Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something is eating up my disk space! Please help! [Closed]


  • This topic is locked This topic is locked

#16
Paul 62

Paul 62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

OK- got it.  There are two logs.  This is the first:

-----

# AdwCleaner v3.309 - Report created 07/09/2014 at 14:48:23
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Paul - PAUL-PC
# Running from : C:\Users\Paul\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\AVG Security Toolbar
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Users\Paul\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Paul\AppData\Local\Conduit
Folder Found : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Found : C:\Users\Paul\AppData\LocalLow\AVG Secure Search
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [6866 octets] - [07/09/2014 14:48:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6926 octets] ##########
 
 
This is the second log:
------# AdwCleaner v3.309 - Report created 07/09/2014 at 14:50:17
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Paul - PAUL-PC
# Running from : C:\Users\Paul\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Paul\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Paul\AppData\Local\Conduit
Folder Deleted : C:\Users\Paul\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={4732B7DC-6BB2-4E73-ADC0-870C24FF9FE1}&mid=16c71a01e6aa47d0b1245fc49f541bcb-b97d9db78836825b1a61cfe456745ead38c47622&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-10-24 09:45:38&v=17.0.0.12&pid=avg&sg=0&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=4CF3CB9C-B98B-4DBD-9CBF-6780840DE63E&n=780baa49&ind=2014030409&p2=^ZO^xdm005^YYA^ca&si=COahx96t-rwCFUVgMgodplMA6g
Deleted [Search Provider] : hxxp://careers.cooperators.ca/iSearch/Internet/Careers/query.html?la=en&charset=UTF-8&qt={searchTerms}&x=-1247&y=-56
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [7046 octets] - [07/09/2014 14:48:23]
AdwCleaner[S0].txt - [7597 octets] - [07/09/2014 14:50:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7657 octets] ##########

  • 0

Advertisements


#17
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,062 posts

Thanks Paul. 

 

I'm heading off now. I shall return with instructions for you tomorrow. 


  • 0

#18
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,062 posts

Hi Paul, 
 
Your logs indicate that you have been running tools from your Downloads folder (Running from C:\Users\Paul\Downloads). All tools must be run directly on the Desktop from now on.
 
Do you recognise either file?

  • E:\38046cfd64b449ac8ddb3c660c693157_Pod13_en-CA (1).exe
  • E:\38046cfd64b449ac8ddb3c660c693157_Pod13_en-CA (1).exe
     
     

AVG has installed so much junk (for lack of a better word), that I would like you to completely uninstall the programme. 
 
STEP 1
x6JO0hXH.png.pagespeed.ic.PEMzZKYEz_.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • AVG 2014
    • AVG PC TuneUp 2014
    • U Browser 
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme will run. If prompted again click Yes.
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
     

STEP 2
eCJZn2A.png AVG Removal Tool

  • Please download AVG Remover (64bit) 2014 and save the file to your Desktop.
  • Double-click the icon, and follow the prompts. 
  • You will be prompted to reboot your computer. 
     

STEP 3
bRilsY4.png Install New Anti-Virus
Please download and install ONE of the Anti-Virus' listed below.

For a paid solution, my choice of anti-virus is ESET NOD32. For a free solution, my choice of anti-virus is avast!. However, please be aware that there is no universal "one size fits all" solution that works for everyone and there is no single best anti-virus. What works for me may not work for you and your machine.
 
 
STEP 4
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Scan

  • Delete your current copy of FRST64.exe (Right-Click + Delete).
  • Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop << Important!
  • Right-Click FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Do you recognise the files?
  • Did the programmes uninstall OK in Revo?
  • Did the AVG Removal Tool run OK?
  • Did you successfully install a new Anti-Virus?
  • FRST.txt
  • Addition.txt

  • 0

#19
Paul 62

Paul 62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Hi Adam,

-  No- I don't recognize the two files you ask about.

- It looks like AVG has uninstalled although there are still shortcuts on my desktop.

-  AVG removal tool seems to have worked - although they seemed very sorry to see me go  :)

-  I've installed avast (thanks for the recommendation)

 

Here are the two logs:

___

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Paul (administrator) on PAUL-PC on 08-09-2014 19:17:48
Running from C:\Users\Paul\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\ProgramData\Avg_Update_0814tb\0814tb_{60393F9A-EA31-4BF1-A11A-05D2EE30410C}.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-09-08] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2984152052-1607329531-1161540839-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)
HKU\S-1-5-21-2984152052-1607329531-1161540839-1000\...\Run: [AvgUpdater0814tb] => C:\ProgramData\Avg_Update_0814tb\0814tb_{60393F9A-EA31-4BF1-A11A-05D2EE30410C}.exe [2782744 2014-08-30] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC75D9B594240CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @carbon.getu.com/Conduit Update;version=3 -> C:\Users\Paul\AppData\Local\Conduit\Update\1.3.25.23\npConduitUpdate3.dll No File
FF Plugin HKCU: @carbon.getu.com/Conduit Update;version=9 -> C:\Users\Paul\AppData\Local\Conduit\Update\1.3.25.23\npConduitUpdate3.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-08]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "https://www.google.c...VLMe7rQG0-oDwCw", "hxxp://www.accuradio.com/#!/feat/mostpopular/"
CHR DefaultSearchKeyword: Default -> EB96864DC7313C426B89288B55908177B622E31B4EE1059836768864E77249FB
CHR DefaultSearchURL: Default -> https://mail.google....c=mailto&url=%s
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (avast! Online Security) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-01] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-08] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AE3000; C:\Windows\System32\DRIVERS\AE3000w764.sys [1717824 2012-03-02] (Ralink Technology Corp.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-08] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-08] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-20] (AVG Technologies)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [29472 2010-01-14] (Windows ® Codename Longhorn DDK provider)
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-08 19:17 - 2014-09-08 19:17 - 00013748 _____ () C:\Users\Paul\Desktop\FRST.txt
2014-09-08 19:16 - 2014-09-08 19:16 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-08 19:16 - 2014-09-08 19:16 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\DropboxMaster
2014-09-08 19:15 - 2014-09-08 19:15 - 02105344 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2014-09-08 19:12 - 2014-09-08 19:16 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Dropbox
2014-09-08 19:12 - 2014-09-08 19:12 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\AVAST Software
2014-09-08 19:11 - 2014-09-08 19:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-08 19:11 - 2014-09-08 19:11 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-08 19:11 - 2014-09-08 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-08 19:10 - 2014-09-08 19:11 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-08 19:10 - 2014-09-08 19:10 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-08 19:10 - 2014-09-08 19:10 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1410217910770
2014-09-08 19:10 - 2014-09-08 19:10 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-08 19:10 - 2014-09-08 19:10 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-08 19:10 - 2014-09-08 19:10 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-08 19:10 - 2014-09-08 19:10 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-08 19:10 - 2014-09-08 19:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-08 19:10 - 2014-09-08 19:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-08 19:10 - 2014-09-08 19:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-08 19:10 - 2014-09-08 19:10 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-08 19:08 - 2014-09-08 19:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-08 19:08 - 2014-09-08 19:08 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-08 19:05 - 2014-09-08 19:05 - 00000000 ____D () C:\Users\Paul\Desktop\Temp
2014-09-08 19:05 - 2014-09-08 19:04 - 04862664 _____ (AVAST Software) C:\Users\Paul\Desktop\avast_free_antivirus_setup_online (1).exe
2014-09-08 19:04 - 2014-09-08 19:04 - 04862664 _____ (AVAST Software) C:\Users\Paul\Downloads\avast_free_antivirus_setup_online (1).exe
2014-09-08 19:03 - 2014-09-08 19:03 - 04862664 _____ (AVAST Software) C:\Users\Paul\Downloads\avast_free_antivirus_setup_online.exe
2014-09-08 08:18 - 2014-09-08 08:18 - 00442131 _____ () C:\Users\Paul\Desktop\avgremover.log
2014-09-08 08:18 - 2014-09-08 08:16 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Paul\Desktop\avg_remover_stf_x64_2014_4116.exe
2014-09-08 08:16 - 2014-09-08 08:16 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Paul\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-09-08 08:08 - 2014-09-08 08:08 - 00001268 _____ () C:\Users\Paul\Desktop\Revo Uninstaller.lnk
2014-09-08 08:08 - 2014-09-08 08:08 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 08:05 - 2014-09-08 08:05 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Paul\Downloads\revosetup.exe
2014-09-07 15:09 - 2014-09-07 15:09 - 00000624 _____ () C:\Users\Paul\Desktop\JRT.txt
2014-09-07 15:04 - 2014-09-07 15:04 - 00000000 ____D () C:\Windows\ERUNT
2014-09-07 14:55 - 2014-09-07 14:55 - 01016261 _____ (Thisisu) C:\Users\Paul\Downloads\JRT.exe
2014-09-07 14:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-07 14:47 - 2014-09-07 14:50 - 00000000 ____D () C:\AdwCleaner
2014-09-07 14:47 - 2014-09-07 14:47 - 00001160 _____ () C:\Users\Paul\Desktop\AdwCleaner - Shortcut.lnk
2014-09-07 14:44 - 2014-09-07 14:44 - 01370467 _____ () C:\Users\Paul\Downloads\AdwCleaner.exe
2014-09-07 10:03 - 2014-09-07 10:03 - 00645729 _____ (WDS Team) C:\Users\Paul\Downloads\windirstat1_1_2_setup (1).exe
2014-09-07 09:55 - 2014-09-07 09:55 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Paul\Downloads\tdsskiller.exe
2014-09-07 09:50 - 2014-09-07 15:16 - 00028858 _____ () C:\Users\Paul\Downloads\Addition.txt
2014-09-07 09:49 - 2014-09-08 19:17 - 00000000 ____D () C:\FRST
2014-09-03 19:07 - 2014-09-03 19:07 - 05048584 _____ (JAM Software ) C:\Users\Paul\Downloads\TreeSizeFreeSetup.exe
2014-09-03 19:07 - 2014-09-03 19:07 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\JAM Software
2014-09-03 19:07 - 2014-09-03 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-09-03 19:07 - 2014-09-03 19:07 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2014-09-03 08:05 - 2014-09-08 08:19 - 00028476 _____ () C:\Windows\PFRO.log
2014-09-02 22:09 - 2014-09-02 22:10 - 00020720 _____ () C:\Users\Paul\Downloads\Black Magic Porter 10 gal (2).bsmx
2014-09-02 22:09 - 2014-09-02 22:09 - 00020993 _____ () C:\Users\Paul\Downloads\Black Magic Porter 10 gal (1).bsmx
2014-09-02 22:04 - 2014-09-02 22:08 - 00020720 _____ () C:\Users\Paul\Downloads\Black Magic Porter 10 gal.bsmx
2014-09-01 17:03 - 2014-09-07 10:37 - 00001035 _____ () C:\Users\Paul\Desktop\WinDirStat.lnk
2014-09-01 17:03 - 2014-09-01 17:03 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-09-01 17:03 - 2014-09-01 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-09-01 17:03 - 2014-09-01 17:03 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2014-09-01 17:02 - 2014-09-01 17:02 - 00645729 _____ (WDS Team) C:\Users\Paul\Downloads\windirstat1_1_2_setup.exe
2014-09-01 16:15 - 2014-09-08 08:19 - 00000448 _____ () C:\Windows\setupact.log
2014-09-01 16:15 - 2014-09-01 16:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 09:40 - 2014-09-08 18:56 - 00199812 _____ () C:\Windows\WindowsUpdate.log
2014-08-30 09:36 - 2014-09-08 08:19 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2014-08-30 09:36 - 2014-08-30 09:36 - 00002670 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv
2014-08-30 09:36 - 2014-08-30 09:36 - 00002668 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rel
2014-08-30 09:36 - 2014-08-30 09:36 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2014-08-30 09:35 - 2014-08-30 09:35 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-28 22:15 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 22:15 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 22:15 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 22:15 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-28 22:15 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-28 22:15 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-28 22:15 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-28 22:12 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-28 22:12 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-28 22:12 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-28 22:12 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-28 22:07 - 2014-08-28 22:07 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-08-28 22:05 - 2014-08-28 22:05 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\AVG
2014-08-28 22:05 - 2014-08-28 22:05 - 00000000 ____D () C:\Users\Paul\AppData\Local\AVG
2014-08-28 22:04 - 2014-08-28 22:07 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-28 22:04 - 2014-08-28 22:05 - 00000000 ____D () C:\ProgramData\AVG
2014-08-28 21:48 - 2014-08-28 21:48 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-28 21:47 - 2014-08-28 21:47 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-28 21:47 - 2014-08-28 21:47 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-28 21:47 - 2014-08-28 21:47 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-28 21:47 - 2014-08-28 21:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-08-28 21:47 - 2014-08-28 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-08-28 21:47 - 2014-08-28 21:47 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-28 21:47 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-28 21:47 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-28 21:47 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-28 21:47 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-28 21:47 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-28 21:47 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-28 21:47 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-28 21:47 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-28 21:47 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-28 21:47 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-28 21:47 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-28 21:47 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-28 21:47 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-28 21:47 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-28 21:47 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-28 21:47 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-28 21:45 - 2014-08-28 21:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-08-28 21:45 - 2012-08-23 10:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-28 21:45 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-28 21:45 - 2012-08-23 10:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-08-28 21:45 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-28 21:45 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-28 21:43 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-28 21:43 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-28 21:43 - 2012-05-04 07:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-28 21:43 - 2012-05-04 05:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-28 21:39 - 2014-08-28 21:39 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-28 21:39 - 2014-08-28 21:39 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-28 21:39 - 2014-08-28 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 21:39 - 2014-08-28 21:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 21:38 - 2014-08-28 21:38 - 04902336 _____ (Piriform Ltd) C:\Users\Paul\Downloads\ccsetup417pro.exe
2014-08-28 21:38 - 2014-08-28 21:38 - 04902336 _____ (Piriform Ltd) C:\Users\Paul\Downloads\ccsetup417pro (1).exe
2014-08-28 21:16 - 2014-08-28 21:16 - 01187960 _____ () C:\Users\Paul\Downloads\ProcessExplorer.zip
2014-08-28 17:11 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-28 17:11 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-28 17:11 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-28 17:11 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-28 17:11 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-28 17:11 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-28 17:11 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-28 17:11 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-28 17:11 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-28 17:11 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-28 17:09 - 2014-08-28 17:09 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-08-20 21:12 - 2014-08-20 21:12 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Program Files\iTunes
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Program Files\iPod
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-20 21:08 - 2014-08-20 21:10 - 113492816 _____ (Apple Inc.) C:\Users\Paul\Downloads\iTunes64Setup (1).exe
2014-08-20 03:01 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-20 03:01 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-20 03:01 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-20 03:01 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-20 03:01 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-20 03:01 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-20 03:01 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-20 03:01 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-18 17:22 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-18 17:22 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 17:22 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 17:22 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 17:22 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 17:22 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 17:22 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 17:22 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 17:22 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 17:22 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 17:22 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 17:22 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 17:22 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 17:22 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 17:22 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 17:22 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 17:22 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 17:22 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 17:22 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 17:22 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 17:22 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 17:22 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 17:22 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 17:22 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 17:22 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 17:22 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 17:22 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 17:22 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 17:22 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 17:22 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 17:22 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 17:22 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 17:22 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 17:22 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 17:22 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 17:22 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 17:22 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 17:22 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 17:22 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 17:22 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 17:22 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 17:22 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 17:22 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 17:22 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 17:22 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 17:22 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 17:22 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 17:22 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 17:22 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 17:22 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 17:22 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 17:22 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 17:22 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 17:22 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 17:22 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 17:22 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 17:22 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-18 17:22 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-18 17:22 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-18 17:22 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-18 17:22 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-18 17:22 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-18 17:22 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-18 17:22 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-18 17:22 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-18 17:22 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-18 17:22 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-18 17:22 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-18 17:21 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-18 17:21 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-18 17:21 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-18 17:20 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 07:54 - 2014-08-14 07:54 - 00000000 ____D () C:\Windows\system32\Macromed
2014-08-13 21:58 - 2014-09-08 18:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 21:58 - 2014-08-14 07:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 21:58 - 2014-08-14 07:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-13 21:58 - 2014-08-14 07:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 21:57 - 2014-09-08 19:02 - 00000914 _____ () C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA.job
2014-08-13 21:57 - 2014-09-08 08:19 - 00000862 _____ () C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core.job
2014-08-13 21:57 - 2014-08-13 21:57 - 00640744 _____ (Conduit Inc.) C:\Users\Paul\Downloads\ubrowser.exe
2014-08-13 21:57 - 2014-08-13 21:57 - 00003882 _____ () C:\Windows\System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA
2014-08-13 21:57 - 2014-08-13 21:57 - 00003486 _____ () C:\Windows\System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core
2014-08-13 21:23 - 2014-08-13 21:23 - 00014780 _____ () C:\Users\Paul\Downloads\Final List  CEO Search Candidates Updated August 6 2014.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-08 19:17 - 2014-09-08 19:17 - 00013748 _____ () C:\Users\Paul\Desktop\FRST.txt
2014-09-08 19:17 - 2014-09-07 09:49 - 00000000 ____D () C:\FRST
2014-09-08 19:16 - 2014-09-08 19:16 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-08 19:16 - 2014-09-08 19:16 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\DropboxMaster
2014-09-08 19:16 - 2014-09-08 19:12 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Dropbox
2014-09-08 19:15 - 2014-09-08 19:15 - 02105344 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2014-09-08 19:12 - 2014-09-08 19:12 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\AVAST Software
2014-09-08 19:12 - 2014-09-08 19:11 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-08 19:12 - 2012-06-05 09:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 19:11 - 2014-09-08 19:11 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-08 19:11 - 2014-09-08 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-08 19:11 - 2014-09-08 19:10 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-08 19:10 - 2014-09-08 19:10 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-08 19:10 - 2014-09-08 19:10 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1410217910770
2014-09-08 19:10 - 2014-09-08 19:10 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-08 19:10 - 2014-09-08 19:10 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-08 19:10 - 2014-09-08 19:10 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-08 19:10 - 2014-09-08 19:10 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-08 19:10 - 2014-09-08 19:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-08 19:10 - 2014-09-08 19:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-08 19:10 - 2014-09-08 19:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-08 19:10 - 2014-09-08 19:10 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-08 19:08 - 2014-09-08 19:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-08 19:08 - 2014-09-08 19:08 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-08 19:08 - 2012-06-05 09:55 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 19:05 - 2014-09-08 19:05 - 00000000 ____D () C:\Users\Paul\Desktop\Temp
2014-09-08 19:04 - 2014-09-08 19:05 - 04862664 _____ (AVAST Software) C:\Users\Paul\Desktop\avast_free_antivirus_setup_online (1).exe
2014-09-08 19:04 - 2014-09-08 19:04 - 04862664 _____ (AVAST Software) C:\Users\Paul\Downloads\avast_free_antivirus_setup_online (1).exe
2014-09-08 19:03 - 2014-09-08 19:03 - 04862664 _____ (AVAST Software) C:\Users\Paul\Downloads\avast_free_antivirus_setup_online.exe
2014-09-08 19:02 - 2014-08-13 21:57 - 00000914 _____ () C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA.job
2014-09-08 19:00 - 2009-07-14 00:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 19:00 - 2009-07-14 00:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 18:56 - 2014-08-30 09:40 - 00199812 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 18:55 - 2014-08-13 21:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-08 08:23 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 08:19 - 2014-09-03 08:05 - 00028476 _____ () C:\Windows\PFRO.log
2014-09-08 08:19 - 2014-09-01 16:15 - 00000448 _____ () C:\Windows\setupact.log
2014-09-08 08:19 - 2014-08-30 09:36 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2014-09-08 08:19 - 2014-08-13 21:57 - 00000862 _____ () C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core.job
2014-09-08 08:19 - 2013-10-24 09:45 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-08 08:19 - 2012-06-07 07:55 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-08 08:19 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 08:18 - 2014-09-08 08:18 - 00442131 _____ () C:\Users\Paul\Desktop\avgremover.log
2014-09-08 08:17 - 2012-12-09 11:39 - 00000000 ____D () C:\Users\Paul\Desktop\Paul's stuff
2014-09-08 08:16 - 2014-09-08 08:18 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Paul\Desktop\avg_remover_stf_x64_2014_4116.exe
2014-09-08 08:16 - 2014-09-08 08:16 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Paul\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-09-08 08:08 - 2014-09-08 08:08 - 00001268 _____ () C:\Users\Paul\Desktop\Revo Uninstaller.lnk
2014-09-08 08:08 - 2014-09-08 08:08 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 08:05 - 2014-09-08 08:05 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Paul\Downloads\revosetup.exe
2014-09-07 15:16 - 2014-09-07 09:50 - 00028858 _____ () C:\Users\Paul\Downloads\Addition.txt
2014-09-07 15:09 - 2014-09-07 15:09 - 00000624 _____ () C:\Users\Paul\Desktop\JRT.txt
2014-09-07 15:04 - 2014-09-07 15:04 - 00000000 ____D () C:\Windows\ERUNT
2014-09-07 14:55 - 2014-09-07 14:55 - 01016261 _____ (Thisisu) C:\Users\Paul\Downloads\JRT.exe
2014-09-07 14:50 - 2014-09-07 14:47 - 00000000 ____D () C:\AdwCleaner
2014-09-07 14:47 - 2014-09-07 14:47 - 00001160 _____ () C:\Users\Paul\Desktop\AdwCleaner - Shortcut.lnk
2014-09-07 14:44 - 2014-09-07 14:44 - 01370467 _____ () C:\Users\Paul\Downloads\AdwCleaner.exe
2014-09-07 10:37 - 2014-09-01 17:03 - 00001035 _____ () C:\Users\Paul\Desktop\WinDirStat.lnk
2014-09-07 10:03 - 2014-09-07 10:03 - 00645729 _____ (WDS Team) C:\Users\Paul\Downloads\windirstat1_1_2_setup (1).exe
2014-09-07 09:55 - 2014-09-07 09:55 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Paul\Downloads\tdsskiller.exe
2014-09-07 09:18 - 2012-06-05 09:55 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-03 19:07 - 2014-09-03 19:07 - 05048584 _____ (JAM Software ) C:\Users\Paul\Downloads\TreeSizeFreeSetup.exe
2014-09-03 19:07 - 2014-09-03 19:07 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\JAM Software
2014-09-03 19:07 - 2014-09-03 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-09-03 19:07 - 2014-09-03 19:07 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2014-09-03 08:05 - 2012-10-14 16:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-02 22:10 - 2014-09-02 22:09 - 00020720 _____ () C:\Users\Paul\Downloads\Black Magic Porter 10 gal (2).bsmx
2014-09-02 22:10 - 2013-11-24 15:34 - 00000000 ____D () C:\Users\Paul\Documents\BeerSmith2
2014-09-02 22:09 - 2014-09-02 22:09 - 00020993 _____ () C:\Users\Paul\Downloads\Black Magic Porter 10 gal (1).bsmx
2014-09-02 22:08 - 2014-09-02 22:04 - 00020720 _____ () C:\Users\Paul\Downloads\Black Magic Porter 10 gal.bsmx
2014-09-02 21:59 - 2014-07-15 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-02 21:59 - 2014-05-04 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak
2014-09-01 17:38 - 2012-06-05 09:48 - 00000000 ____D () C:\Users\Paul\AppData\Local\VirtualStore
2014-09-01 17:26 - 2014-03-15 18:49 - 00075264 _____ () C:\Users\Paul\Downloads\EZ_water_calculator_3.0.2.xls
2014-09-01 17:03 - 2014-09-01 17:03 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-09-01 17:03 - 2014-09-01 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-09-01 17:03 - 2014-09-01 17:03 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2014-09-01 17:02 - 2014-09-01 17:02 - 00645729 _____ (WDS Team) C:\Users\Paul\Downloads\windirstat1_1_2_setup.exe
2014-09-01 16:48 - 2013-03-30 14:42 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-09-01 16:15 - 2014-09-01 16:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 09:36 - 2014-08-30 09:36 - 00002670 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv
2014-08-30 09:36 - 2014-08-30 09:36 - 00002668 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rel
2014-08-30 09:36 - 2014-08-30 09:36 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2014-08-30 09:35 - 2014-08-30 09:35 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-30 09:35 - 2009-07-14 00:45 - 00343720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 22:07 - 2014-08-28 22:07 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-08-28 22:07 - 2014-08-28 22:04 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-28 22:05 - 2014-08-28 22:05 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\AVG
2014-08-28 22:05 - 2014-08-28 22:05 - 00000000 ____D () C:\Users\Paul\AppData\Local\AVG
2014-08-28 22:05 - 2014-08-28 22:04 - 00000000 ____D () C:\ProgramData\AVG
2014-08-28 21:48 - 2014-08-28 21:48 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-28 21:48 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-28 21:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-28 21:47 - 2014-08-28 21:47 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-28 21:47 - 2014-08-28 21:47 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-28 21:47 - 2014-08-28 21:47 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-28 21:47 - 2014-08-28 21:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-08-28 21:47 - 2014-08-28 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-08-28 21:47 - 2014-08-28 21:47 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-28 21:47 - 2012-06-08 07:42 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-28 21:47 - 2012-06-05 09:55 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-08-28 21:45 - 2014-08-28 21:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-08-28 21:42 - 2013-07-17 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-28 21:42 - 2012-06-07 10:22 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-28 21:40 - 2013-03-02 16:46 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\FileZilla
2014-08-28 21:40 - 2012-06-05 13:44 - 00000000 ____D () C:\Windows\Panther
2014-08-28 21:39 - 2014-08-28 21:39 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-28 21:39 - 2014-08-28 21:39 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-28 21:39 - 2014-08-28 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 21:39 - 2014-08-28 21:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 21:38 - 2014-08-28 21:38 - 04902336 _____ (Piriform Ltd) C:\Users\Paul\Downloads\ccsetup417pro.exe
2014-08-28 21:38 - 2014-08-28 21:38 - 04902336 _____ (Piriform Ltd) C:\Users\Paul\Downloads\ccsetup417pro (1).exe
2014-08-28 21:16 - 2014-08-28 21:16 - 01187960 _____ () C:\Users\Paul\Downloads\ProcessExplorer.zip
2014-08-28 17:09 - 2014-08-28 17:09 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-08-22 22:07 - 2014-08-28 22:15 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-28 22:15 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-28 22:15 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 21:12 - 2014-08-20 21:12 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Program Files\iTunes
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Program Files\iPod
2014-08-20 21:12 - 2014-08-20 21:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-20 21:10 - 2014-08-20 21:08 - 113492816 _____ (Apple Inc.) C:\Users\Paul\Downloads\iTunes64Setup (1).exe
2014-08-20 03:00 - 2012-09-03 18:22 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-08-19 03:01 - 2012-06-07 09:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-19 03:00 - 2014-05-10 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 07:54 - 2014-08-14 07:54 - 00000000 ____D () C:\Windows\system32\Macromed
2014-08-14 07:54 - 2014-08-13 21:58 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 07:54 - 2014-08-13 21:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 07:54 - 2014-08-13 21:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 21:57 - 2014-08-13 21:57 - 00640744 _____ (Conduit Inc.) C:\Users\Paul\Downloads\ubrowser.exe
2014-08-13 21:57 - 2014-08-13 21:57 - 00003882 _____ () C:\Windows\System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA
2014-08-13 21:57 - 2014-08-13 21:57 - 00003486 _____ () C:\Windows\System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core
2014-08-13 21:23 - 2014-08-13 21:23 - 00014780 _____ () C:\Users\Paul\Downloads\Final List  CEO Search Candidates Updated August 6 2014.xlsx
2014-08-11 19:24 - 2012-06-08 07:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-11 19:24 - 2012-06-08 07:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-10 22:59 - 2012-06-08 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
Some content of TEMP:
====================
C:\Users\Paul\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppefndd.dll
C:\Users\Paul\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Paul\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Paul\AppData\Local\Temp\Quarantine.exe
C:\Users\Paul\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Paul\AppData\Local\Temp\SDShelEx-x64.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-07 09:15
 
==================== End Of Log ============================
 
Addition Log
______________
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Paul at 2014-09-08 19:18:07
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
802.11 USB Wireless LAN Adapter (HKLM\...\SiS163u) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.14 - ASUSTeK)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
BeerSmith 2 (HKLM-x32\...\BeerSmith 2) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon MG4200 series On-screen Manual (HKLM-x32\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4SP2 (HKLM-x32\...\{451BB54C-8B23-4455-8BDC-14FC7D43E056}) (Version: 1.00.0000 - Logiciel Dr Tax Software Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Soap 3.0 Toolkit (HKLM-x32\...\{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}) (Version: 1.00.0000 - Your Company Name)
TreeSize Free V3.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.1 - JAM Software)
UFile 2011 (HKLM-x32\...\{7C8626FA-408B-4A90-9EDC-9D128ABD61F8}) (Version: 15.20.0000 - Logiciel Dr Tax Software Inc.)
UFile 2012 (HKLM-x32\...\{AF54F043-62F9-47AB-A2B2-795CD1EA4C56}) (Version: 16.20.0000 - Logiciel Dr Tax Software Inc.)
UFile 2013 (HKLM-x32\...\{D3D79DA4-68EA-450F-A916-0E854CA30984}) (Version: 17.20.0000 - Thomson Reuters DT Tax and Accounting Inc.)
UFile Updater 2011 (HKLM-x32\...\{7087457A-98F4-4F77-967D-0685C8F18308}) (Version: 7.01.0000 - Logiciel Dr Tax Software Inc.)
UFile Updater 2012 (HKLM-x32\...\{EBD3E558-C070-474B-9CC5-CBCA7147EB25}) (Version: 8.01.0000 - Logiciel Dr Tax Software Inc.)
UFile Updater 2013 (HKLM-x32\...\{B37F0361-9323-44F6-83DD-FCA9390F5712}) (Version: 9.01.0000 - Thomson Reuters DT Tax and Accounting Inc.)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2984152052-1607329531-1161540839-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2984152052-1607329531-1161540839-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2984152052-1607329531-1161540839-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2984152052-1607329531-1161540839-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
08-09-2014 23:08:41 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03F58B9C-F065-4331-9E35-D375C6203174} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {170867FD-BA56-48D1-9549-4FFF6FA36ADE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {22EBD12D-8BF0-45D4-90A8-6C3E6326BFE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-05] (Google Inc.)
Task: {38D5A793-C75A-42AB-8166-C50038F40CD4} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {3BED2F64-6857-42BB-984A-C88918027E4C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-14] (Adobe Systems Incorporated)
Task: {3D3A102E-260C-406E-8F88-FBBCCCF2127D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-08] (AVAST Software)
Task: {4F63E26C-B0C6-4847-8214-8931721F91F1} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: {515C7140-3835-4413-A429-A09C7F6378B3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {51EAA8C3-28D4-4C03-9052-6246AD91000C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {60D78D57-C81C-452F-A8CF-D92CB8397071} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {62C9DC59-BF3D-404D-ADCE-000CA97DE420} - System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core => C:\Users\Paul\AppData\Local\Conduit\Update\ConduitUpdate.exe <==== ATTENTION
Task: {676246FF-4E0B-4E03-8438-B529F7FF7135} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {78F067B0-DF11-4227-81D8-4D347ED631DB} - System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA => C:\Users\Paul\AppData\Local\Conduit\Update\ConduitUpdate.exe <==== ATTENTION
Task: {82C57E27-6DC5-4470-B096-5A8160A43D03} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {85C61C19-ED33-44CC-A328-F3E3E367B05A} - System32\Tasks\{FAA11315-9B99-4DA8-8FD8-AF8736A9BFBC} => E:\38046cfd64b449ac8ddb3c660c693157_Pod13_en-CA (1).exe
Task: {C5D93A93-539C-4D4E-BA95-DEB3E62C7951} - System32\Tasks\{5358AAF0-9069-46AA-A29C-60D6F349D21F} => E:\38046cfd64b449ac8ddb3c660c693157_Pod13_en-CA (1).exe
Task: {D62B05E6-17DF-4D67-8E37-AE9314CAF5C2} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rel => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: {DCDCE87B-00D5-4B7F-8182-B506216125D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-05] (Google Inc.)
Task: {F1884C8A-3064-43A9-99D9-9DE61C1DE372} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core.job => C:\Users\Paul\AppData\Local\Conduit\Update\ConduitUpdate.exe
Task: C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA.job => C:\Users\Paul\AppData\Local\Conduit\Update\ConduitUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-11-03 05:30 - 2010-11-03 05:30 - 00918144 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
2010-12-01 22:15 - 2010-12-01 22:15 - 00915584 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
2012-06-06 05:45 - 2010-10-21 05:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2013-03-30 14:42 - 2012-03-28 08:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-06-05 09:58 - 2011-04-14 22:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-30 09:35 - 2014-08-30 09:35 - 02782744 _____ () C:\ProgramData\Avg_Update_0814tb\0814tb_{60393F9A-EA31-4BF1-A11A-05D2EE30410C}.exe
2014-04-14 15:41 - 2014-04-14 15:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-06 05:44 - 2014-09-08 08:19 - 00019456 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2012-06-06 05:44 - 2010-06-28 22:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2012-06-06 05:46 - 2011-03-04 04:33 - 00053248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2012-06-06 05:46 - 2009-05-21 10:14 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2012-06-06 05:44 - 2010-08-22 22:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll
2012-06-06 05:45 - 2010-12-02 17:28 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2012-06-06 05:45 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2012-06-06 05:45 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2012-06-06 05:45 - 2011-03-09 14:55 - 01036800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2012-06-06 05:45 - 2010-11-19 10:53 - 00963584 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2012-06-06 05:45 - 2011-03-11 19:53 - 01257472 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2012-06-06 05:45 - 2011-01-06 10:38 - 01027072 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2012-06-06 05:45 - 2010-09-27 20:51 - 00881664 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2012-06-06 05:45 - 2010-09-27 20:51 - 01607168 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2012-06-06 05:45 - 2010-11-19 10:55 - 01246208 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2012-06-06 05:45 - 2010-08-06 18:11 - 00850944 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2012-06-06 05:45 - 2010-08-06 18:13 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2012-06-06 05:45 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
2014-09-08 19:10 - 2014-09-08 19:10 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-08 19:10 - 2014-09-08 19:10 - 02845184 _____ () C:\Program Files\AVAST Software\Avast\defs\14090802\algo.dll
2014-09-08 19:10 - 2014-09-08 19:10 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-29 17:59 - 2012-11-29 17:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-09-07 09:18 - 2014-08-29 22:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-07 09:18 - 2014-08-29 22:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-07 09:18 - 2014-08-29 22:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-07 09:18 - 2014-08-29 22:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-07 09:18 - 2014-08-29 22:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2014-09-07 09:18 - 2014-08-29 22:49 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Paul\Desktop\Offer to Purchase- 15 Cox Crt Guelph.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Paul\Desktop\Offer to Purchase- 15 Cox Crt Guelph.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/08/2014 07:07:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.2.183.21, time stamp: 0x4b95e661
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x97c
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
 
Error: (09/08/2014 08:21:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/07/2014 05:08:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9235
 
Error: (09/07/2014 05:08:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9235
 
Error: (09/07/2014 05:08:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/07/2014 05:08:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8174
 
Error: (09/07/2014 05:08:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8174
 
Error: (09/07/2014 05:08:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/07/2014 05:08:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7176
 
Error: (09/07/2014 05:08:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7176
 
 
System errors:
=============
Error: (09/08/2014 08:19:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.9 service failed to start due to the following error: 
%%2
 
Error: (09/07/2014 03:40:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
Error: (09/08/2014 07:07:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.2.183.214b95e661ntdll.dll6.1.7601.18247521ea8e7c0000005000223e097c01cfcbb7f707250aC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dllf98a5972-37ac-11e4-9521-14dae93a015d
 
Error: (09/08/2014 08:21:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/07/2014 05:08:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9235
 
Error: (09/07/2014 05:08:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9235
 
Error: (09/07/2014 05:08:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/07/2014 05:08:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8174
 
Error: (09/07/2014 05:08:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8174
 
Error: (09/07/2014 05:08:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/07/2014 05:08:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7176
 
Error: (09/07/2014 05:08:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7176
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 22%
Total physical RAM: 8104.32 MB
Available physical RAM: 6263 MB
Total Pagefile: 16206.81 MB
Available Pagefile: 13963.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:55.8 GB) (Free:1.42 GB) NTFS
Drive e: (KINGSTON) (Removable) (Total:0.46 GB) (Free:0.03 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 6B43DBAB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 476 MB) (Disk ID: 8937518C)
Partition 1: (Active) - (Size=476 MB) - (Type=0E)
 
==================== End Of Log ============================

  • 0

#20
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,062 posts

Hi Paul, 

Did you create this folder? C:\Users\Paul\Desktop\Temp
 
Please provide an update on your computer after performing the steps below. Are any there outstanding issues?
How much free space is there on your HDD? 
 
 
STEP 1
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKU\S-1-5-21-2984152052-1607329531-1161540839-1000\...\Run: [AvgUpdater0814tb] => C:\ProgramData\Avg_Update_0814tb\0814tb_{60393F9A-EA31-4BF1-A11A-05D2EE30410C}.exe [2782744 2014-08-30] ()
    FF Plugin HKCU: @carbon.getu.com/Conduit Update;version=3 -> C:\Users\Paul\AppData\Local\Conduit\Update\1.3.25.23\npConduitUpdate3.dll No File
    FF Plugin HKCU: @carbon.getu.com/Conduit Update;version=9 -> C:\Users\Paul\AppData\Local\Conduit\Update\1.3.25.23\npConduitUpdate3.dll No File
    C:\Users\Paul\AppData\Local\Conduit
    CHR StartupUrls: Default -> "https://www.google.c...VLMe7rQG0-oDwCw", "hxxp://www.accuradio.com/#!/feat/mostpopular/"
    CHR Plugin: (AVG Internet Security) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File
    CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll No File
    S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
    C:\Program Files (x86)\Common Files\AVG Secure Search
    2014-09-08 08:18 - 2014-09-08 08:18 - 00442131 _____ () C:\Users\Paul\Desktop\avgremover.log
    2014-09-08 08:18 - 2014-09-08 08:16 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Paul\Desktop\avg_remover_stf_x64_2014_4116.exe
    2014-09-08 08:16 - 2014-09-08 08:16 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Paul\Downloads\avg_remover_stf_x64_2014_4116.exe
    2014-08-30 09:36 - 2014-09-08 08:19 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
    2014-08-30 09:36 - 2014-08-30 09:36 - 00002670 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv
    2014-08-30 09:36 - 2014-08-30 09:36 - 00002668 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rel
    2014-08-30 09:36 - 2014-08-30 09:36 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
    2014-08-30 09:35 - 2014-08-30 09:35 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
    2014-08-28 22:05 - 2014-08-28 22:05 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\AVG
    2014-08-28 22:05 - 2014-08-28 22:05 - 00000000 ____D () C:\Users\Paul\AppData\Local\AVG
    2014-08-28 22:04 - 2014-08-28 22:05 - 00000000 ____D () C:\ProgramData\AVG
    2014-09-08 08:19 - 2013-10-24 09:45 - 00000000 ____D () C:\ProgramData\AVG2014
    2014-09-08 08:19 - 2012-06-07 07:55 - 00000000 ____D () C:\Program Files (x86)\AVG
    2014-08-13 21:57 - 2014-09-08 19:02 - 00000914 _____ () C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA.job
    2014-08-13 21:57 - 2014-09-08 08:19 - 00000862 _____ () C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core.job
    2014-08-13 21:57 - 2014-08-13 21:57 - 00640744 _____ (Conduit Inc.) C:\Users\Paul\Downloads\ubrowser.exe
    2014-08-13 21:57 - 2014-08-13 21:57 - 00003882 _____ () C:\Windows\System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA
    2014-08-13 21:57 - 2014-08-13 21:57 - 00003486 _____ () C:\Windows\System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core
    2014-08-20 03:00 - 2012-09-03 18:22 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
    C:\Program Files (x86)\AVG Security Toolbar
    Task: {4F63E26C-B0C6-4847-8214-8931721F91F1} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
    Task: {62C9DC59-BF3D-404D-ADCE-000CA97DE420} - System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core => C:\Users\Paul\AppData\Local\Conduit\Update\ConduitUpdate.exe <==== ATTENTION
    Task: {78F067B0-DF11-4227-81D8-4D347ED631DB} - System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA => C:\Users\Paul\AppData\Local\Conduit\Update\ConduitUpdate.exe <==== ATTENTION
    Task: {85C61C19-ED33-44CC-A328-F3E3E367B05A} - System32\Tasks\{FAA11315-9B99-4DA8-8FD8-AF8736A9BFBC} => E:\38046cfd64b449ac8ddb3c660c693157_Pod13_en-CA (1).exe
    Task: {C5D93A93-539C-4D4E-BA95-DEB3E62C7951} - System32\Tasks\{5358AAF0-9069-46AA-A29C-60D6F349D21F} => E:\38046cfd64b449ac8ddb3c660c693157_Pod13_en-CA (1).exe
    Task: {D62B05E6-17DF-4D67-8E37-AE9314CAF5C2} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rel => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
    Task: C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core.job => C:\Users\Paul\AppData\Local\Conduit\Update\ConduitUpdate.exe
    Task: C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA.job => C:\Users\Paul\AppData\Local\Conduit\Update\ConduitUpdate.exe
    AlternateDataStreams: C:\Users\Paul\Desktop\Offer to Purchase- 15 Cox Crt Guelph.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\Paul\Desktop\Offer to Purchase- 15 Cox Crt Guelph.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    Folder: C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
    Hosts:
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
x58k7hrY.png.pagespeed.ic.rrdYoSlt3Q.png WinDirStat

  • Right-Click the WinDirStat icon and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Select the drive you wish to verify (C:\) and let the programme run until it has finished enumerating all files/folders. 
  • On the left hand side, expand any folders that appear to be consuming a large amount of space. 
  • Do the same for folders within the folder(s) you have already expanded. 
  • Take a screenshot and post the image in your next reply. Instructions on how to take a screenshot can be found in this article.
  • Upload the image to Imgur.com and paste the URL in your next reply. 
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did you create the folder?
  • Fixlog.txt
  • WinDirStat results
  • Update on computer

  • 0

#21
Paul 62

Paul 62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Hi Adam,

Yes- I created the temp file- its the only way I know to save .exe files from downloads and then copy/paste to my desktop :)

Here is the Fixlog

__

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by Paul at 2014-09-09 18:59:46 Run:1
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-2984152052-1607329531-1161540839-1000\...\Run: [AvgUpdater0814tb] => C:\ProgramData\Avg_Update_0814tb\0814tb_{60393F9A-EA31-4BF1-A11A-05D2EE30410C}.exe [2782744 2014-08-30] ()
FF Plugin HKCU: @carbon.getu.com/Conduit Update;version=3 -> C:\Users\Paul\AppData\Local\Conduit\Update\1.3.25.23\npConduitUpdate3.dll No File
FF Plugin HKCU: @carbon.getu.com/Conduit Update;version=9 -> C:\Users\Paul\AppData\Local\Conduit\Update\1.3.25.23\npConduitUpdate3.dll No File
C:\Users\Paul\AppData\Local\Conduit
CHR StartupUrls: Default -> "https://www.google.c...VLMe7rQG0-oDwCw", "hxxp://www.accuradio.com/#!/feat/mostpopular/"
CHR Plugin: (AVG Internet Security) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll No File
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
C:\Program Files (x86)\Common Files\AVG Secure Search
2014-09-08 08:18 - 2014-09-08 08:18 - 00442131 _____ () C:\Users\Paul\Desktop\avgremover.log
2014-09-08 08:18 - 2014-09-08 08:16 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Paul\Desktop\avg_remover_stf_x64_2014_4116.exe
2014-09-08 08:16 - 2014-09-08 08:16 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Paul\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-08-30 09:36 - 2014-09-08 08:19 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2014-08-30 09:36 - 2014-08-30 09:36 - 00002670 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv
2014-08-30 09:36 - 2014-08-30 09:36 - 00002668 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rel
2014-08-30 09:36 - 2014-08-30 09:36 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2014-08-30 09:35 - 2014-08-30 09:35 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-28 22:05 - 2014-08-28 22:05 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\AVG
2014-08-28 22:05 - 2014-08-28 22:05 - 00000000 ____D () C:\Users\Paul\AppData\Local\AVG
2014-08-28 22:04 - 2014-08-28 22:05 - 00000000 ____D () C:\ProgramData\AVG
2014-09-08 08:19 - 2013-10-24 09:45 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-08 08:19 - 2012-06-07 07:55 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-13 21:57 - 2014-09-08 19:02 - 00000914 _____ () C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA.job
2014-08-13 21:57 - 2014-09-08 08:19 - 00000862 _____ () C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core.job
2014-08-13 21:57 - 2014-08-13 21:57 - 00640744 _____ (Conduit Inc.) C:\Users\Paul\Downloads\ubrowser.exe
2014-08-13 21:57 - 2014-08-13 21:57 - 00003882 _____ () C:\Windows\System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA
2014-08-13 21:57 - 2014-08-13 21:57 - 00003486 _____ () C:\Windows\System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core
2014-08-20 03:00 - 2012-09-03 18:22 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
C:\Program Files (x86)\AVG Security Toolbar
Task: {4F63E26C-B0C6-4847-8214-8931721F91F1} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: {62C9DC59-BF3D-404D-ADCE-000CA97DE420} - System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core => C:\Users\Paul\AppData\Local\Conduit\Update\ConduitUpdate.exe <==== ATTENTION
Task: {78F067B0-DF11-4227-81D8-4D347ED631DB} - System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA => C:\Users\Paul\AppData\Local\Conduit\Update\ConduitUpdate.exe <==== ATTENTION
Task: {85C61C19-ED33-44CC-A328-F3E3E367B05A} - System32\Tasks\{FAA11315-9B99-4DA8-8FD8-AF8736A9BFBC} => E:\38046cfd64b449ac8ddb3c660c693157_Pod13_en-CA (1).exe
Task: {C5D93A93-539C-4D4E-BA95-DEB3E62C7951} - System32\Tasks\{5358AAF0-9069-46AA-A29C-60D6F349D21F} => E:\38046cfd64b449ac8ddb3c660c693157_Pod13_en-CA (1).exe
Task: {D62B05E6-17DF-4D67-8E37-AE9314CAF5C2} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rel => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core.job => C:\Users\Paul\AppData\Local\Conduit\Update\ConduitUpdate.exe
Task: C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA.job => C:\Users\Paul\AppData\Local\Conduit\Update\ConduitUpdate.exe
AlternateDataStreams: C:\Users\Paul\Desktop\Offer to Purchase- 15 Cox Crt Guelph.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Paul\Desktop\Offer to Purchase- 15 Cox Crt Guelph.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Folder: C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Hosts:
EmptyTemp:
end
*****************
 
HKU\S-1-5-21-2984152052-1607329531-1161540839-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AvgUpdater0814tb => value deleted successfully.
"HKCU\Software\MozillaPlugins\@carbon.getu.com/Conduit Update;version=3" => Key deleted successfully.
C:\Users\Paul\AppData\Local\Conduit\Update\1.3.25.23\npConduitUpdate3.dll not found.
"HKCU\Software\MozillaPlugins\@carbon.getu.com/Conduit Update;version=9" => Key deleted successfully.
C:\Users\Paul\AppData\Local\Conduit\Update\1.3.25.23\npConduitUpdate3.dll not found.
"C:\Users\Paul\AppData\Local\Conduit" => File/Directory not found.
Chrome StartupUrls deleted successfully.
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll not found.
vToolbarUpdater18.1.9 => Service deleted successfully.
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Directory not found.
C:\Users\Paul\Desktop\avgremover.log => Moved successfully.
C:\Users\Paul\Desktop\avg_remover_stf_x64_2014_4116.exe => Moved successfully.
C:\Users\Paul\Downloads\avg_remover_stf_x64_2014_4116.exe => Moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => Moved successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => Moved successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rel => Moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => Moved successfully.
C:\ProgramData\Avg_Update_0814tb => Moved successfully.
C:\Users\Paul\AppData\Roaming\AVG => Moved successfully.
C:\Users\Paul\AppData\Local\AVG => Moved successfully.
C:\ProgramData\AVG => Moved successfully.
C:\ProgramData\AVG2014 => Moved successfully.
C:\Program Files (x86)\AVG => Moved successfully.
C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA.job => Moved successfully.
C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core.job => Moved successfully.
C:\Users\Paul\Downloads\ubrowser.exe => Moved successfully.
C:\Windows\System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA => Moved successfully.
C:\Windows\System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core => Moved successfully.
C:\Windows\system32\Drivers\avgtpx64.sys => Moved successfully.
"C:\Program Files (x86)\AVG Security Toolbar" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4F63E26C-B0C6-4847-8214-8931721F91F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F63E26C-B0C6-4847-8214-8931721F91F1}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0814tb_rmv" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62C9DC59-BF3D-404D-ADCE-000CA97DE420}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62C9DC59-BF3D-404D-ADCE-000CA97DE420}" => Key deleted successfully.
C:\Windows\System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78F067B0-DF11-4227-81D8-4D347ED631DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78F067B0-DF11-4227-81D8-4D347ED631DB}" => Key deleted successfully.
C:\Windows\System32\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85C61C19-ED33-44CC-A328-F3E3E367B05A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85C61C19-ED33-44CC-A328-F3E3E367B05A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{FAA11315-9B99-4DA8-8FD8-AF8736A9BFBC} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FAA11315-9B99-4DA8-8FD8-AF8736A9BFBC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5D93A93-539C-4D4E-BA95-DEB3E62C7951}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5D93A93-539C-4D4E-BA95-DEB3E62C7951}" => Key deleted successfully.
C:\Windows\System32\Tasks\{5358AAF0-9069-46AA-A29C-60D6F349D21F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5358AAF0-9069-46AA-A29C-60D6F349D21F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D62B05E6-17DF-4D67-8E37-AE9314CAF5C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D62B05E6-17DF-4D67-8E37-AE9314CAF5C2}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rel not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0814tb_rel" => Key deleted successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job not found.
C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job not found.
C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000Core.job not found.
C:\Windows\Tasks\ConduitUpdateTaskUserS-1-5-21-2984152052-1607329531-1161540839-1000UA.job not found.
"C:\Users\Paul\Desktop\Offer to Purchase- 15 Cox Crt Guelph.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Paul\Desktop\Offer to Purchase- 15 Cox Crt Guelph.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
 
========================= Folder: C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} ========================
 
 
====== End of Folder: ======
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Route, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{F7E44F10-F408-4D10-9E01-231DE170EACC} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 694.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#22
Paul 62

Paul 62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Here is the Imgur URL:

http://imgur.com/Ccm...DPb412K,iSwWbeb

 

_____________

 

My computer seems to be running more quickly but I don't seem to have anymore diskspace... 


  • 0

#23
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,062 posts

Hi Paul, 

 

Lets confirm there are no malware remnants, and we'll continue to troubleshoot your HDD space. 

 

STEP 1
xGfiJrQ9.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your Desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Launch the programme and select Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
GzlsbnV.png.pagespeed.ce.SLxxSJVib_.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM Scan log
  • ESET Online Scan log

  • 0

#24
Paul 62

Paul 62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

The Malwarebytes log:

_____

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 09/09/2014
Scan Time: 9:18:11 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.09.07
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Paul
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308298
Time Elapsed: 4 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#25
Paul 62

Paul 62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

HI Adam,

Here is the MyEsetScan log:

______

C:\Users\Paul\Downloads\ccsetup417pro (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Paul\Downloads\ccsetup417pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

  • 0

Advertisements


#26
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,062 posts

Hi Paul, 
 
We're going to use a different tool to troubleshoot your HDD space. This process may be somewhat cumbersome, so patience will be required.
 

  • Please download and install Folder Size
  • Open the programme. If you receive an error, right-click Folder Size.exe and select Run as administrator
  • Click the drive letter that corresponds to the HDD you wish to scan (C:\).

    ypfo0Vl.png
     
  • Click the Scan Selected Drive button. S90jIMQ.png
  • Upon completion, a list of folders in your root directory will be enumerated. 

    gpMd7o4.png
     
  • Take a screenshot of the list, upload to Imgur.com and paste the link in your next reply. 

  • 0

#27
Paul 62

Paul 62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Hi Adam,

Here is the Imgur URL

______

http://imgur.com/QRt78Dn


  • 0

#28
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,062 posts
Hi Paul,

Please repeat, but increase the width of the column, so I can see the full numbers and file paths (like the example image above).
  • 0

#29
Paul 62

Paul 62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Sorry Adam.

Is this better?

 

http://imgur.com/lA7...vPHtqjf,pgnrzBP


  • 0

#30
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,062 posts

Hi Paul, 

 

Can you tell me the value you expect your used space to be? Eg. 40GB/55GB


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP