
2014-07-10 08:19 - 2014-07-10 08:19 - 0063023 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\chrome\content\nci\app.js
2014-07-10 08:19 - 2014-07-10 08:19 - 0000777 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\chrome\content\nci\app.xul
2014-07-10 08:48 - 2014-07-10 08:48 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\chrome\skin
2014-07-10 08:19 - 2014-07-10 08:19 - 0000400 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\chrome\skin\cbapp.css
2014-07-10 08:19 - 2014-07-10 08:19 - 0001334 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\chrome\skin\grey.png
2014-07-10 08:19 - 2014-07-10 08:19 - 0001314 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\chrome\skin\icon18.png
2014-07-10 08:19 - 2014-07-10 08:19 - 0002445 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\chrome\skin\icon32.png
2014-07-10 08:48 - 2014-07-10 08:48 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\components
2014-07-10 08:19 - 2014-07-10 08:19 - 0001510 _____ () C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hb77kzgh.default\Extensions\{56008b14-f814-4e84-aef9-e284f2300b95}\components\nci.js
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Users\Owner\Desktop
2014-09-01 14:20 - 2014-09-01 14:20 - 0001069 _____ () C:\FRST\Quarantine\C\Users\Owner\Desktop\Free Download Manager.lnk.xBAD
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Windows
2014-08-28 22:43 - 2014-08-28 22:44 - 0000000 ____D () C:\FRST\Quarantine\C\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-28 22:43 - 2014-08-28 22:43 - 0190429 _____ (Enigma Software Group USA, LLC) C:\FRST\Quarantine\C\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.exe
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Windows\Installer
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}
2012-04-04 21:18 - 2012-04-04 21:18 - 0012862 _____ () C:\FRST\Quarantine\C\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe.xBAD
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Windows\System32
2014-09-03 17:22 - 2014-09-03 17:22 - 0000000 ____D () C:\FRST\Quarantine\C\Windows\System32\Tasks
2014-08-28 21:59 - 2014-08-28 21:59 - 0003098 _____ () C:\FRST\Quarantine\C\Windows\System32\Tasks\{BC32EEB2-9C7D-4AC0-A225-CB87BCC6233D}.xBAD
2013-04-17 11:44 - 2013-04-17 11:44 - 0003204 _____ () C:\FRST\Quarantine\C\Windows\System32\Tasks\FGRun.xBAD
2013-04-25 16:58 - 2013-04-25 16:58 - 0003674 _____ () C:\FRST\Quarantine\C\Windows\System32\Tasks\Test TimeTrigger.xBAD
 
====== End of Folder: ======
 
EmptyTemp: => Removed 359 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#15
dbreeze
Posted 04 September 2014 - 03:59 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

How is your system running now?

 

I will go over the logs and return asap.  Thanks.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP