Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyhunter 4 removal and not allowing internet browser to load [Solved


  • This topic is locked This topic is locked

#1
Missemily

Missemily

    Member

  • Member
  • PipPip
  • 45 posts

HI,

 

This computer originally had several viruses that malware bytes removed. However, one of the profiles on this computer has spyhunter 4 on it and it will not allow any browser use.  Any and all help in getting this computer back up to speed would be sincerely appreciated :)

 

Farbar logs are as follows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Dad (administrator) on DAD-PC (28-07-2015 22:23:36)
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad (Available Profiles: Dad & Spencer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\UBIOS\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [{90120000-006E-0409-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.aol....kusaolp00000800
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> DefaultScope {CB664957-89B6-478F-AD5E-1E4AFE3D4EB0} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> {CB664957-89B6-478F-AD5E-1E4AFE3D4EB0} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
Toolbar: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1B827D15-FF15-44C1-A591-D3024231EAB3}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\my844vf8.default
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\my844vf8.default\user.js [2014-04-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-20]

Chrome:
=======
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-08]
CHR Extension: (Google Wallet) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R2 GFNEXSrv; c:\UBIOS\GFNEXSrv.exe [133640 2010-04-23] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-29] (Electronic Arts)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-07-15] (Enigma Software Group USA, LLC.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software)
S3 ElgatoGC656Y; C:\Windows\System32\Drivers\ElgatoGC656.sys [94440 2014-07-07] (UB658)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-07-15] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-07-15] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-02-18] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 22:11 - 2015-07-28 22:11 - 00347816 _____ (Microsoft Corporation) C:\Users\Dad\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.1361570257214392.1.1.Run.exe
2015-07-28 20:40 - 2015-07-28 21:33 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-28 20:40 - 2015-07-28 20:40 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-28 20:40 - 2015-07-28 20:40 - 00001073 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-28 20:40 - 2015-07-28 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-28 20:40 - 2015-07-28 20:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-28 20:40 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-28 20:40 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-28 20:40 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-28 20:36 - 2015-07-28 20:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Dad\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-28 19:51 - 2015-07-28 19:52 - 00038517 _____ C:\Users\Dad\Desktop\Addition.txt
2015-07-28 19:50 - 2015-07-28 22:23 - 00016784 _____ C:\Users\Dad\Desktop\FRST.txt
2015-07-28 19:50 - 2015-07-28 22:23 - 00000000 ____D C:\FRST
2015-07-28 19:49 - 2015-07-28 19:49 - 02146816 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe
2015-07-28 19:48 - 2015-07-28 19:48 - 02146816 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe
2015-07-21 06:33 - 2015-07-21 06:33 - 00002226 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-21 06:33 - 2015-07-21 06:33 - 00002226 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2015-07-21 06:33 - 2015-07-21 06:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-21 06:32 - 2015-07-28 22:06 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-21 06:32 - 2015-07-28 20:37 - 00000900 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-21 06:32 - 2015-07-21 06:32 - 00003896 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-21 06:32 - 2015-07-21 06:32 - 00003644 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-20 23:51 - 2015-07-20 23:51 - 00000000 ____D C:\Users\Dad\AppData\Roaming\AVAST Software
2015-07-20 20:03 - 2015-07-28 19:46 - 00000000 ___SD C:\windows\system32\GWX
2015-07-20 20:03 - 2015-07-20 20:03 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-07-20 20:03 - 2015-07-20 20:03 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-20 20:03 - 2015-07-20 20:03 - 00000000 ____D C:\windows\system32\appraiser
2015-07-20 19:55 - 2015-01-08 18:44 - 00419936 _____ C:\windows\SysWOW64\locale.nls
2015-07-20 19:55 - 2015-01-08 18:43 - 00419936 _____ C:\windows\system32\locale.nls
2015-07-20 19:48 - 2015-07-09 12:59 - 00017856 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-07-20 19:48 - 2015-07-09 12:58 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 02603008 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 01085440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00765440 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00433664 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-07-20 19:48 - 2015-07-09 12:58 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-07-20 19:48 - 2015-07-09 12:58 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-07-20 19:48 - 2015-07-09 12:50 - 01145856 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-07-20 19:48 - 2015-07-09 12:43 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-07-20 19:48 - 2015-07-09 12:43 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-07-20 19:48 - 2015-07-09 12:43 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-07-20 19:48 - 2015-07-09 12:43 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-07-20 19:48 - 2015-07-09 12:42 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-07-20 19:48 - 2015-06-03 15:16 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-07-20 19:48 - 2015-06-03 15:16 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-07-20 19:48 - 2015-05-25 13:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-07-20 19:48 - 2015-05-25 13:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-07-20 19:48 - 2015-05-25 13:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-07-20 19:48 - 2015-05-25 13:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-07-20 19:48 - 2015-05-25 13:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-07-20 19:48 - 2015-05-25 13:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-07-20 19:48 - 2015-05-25 13:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-07-20 19:48 - 2015-05-25 13:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-07-20 19:48 - 2015-05-25 13:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-07-20 19:48 - 2015-05-25 13:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-07-20 19:48 - 2015-05-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-07-20 19:48 - 2015-05-25 13:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-07-20 19:48 - 2015-05-25 13:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-07-20 19:48 - 2015-05-25 13:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-07-20 19:48 - 2015-05-25 13:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-07-20 19:48 - 2015-05-25 13:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-07-20 19:48 - 2015-05-25 13:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-07-20 19:48 - 2015-05-25 13:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-07-20 19:48 - 2015-05-25 13:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-07-20 19:48 - 2015-05-25 13:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-07-20 19:48 - 2015-05-25 13:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-07-20 19:48 - 2015-05-25 13:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-07-20 19:48 - 2015-05-25 13:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-07-20 19:48 - 2015-05-25 13:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-07-20 19:48 - 2015-05-25 13:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-07-20 19:48 - 2015-05-25 13:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-07-20 19:48 - 2015-05-25 12:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-07-20 19:48 - 2015-05-25 12:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-07-20 19:48 - 2015-05-25 12:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-07-20 19:48 - 2015-05-25 11:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-07-20 19:48 - 2015-05-25 11:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-07-20 19:48 - 2015-05-25 11:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 11:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-20 19:48 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-07-20 19:48 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-07-20 19:47 - 2015-04-27 14:23 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-07-20 19:47 - 2015-04-27 14:23 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-07-20 19:47 - 2015-04-27 14:23 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-07-20 19:47 - 2015-04-27 14:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-07-20 19:47 - 2015-04-27 14:05 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-07-20 19:47 - 2015-04-27 14:04 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-07-20 19:47 - 2015-04-27 14:04 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-07-20 19:47 - 2015-04-27 14:04 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-07-20 19:47 - 2015-04-10 22:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-07-20 19:47 - 2015-03-13 22:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-07-20 19:47 - 2015-03-13 22:21 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-07-20 19:47 - 2015-03-13 22:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-07-20 19:47 - 2015-03-13 22:04 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-07-20 19:47 - 2015-03-03 23:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-07-20 19:47 - 2015-03-03 23:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-07-20 19:47 - 2015-03-03 23:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-07-20 19:47 - 2015-03-03 23:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-07-20 19:47 - 2015-03-03 23:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-07-20 19:47 - 2015-03-03 23:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-07-20 19:47 - 2015-03-03 23:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-07-20 19:45 - 2015-07-20 19:45 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\AVAST Software
2015-07-20 19:44 - 2015-07-20 19:44 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-20 19:44 - 2015-07-20 19:44 - 00001933 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2015-07-20 19:44 - 2015-07-20 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-20 19:42 - 2015-07-20 23:51 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-07-20 19:42 - 2015-07-20 19:41 - 01048856 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2015-07-20 19:42 - 2015-07-20 19:41 - 00447944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2015-07-20 19:42 - 2015-07-20 19:41 - 00274808 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-07-20 19:42 - 2015-07-20 19:41 - 00150160 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-07-20 19:42 - 2015-07-20 19:41 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-07-20 19:42 - 2015-07-20 19:41 - 00090968 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2015-07-20 19:42 - 2015-07-20 19:41 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-07-20 19:42 - 2015-07-20 19:41 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-07-20 19:41 - 2015-07-20 19:41 - 00378880 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-07-20 19:41 - 2015-07-20 19:41 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-07-20 19:37 - 2015-05-09 13:26 - 00493504 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-07-20 19:29 - 2015-07-20 19:29 - 00001436 _____ C:\Users\Spencer\Desktop\Internet Explorer.lnk
2015-07-20 19:20 - 2012-07-18 11:26 - 02097152 ___RH C:\TKBSR.BIN
2015-07-20 19:19 - 2015-07-20 19:19 - 00000000 ____D C:\UBIOS
2015-07-20 18:18 - 2015-07-14 22:19 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-07-20 18:18 - 2015-07-14 22:19 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-07-20 18:18 - 2015-07-14 22:19 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-07-20 18:18 - 2015-07-14 22:19 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-07-20 18:18 - 2015-07-14 21:55 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-07-20 18:18 - 2015-07-14 21:55 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-07-20 18:18 - 2015-07-14 21:55 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-07-20 18:18 - 2015-07-14 21:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-07-20 18:18 - 2015-07-14 20:59 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-07-20 18:18 - 2015-07-14 20:52 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-07-20 17:58 - 2015-07-20 17:58 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-20 17:56 - 2015-07-20 17:56 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online_cnet.exe
2015-07-20 17:56 - 2015-07-20 17:56 - 05481336 _____ (Avast Software s.r.o.) C:\ProgramData\Desktop\avast_free_antivirus_setup_online_cnet.exe
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-16 16:51 - 2015-07-16 16:51 - 00000000 ____D C:\ProgramData\.mono
2015-07-16 16:07 - 2015-07-16 16:07 - 03077905 _____ C:\Users\Spencer\Downloads\forge-1.7.10-10.13.2.1230-installer.jar
2015-07-16 16:02 - 2015-07-04 13:07 - 02087424 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-16 16:02 - 2015-07-04 12:48 - 01414656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-16 15:46 - 2015-07-16 15:46 - 00000000 ____D C:\Users\Spencer\AppData\Local\IsolatedStorage
2015-07-16 15:45 - 2015-07-20 20:14 - 00000000 ____D C:\Program Files (x86)\TampaEdit
2015-07-16 12:15 - 2015-07-16 12:21 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\.minecraft
2015-07-15 20:29 - 2015-07-15 20:29 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\java
2015-07-15 20:23 - 2015-06-25 13:09 - 00389832 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-07-15 20:23 - 2015-06-25 12:43 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-15 20:23 - 2015-06-20 15:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-07-15 20:23 - 2015-06-20 14:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-07-15 20:23 - 2015-06-20 14:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-07-15 20:23 - 2015-06-20 14:49 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-07-15 20:23 - 2015-06-20 14:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-07-15 20:23 - 2015-06-20 14:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-07-15 20:23 - 2015-06-20 14:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-07-15 20:23 - 2015-06-20 14:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-07-15 20:23 - 2015-06-20 14:34 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-07-15 20:23 - 2015-06-20 14:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-07-15 20:23 - 2015-06-20 14:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-07-15 20:23 - 2015-06-20 14:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-07-15 20:23 - 2015-06-20 14:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-07-15 20:23 - 2015-06-20 14:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 20:23 - 2015-06-20 14:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-07-15 20:23 - 2015-06-20 14:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-15 20:23 - 2015-06-20 14:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-15 20:23 - 2015-06-20 13:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-07-15 20:23 - 2015-06-20 13:48 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-07-15 20:23 - 2015-06-20 13:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-07-15 20:23 - 2015-06-20 13:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-07-15 20:23 - 2015-06-20 13:26 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-07-15 20:23 - 2015-06-20 13:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-07-15 20:23 - 2015-06-19 13:25 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-07-15 20:23 - 2015-06-19 13:25 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-07-15 20:23 - 2015-06-19 13:24 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-07-15 20:23 - 2015-06-19 13:24 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-07-15 20:23 - 2015-06-19 13:23 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-07-15 20:23 - 2015-06-19 13:17 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-07-15 20:23 - 2015-06-19 13:16 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-07-15 20:23 - 2015-06-19 13:13 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-07-15 20:23 - 2015-06-19 13:13 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-07-15 20:23 - 2015-06-19 13:03 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-07-15 20:23 - 2015-06-19 12:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 20:23 - 2015-06-19 12:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-07-15 20:23 - 2015-06-19 12:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-15 20:23 - 2015-06-19 12:51 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-15 20:23 - 2015-06-19 12:40 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-07-15 20:23 - 2015-06-19 12:40 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-07-15 20:23 - 2015-06-19 12:39 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-07-15 20:23 - 2015-06-19 12:15 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-07-15 20:23 - 2015-06-19 12:11 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-07-15 20:22 - 2015-07-01 15:56 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-15 20:22 - 2015-07-01 15:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-07-15 20:22 - 2015-07-01 15:49 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-07-15 20:22 - 2015-07-01 15:48 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-07-15 20:22 - 2015-07-01 15:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-07-15 20:22 - 2015-07-01 15:47 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-07-15 20:22 - 2015-07-01 15:47 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-07-15 20:22 - 2015-07-01 15:43 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-07-15 20:22 - 2015-07-01 15:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-07-15 20:22 - 2015-07-01 15:39 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-07-15 20:22 - 2015-07-01 15:29 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-15 20:22 - 2015-07-01 15:29 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-07-15 20:22 - 2015-07-01 15:29 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-07-15 20:22 - 2015-07-01 15:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-07-15 20:22 - 2015-07-01 15:26 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-07-15 20:22 - 2015-07-01 15:24 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-07-15 20:22 - 2015-07-01 14:27 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-15 20:22 - 2015-07-01 14:26 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-15 20:22 - 2015-07-01 14:26 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-15 20:20 - 2015-07-02 16:21 - 19877376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-07-15 20:20 - 2015-06-26 21:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-07-15 20:20 - 2015-06-26 21:43 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-07-15 20:20 - 2015-06-26 20:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-07-15 20:20 - 2015-06-26 20:39 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-07-15 20:20 - 2015-06-25 03:57 - 03207168 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-07-15 20:20 - 2015-06-17 12:47 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-15 20:20 - 2015-06-17 12:37 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-15 20:20 - 2015-06-09 13:03 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-07-15 20:20 - 2015-06-09 13:03 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 20:20 - 2015-06-01 19:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
2015-07-15 20:20 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
2015-07-15 20:19 - 2015-07-02 16:08 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-07-15 20:19 - 2015-07-02 15:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-07-15 20:19 - 2015-07-02 15:49 - 25193984 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-07-15 20:19 - 2015-07-02 15:46 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-07-15 20:19 - 2015-07-02 15:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-07-15 20:19 - 2015-07-02 15:23 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-07-15 20:19 - 2015-07-02 15:19 - 12855296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-07-15 20:19 - 2015-07-02 15:12 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-07-15 20:19 - 2015-07-02 14:55 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-07-15 20:19 - 2015-07-02 14:20 - 14453248 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-07-15 20:19 - 2015-07-02 13:59 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-07-15 20:19 - 2015-06-15 16:50 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-07-15 20:19 - 2015-06-15 16:45 - 03242496 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-15 20:19 - 2015-06-15 16:45 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-15 20:19 - 2015-06-15 16:45 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-07-15 20:19 - 2015-06-15 16:45 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-07-15 20:19 - 2015-06-15 16:44 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-15 20:19 - 2015-06-15 16:43 - 02364416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-15 20:19 - 2015-06-15 16:43 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-15 20:19 - 2015-06-15 16:43 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2015-07-15 20:19 - 2015-06-15 16:42 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-15 20:19 - 2015-06-15 16:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2015-07-15 20:19 - 2015-06-15 16:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2015-07-15 20:19 - 2015-06-11 12:57 - 06131200 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-07-15 20:19 - 2015-06-11 12:57 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-07-15 20:19 - 2015-06-11 12:57 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-07-15 20:19 - 2015-06-11 12:56 - 07077376 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-07-15 20:19 - 2015-06-11 12:56 - 01057792 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-07-15 20:19 - 2015-06-11 12:56 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-07-15 20:19 - 2015-06-11 08:15 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-07-15 19:45 - 2015-07-15 19:45 - 00003330 _____ C:\windows\System32\Tasks\SpyHunter4Startup
2015-07-15 19:45 - 2015-07-15 19:45 - 00001098 _____ C:\Users\Spencer\Desktop\SpyHunter.lnk
2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Enigma Software Group
2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 ____D C:\sh4ldr
2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 _____ C:\autoexec.bat
2015-07-15 19:44 - 2015-07-15 19:44 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2015-07-15 19:44 - 2015-07-15 19:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-07-15 19:39 - 2015-07-15 19:41 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Spencer\Desktop\SpyHunter-Installer.exe
2015-07-15 19:04 - 2015-07-16 15:45 - 00000000 ____D C:\Program Files (x86)\LiveReader
2015-07-15 19:01 - 2015-07-20 17:57 - 00000024 _____ C:\Users\Spencer\AppData\Roaming\appdataFr25.bin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 22:16 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-28 22:16 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-28 22:14 - 2015-02-16 15:50 - 02051186 _____ C:\windows\WindowsUpdate.log
2015-07-28 22:06 - 2015-02-17 11:59 - 00006686 _____ C:\windows\setupact.log
2015-07-28 22:06 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-28 21:32 - 2015-02-17 09:53 - 00765464 _____ C:\windows\PFRO.log
2015-07-28 21:19 - 2015-04-16 21:14 - 00000000 ____D C:\ProgramData\coupcoup
2015-07-28 21:19 - 2015-04-01 21:24 - 00000000 ____D C:\ProgramData\BlockIt Ad remover
2015-07-28 21:19 - 2013-02-25 17:37 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Funmoods
2015-07-28 19:55 - 2013-03-22 19:52 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Skype
2015-07-28 19:46 - 2014-12-13 15:26 - 00000000 __SHD C:\Users\Dad\AppData\Local\EmieBrowserModeList
2015-07-28 19:46 - 2014-05-03 14:41 - 00000000 __SHD C:\Users\Dad\AppData\Local\EmieUserList
2015-07-28 19:46 - 2014-05-03 14:41 - 00000000 __SHD C:\Users\Dad\AppData\Local\EmieSiteList
2015-07-28 19:46 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2015-07-21 06:33 - 2015-02-18 13:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-21 06:29 - 2009-07-13 22:20 - 00000000 ____D C:\windows\AppCompat
2015-07-21 02:27 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2015-07-20 23:53 - 2009-07-14 00:13 - 00800820 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-20 23:50 - 2015-02-18 13:01 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Apple Computer
2015-07-20 23:32 - 2015-02-18 13:48 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Apple Computer
2015-07-20 20:46 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-20 20:44 - 2015-03-27 16:56 - 00000000 ____D C:\ProgramData\{3d0b09bd-2b90-6605-3d0b-b09bd2b926f4}
2015-07-20 20:20 - 2015-06-08 13:45 - 00000000 ____D C:\Program Files (x86)\VK Switcher
2015-07-20 20:05 - 2015-02-17 09:53 - 00306640 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-20 20:03 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-07-20 20:03 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-07-20 20:02 - 2012-10-05 12:02 - 00002086 _____ C:\windows\epplauncher.mif
2015-07-20 19:18 - 2015-02-18 12:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-20 18:21 - 2012-10-05 15:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-20 18:05 - 2013-08-11 10:17 - 00000000 ____D C:\windows\system32\MRT
2015-07-20 17:55 - 2015-02-17 14:56 - 00000000 __SHD C:\Users\Spencer\AppData\Local\EmieBrowserModeList
2015-07-20 17:55 - 2014-09-04 21:58 - 00000000 __SHD C:\Users\Spencer\AppData\Local\EmieUserList
2015-07-20 17:55 - 2014-09-04 21:58 - 00000000 __SHD C:\Users\Spencer\AppData\Local\EmieSiteList
2015-07-16 16:22 - 2012-11-27 18:15 - 00000000 ____D C:\Users\Spencer\Desktop\.minecraft
2015-07-16 15:35 - 2013-08-14 10:33 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2015-07-15 20:27 - 2015-01-14 13:02 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-07-15 19:07 - 2014-04-01 16:31 - 00016722 _____ C:\windows\wininit.ini
2015-07-15 19:04 - 2015-03-27 16:59 - 00000000 ____D C:\Program Files (x86)\IndepthFunc
2015-07-05 05:08 - 2010-11-20 22:27 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-07-03 08:43 - 2012-10-05 13:08 - 130333168 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-06-08 13:45 - 2015-06-21 15:54 - 0000024 _____ () C:\Users\Dad\AppData\Roaming\appdataFr25.bin
2015-04-23 19:00 - 2015-05-12 19:23 - 0000020 _____ () C:\Users\Dad\AppData\Roaming\appdataFr3.bin
2014-03-31 07:08 - 2014-03-31 07:08 - 0000035 _____ () C:\Users\Dad\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\temp\setacl.exe
C:\Users\Spencer\AppData\Local\temp\dllnt_dump.dll
C:\Users\Spencer\AppData\Local\temp\jre-8u45-windows-au.exe
C:\Users\Spencer\AppData\Local\temp\jre-8u51-windows-au.exe
C:\Users\Spencer\AppData\Local\temp\setacl.exe
C:\Users\Spencer\AppData\Local\temp\xm8asgh3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-21 02:19

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Dad at 2015-07-28 19:51:33
Running from C:\Users\Dad\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2532736474-479128405-2498110611-500 - Administrator - Disabled)
Dad (S-1-5-21-2532736474-479128405-2498110611-1000 - Administrator - Enabled) => C:\Users\Dad
Guest (S-1-5-21-2532736474-479128405-2498110611-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2532736474-479128405-2498110611-1003 - Limited - Enabled)
Spencer (S-1-5-21-2532736474-479128405-2498110611-1001 - Administrator - Enabled) => C:\Users\Spencer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC Universe Online Live (HKU\S-1-5-21-2532736474-479128405-2498110611-1000\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Iminent (x32 Version: 5.50.21.0 - Iminent) Hidden <==== ATTENTION
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KingfisherStriper (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f988423}) (Version:  - KingfisherStriper) <==== ATTENTION
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{63227E62-F417-497E-9060-22B3A9A52D7A}) (Version: 1.0.1.0 - Mojang)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6410 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.23.50.1 - Client Connect LTD) <==== ATTENTION
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TaKeTheCoupon (HKLM-x32\...\{53B21E29-3967-C332-57EB-C02631658584}) (Version:  - "") <==== ATTENTION
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0014 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0006 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.7 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2532736474-479128405-2498110611-1000_Classes\CLSID\{939A0D04-0E07-48FE-A463-6623B70C3A96}\localserver32 -> "C:\Users\Dad\AppData\Local\Conduit\ValueApps\IE\64\ValueApps.exe" No File

==================== Restore Points =========================

20-07-2015 19:37:58 avast! antivirus system restore point
20-07-2015 19:39:08 Removed Google Chrome
20-07-2015 19:48:49 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-02-18 09:59 - 00000000 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {189240AE-E38D-41BE-B6F8-B3429C122F3E} - \iWebar-chromeinstaller No Task File <==== ATTENTION
Task: {1A7919E5-15D2-463D-9A7A-B2F3D604DBAE} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {3050439D-087A-4D89-B172-A074AD3C6583} - \iWebar-firefoxinstaller No Task File <==== ATTENTION
Task: {3C1A4D24-E190-4777-942E-0C728EAEDE97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-21] (Google Inc.)
Task: {5763F4F5-57C1-41CB-BB35-74D776753975} - \RegClean Pro No Task File <==== ATTENTION
Task: {69A0F68A-EAE2-43AE-8812-7E4FD6F40404} - \Funmoods No Task File <==== ATTENTION
Task: {7D957EA3-C287-4F7C-BDC0-D15C11C46DE7} - \iWebar-codedownloader No Task File <==== ATTENTION
Task: {977CE999-149C-4B05-804D-E8BFD5DF28B9} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {9D24A265-E37F-4EE3-817F-E9260F4C30BF} - \iWebar-updater No Task File <==== ATTENTION
Task: {B0F49BFF-E753-41D6-82D7-C3FF10088E1B} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {BE657BB7-1A28-4212-9083-C5B3D8CEB3C3} - System32\Tasks\{934354F8-379E-4195-83E6-B24284286D69} => pcalua.exe -a "C:\Program Files (x86)\YTDownloader\YTDUninstall.exe"
Task: {C1F94B9D-35FD-44A3-BD3C-350C95895A6E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CA7EF5D6-16C7-4078-B35E-5794C26F73A1} - System32\Tasks\{D2057F98-863E-40F4-AD44-CA19CAA3F940} => Chrome.exe http://ui.skype.com/...all?page=tsMain
Task: {CEA497F7-8077-4CA4-A9D4-4584496F5F5C} - \AmiUpdXp No Task File <==== ATTENTION
Task: {DE98CE31-8674-4042-9C46-8814797156F8} - \Updater26278.exe No Task File <==== ATTENTION
Task: {E46123AB-0235-4EB8-B63D-1C8D5A2E7B5E} - \Dealply No Task File <==== ATTENTION
Task: {E50EB9F3-6C98-4FAE-B087-509407C29A10} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {EB6629B8-8347-4A72-B06E-1C76E79BF732} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-21] (Google Inc.)
Task: {EC6E9A8A-AD51-48ED-ABAF-00C512A00579} - \EPUpdater No Task File <==== ATTENTION
Task: {EE8C4C16-54CC-4F62-B308-E912116F2838} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-07-15] (Enigma Software Group USA, LLC.)
Task: {F159397C-A597-499A-95B9-03D9FA806E8F} - \iWebar-enabler No Task File <==== ATTENTION
Task: {F2144DF2-940E-441E-A6A2-B67F8B8A100F} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-20 19:19 - 2010-04-23 17:12 - 00133640 _____ () c:\UBIOS\GFNEXSrv.exe
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 14:13 - 2011-08-31 14:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-06-09 23:09 - 2011-06-09 23:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-07-20 19:41 - 2015-07-20 19:41 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 19:41 - 2015-07-20 19:41 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-21 06:30 - 2015-07-21 06:30 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072100\algo.dll
2015-07-28 19:47 - 2015-07-28 19:47 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15072801\algo.dll
2015-07-20 19:41 - 2015-07-20 19:41 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WUAUSERV => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6B553563-722B-4256-B73A-D18A7918F05E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9AF3FA1A-3DBE-418E-8A3D-A252C2A04352}] => (Allow) LPort=2869
FirewallRules: [{0911B259-2525-4AAD-A602-A58B46DE753A}] => (Allow) LPort=1900
FirewallRules: [{090F5516-4CD6-4B9D-850E-A0F06589FA86}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{95D88D01-7A41-4F38-B5DB-6153D9968707}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E8BC2658-83A8-438F-964E-DC57296589AB}] => (Allow) C:\Program Files (x86)\Iminent\Iminent.exe
FirewallRules: [{5F00D13C-3DD3-46E5-AD94-49EC3E3FC6C0}] => (Allow) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
FirewallRules: [{9963149E-FB0B-4CD3-B341-B1A328B502A5}] => (Allow) C:\Program Files (x86)\Shop to Win 27\TroubleShooter.exe
FirewallRules: [{DB711C3F-B931-40CA-93C4-7759F80A118D}] => (Allow) C:\Program Files (x86)\Shop to Win 27\TroubleShooter.exe
FirewallRules: [{4E28972E-DFC2-41A1-AF08-3873D3F9EF9F}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{2295786D-8BF6-4EE1-B259-6B7421DA1662}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{5FB3F097-B203-4209-8147-CA8950F816FA}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{D68E70FB-9828-4F53-B7FB-912B7B953795}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{B1DAB269-24F8-4071-A2FA-678C09504EC4}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{C6BCD018-B98C-4176-853E-B9ACDA60F296}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{C7C0C3AA-3DD0-4184-9610-93084BE99078}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{D92D485D-F75E-470D-9E5E-66F9F17774AE}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [TCP Query User{01AA14C6-2CFA-424E-8128-8617312A271D}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe] => (Block) C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{541BE0E2-4C57-4EDD-B305-2A7BC62638E4}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe] => (Block) C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe
FirewallRules: [TCP Query User{A878D796-D288-461A-AF03-C4CFF1486602}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{4E6EDAC0-1493-44FB-AC4E-59EC07446F47}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{1060618A-674D-498C-A93E-5E0590A10AD0}C:\users\spencer\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Allow) C:\users\spencer\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{6F25701F-B3DD-4660-A71B-62A0FCBEE6C2}C:\users\spencer\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Allow) C:\users\spencer\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [TCP Query User{AC8051E4-9D86-4D4D-A328-F8AB756CBA90}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{0581A6A1-88AA-4BB2-8A85-C8639515DDA9}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{180E7976-52FC-4391-859B-EEA49FA7B010}] => (Allow) C:\Users\Dad\AppData\Local\GCC\Controller.exe
FirewallRules: [TCP Query User{08931254-9EC3-4892-AE33-CFA049DAB9D4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A426D884-22C8-4AE0-AC53-6216CCE74CD1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{CAFB1CCD-12ED-4A6B-B135-228B93988335}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C1CF6A70-8A24-4DDB-8150-CEF269DD65E2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7BB39DB2-1BFA-4E59-9D73-1B05F413E5B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8DCE5CCC-8FA5-4B6A-A1A1-74861C2A6629}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{20553520-2E22-4513-93F1-273637C5F50B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6CC8C43B-A2E2-48D2-87BB-8A6D63CA2183}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{971054D2-675E-4824-A159-B4E08605FC4F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/28/2015 07:33:08 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (07/28/2015 07:31:49 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (07/21/2015 06:18:58 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (07/21/2015 01:50:24 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (07/20/2015 11:50:30 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (07/20/2015 11:49:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (07/20/2015 11:48:07 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (07/20/2015 11:34:28 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (07/20/2015 11:31:56 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (07/20/2015 08:13:44 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

System errors:
=============
Error: (07/28/2015 07:41:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 115.6.0.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (07/28/2015 07:41:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.201.2277.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (07/28/2015 07:41:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.201.2277.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (07/28/2015 07:41:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.201.2277.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (07/28/2015 07:41:47 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (07/28/2015 07:41:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (07/28/2015 07:34:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 115.6.0.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (07/28/2015 07:34:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.201.2277.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (07/28/2015 07:34:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.201.2277.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (07/28/2015 07:34:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.201.2277.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.8.0204.00

 Source Path: 4.8.0204.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Microsoft Office:
=========================

CodeIntegrity Error:
===================================
  Date: 2014-04-01 15:43:32.849
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-01 15:43:32.786
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-01 15:43:32.724
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-01 15:43:32.662
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-01 14:04:48.183
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-01 14:04:48.121
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 58%
Total physical RAM: 4007.98 MB
Available physical RAM: 1655.98 MB
Total Virtual: 8014.17 MB
Available Virtual: 5358.34 MB

==================== Drives ================================

Drive c: (TI106303W0D) (Fixed) (Total:281.52 GB) (Free:174.98 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: B1D21E96)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=281.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.1 GB) - (Type=17)

==================== End of log ============================


  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :) I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
  • Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.
I hope you keep in mind these reminders. Let's get to work! :thumbsup:
  • Step 1

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    CloseProcesses:
    EmptyTemp:
    
    R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-07-15] (Enigma Software Group USA, LLC.)
    S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-07-15] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-07-15] (
    IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
    IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
    Task: {EC6E9A8A-AD51-48ED-ABAF-00C512A00579} - \EPUpdater No Task File <==== ATTENTION
    Task: {EE8C4C16-54CC-4F62-B308-E912116F2838} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-07-15] (Enigma Software Group USA, LLC.)
    Task: {F159397C-A597-499A-95B9-03D9FA806E8F} - \iWebar-enabler No Task File <==== ATTENTION
    Task: {F2144DF2-940E-441E-A6A2-B67F8B8A100F} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
    Task: {CEA497F7-8077-4CA4-A9D4-4584496F5F5C} - \AmiUpdXp No Task File <==== ATTENTION
    Task: {DE98CE31-8674-4042-9C46-8814797156F8} - \Updater26278.exe No Task File <==== ATTENTION
    Task: {E46123AB-0235-4EB8-B63D-1C8D5A2E7B5E} - \Dealply No Task File <==== ATTENTION
    Task: {5763F4F5-57C1-41CB-BB35-74D776753975} - \RegClean Pro No Task File <==== ATTENTION
    Task: {69A0F68A-EAE2-43AE-8812-7E4FD6F40404} - \Funmoods No Task File <==== ATTENTION
    Task: {7D957EA3-C287-4F7C-BDC0-D15C11C46DE7} - \iWebar-codedownloader No Task File <==== ATTENTION
    Task: {977CE999-149C-4B05-804D-E8BFD5DF28B9} - \Advanced System Protector_startup No Task File <==== ATTENTION
    Task: {9D24A265-E37F-4EE3-817F-E9260F4C30BF} - \iWebar-updater No Task File <==== ATTENTION
    Task: {B0F49BFF-E753-41D6-82D7-C3FF10088E1B} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {BE657BB7-1A28-4212-9083-C5B3D8CEB3C3} - System32\Tasks\{934354F8-379E-4195-83E6-B24284286D69} => pcalua.exe -a "C:\Program Files (x86)\YTDownloader\YTDUninstall.exe"
    Task: {189240AE-E38D-41BE-B6F8-B3429C122F3E} - \iWebar-chromeinstaller No Task File <==== ATTENTION
    Task: {1A7919E5-15D2-463D-9A7A-B2F3D604DBAE} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
    Task: {3050439D-087A-4D89-B172-A074AD3C6583} - \iWebar-firefoxinstaller No Task File <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-2532736474-479128405-2498110611-1000_Classes\CLSID\{939A0D04-0E07-48FE-A463-6623B70C3A96}\localserver32 -> "C:\Users\Dad\AppData\Local\Conduit\ValueApps\IE\64\ValueApps.exe" No File
    C:\Users\Dad\AppData\Local\Conduit
    2015-06-08 13:45 - 2015-06-21 15:54 - 0000024 _____ () C:\Users\Dad\AppData\Roaming\appdataFr25.bin
    2015-04-23 19:00 - 2015-05-12 19:23 - 0000020 _____ () C:\Users\Dad\AppData\Roaming\appdataFr3.bin
    2015-07-15 19:04 - 2015-03-27 16:59 - 00000000 ____D C:\Program Files (x86)\IndepthFunc
    2015-07-20 20:44 - 2015-03-27 16:56 - 00000000 ____D C:\ProgramData\{3d0b09bd-2b90-6605-3d0b-b09bd2b926f4}
    2015-07-28 21:19 - 2015-04-16 21:14 - 00000000 ____D C:\ProgramData\coupcoup
    2015-07-28 21:19 - 2015-04-01 21:24 - 00000000 ____D C:\ProgramData\BlockIt Ad remover
    2015-07-28 21:19 - 2013-02-25 17:37 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Funmoods
    2015-07-15 19:01 - 2015-07-20 17:57 - 00000024 _____ C:\Users\Spencer\AppData\Roaming\appdataFr25.bin
    2015-07-15 19:44 - 2015-07-15 19:44 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
    2015-07-15 19:44 - 2015-07-15 19:44 - 00000000 ____D C:\Program Files\Enigma Software Group
    2015-07-15 19:39 - 2015-07-15 19:41 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Spencer\Desktop\SpyHunter-Installer.exe
    2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 ____D C:\sh4ldr
    2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 _____ C:\autoexec.bat
    2015-07-15 19:45 - 2015-07-15 19:45 - 00003330 _____ C:\windows\System32\Tasks\SpyHunter4Startup
    2015-07-15 19:45 - 2015-07-15 19:45 - 00001098 _____ C:\Users\Spencer\Desktop\SpyHunter.lnk
    2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Enigma Software Group
    2015-07-15 20:29 - 2015-07-15 20:29 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\java
    2015-07-16 15:45 - 2015-07-20 20:14 - 00000000 ____D C:\Program Files (x86)\TampaEdit
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
    S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
    C:\Program Files\Enigma Software Group
    FF user.js: detected! => C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\my844vf8.default\user.js [2014-04-01]
    Toolbar: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.aol....kusaolp00000800
    HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
    SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
    SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
    SearchScopes: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> DefaultScope {CB664957-89B6-478F-AD5E-1E4AFE3D4EB0} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
    SearchScopes: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> {CB664957-89B6-478F-AD5E-1E4AFE3D4EB0} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
    SearchScopes: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    
    RemoveProxy:
    CMD: bitsadmin /reset /allusers
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Read the Terms of Use and click I Agree.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Run your copy of FRST by double-clicking it.
    • Put a check on Addition.
    • Press the Scan button after.
    • It will produce FRST.txt and Addition.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)
    • fixlog.txt (Farbar Recovery Scan Tool)
    • AdwCleaner[S*].txt (AdwCleaner)
    • JRT.txt (Junkware Removal Tool)

  • 0

#3
Missemily

Missemily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

okay they may not be in order - I do apologize for that.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by Spencer on Wed 07/29/2015 at 20:12:31.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271159}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271159}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}

 

~~~ Files

Successfully deleted: [File] C:\Users\Spencer\AppData\Roaming\appdataFr3.bin
Successfully deleted: [File] C:\Users\Spencer\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
Successfully deleted: [File] C:\Users\Spencer\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
Successfully deleted: [File] C:\Users\Spencer\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\Spencer\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage-journal

 

~~~ Folders

Successfully deleted: [Folder] C:\Users\Spencer\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Spencer\Appdata\Local\freefileviewer
Successfully deleted: [Folder] C:\Users\Spencer\Appdata\Local\stronghold_llc
Successfully deleted: [Folder] C:\Users\Spencer\AppData\Roaming\freefileviewer
Successfully deleted: [Folder] C:\windows\SysWOW64\ai_recyclebin
Successfully deleted: [Folder] C:\Users\Spencer\Appdata\LocalLow\FCTB000100565

 

~~~ Chrome

[C:\Users\Spencer\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Spencer\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Spencer\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Spencer\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  ogminpmldncgcmokldnmmapddoccmhfl
]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/29/2015 at 20:20:12.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#4
Missemily

Missemily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

# AdwCleaner v4.208 - Logfile created 29/07/2015 at 19:52:16
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dad - DAD-PC
# Running from : C:\Users\Dad\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\{62dfa8a2-7092-77a5-62df-fa8a2709a289}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\24x7 help
Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Dad\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Dad\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Dad\AppData\Roaming\Strongvault
Folder Deleted : C:\Users\Dad\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Dad\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Spencer\VideoConverter
Folder Deleted : C:\Users\Spencer\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Spencer\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Spencer\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Spencer\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Spencer\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\Spencer\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Spencer\AppData\LocalLow\YahooCouponAddOn
Folder Deleted : C:\Users\Spencer\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Spencer\AppData\Roaming\DSite
Folder Deleted : C:\Users\Spencer\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Spencer\AppData\Roaming\Systweak
File Deleted : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lonndllmbldmmoefheenkmgkencnkdkh_0
File Deleted : C:\windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\Users\Dad\daemonprocess.txt
File Deleted : C:\Users\Dad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk
File Deleted : C:\Users\Spencer\AppData\Roaming\WBPU-TTL.DAT
File Deleted : C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_slender.en.softonic.com_0.localstorage-journal
File Deleted : C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_slender.en.softonic.com_0.localstorage
File Deleted : C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Deleted : C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.claro-search.com_0.localstorage
File Deleted : C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.claro-search.com_0.localstorage-journal
File Deleted : C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_zdaemon.en.softonic.com_0.localstorage
File Deleted : C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_zdaemon.en.softonic.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : Installer_shopperpro

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
Key Deleted : HKCU\Software\5a4d88de139eb41
Key Deleted : HKLM\SOFTWARE\5a4d88de139eb41
Key Deleted : HKLM\SOFTWARE\daac8ebf-cfa5-22b1-7dc0-877266e1de38
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f988423}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222492202}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322552210}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0207057-3461-4F7F-B689-D016B7A03964}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A75ACCCD-3CC9-4865-8BE3-F523FDA2164F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255495502}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355555510}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266496602}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556610}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{10F67E56-58A9-4A52-A48A-A28A75FF9FBB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E52324B-66BF-44AE-A8C5-2DB48E90E729}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A63C49A5-6CC1-4579-A883-AE6B3E91108D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322552210}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0207057-3461-4F7F-B689-D016B7A03964}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A75ACCCD-3CC9-4865-8BE3-F523FDA2164F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255495502}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355555510}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266496602}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556610}
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Umbrella
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Video Converter
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53B21E29-3967-C332-57EB-C02631658584}
Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E685771E24E83F4381D1DB5A45F7B41
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inst.shoppingate.info
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoppingate.info

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909

-\\ Mozilla Firefox v

[tx3p8x6d.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[tx3p8x6d.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
[tx3p8x6d.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[tx3p8x6d.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[tx3p8x6d.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[tx3p8x6d.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

-\\ Google Chrome v43.0.2357.134

[C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : blaofbhgbmeikidhlkmjhbkbfohpgekf
[C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : jifflliplgeajjdhmkcfnngfpgbjonjg
[C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www-search.net/search.aspx?s=DCJzadk1,4269f242-446c-4b04-92c6-f04065a8c1b5,&q={searchTerms}
[C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.iminent.com/?appId=D463BFD6-FF14-4F98-AF2B-64169DD54F5D&ref=toolbox&q={searchTerms}
[C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=IFCAB4B2F-59F9-46FF-B859-E136A834129B&SearchSource=58&CUI=&UM=8&UP=SP8E76C6C3-5A04-4BFB-8155-0378FFB992DF&q={searchTerms}&D=042515&SSPV=
[C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=2440&r=2015/07/16&hid=6283853610733993301&lg=EN&cc=US&unqvl=90

*************************

AdwCleaner[R0].txt - [43420 bytes] - [29/07/2015 19:50:43]
AdwCleaner[S0].txt - [42956 bytes] - [29/07/2015 19:52:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [43016  bytes] ##########


  • 0

#5
Missemily

Missemily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Dad (administrator) on DAD-PC (28-07-2015 22:23:36)
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad (Available Profiles: Dad & Spencer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\UBIOS\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [{90120000-006E-0409-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.aol....kusaolp00000800
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> DefaultScope {CB664957-89B6-478F-AD5E-1E4AFE3D4EB0} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> {CB664957-89B6-478F-AD5E-1E4AFE3D4EB0} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
Toolbar: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1B827D15-FF15-44C1-A591-D3024231EAB3}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\my844vf8.default
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\my844vf8.default\user.js [2014-04-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-20]

Chrome:
=======
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-08]
CHR Extension: (Google Wallet) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R2 GFNEXSrv; c:\UBIOS\GFNEXSrv.exe [133640 2010-04-23] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-29] (Electronic Arts)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-07-15] (Enigma Software Group USA, LLC.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software)
S3 ElgatoGC656Y; C:\Windows\System32\Drivers\ElgatoGC656.sys [94440 2014-07-07] (UB658)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-07-15] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-07-15] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-02-18] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 22:11 - 2015-07-28 22:11 - 00347816 _____ (Microsoft Corporation) C:\Users\Dad\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.1361570257214392.1.1.Run.exe
2015-07-28 20:40 - 2015-07-28 21:33 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-28 20:40 - 2015-07-28 20:40 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-28 20:40 - 2015-07-28 20:40 - 00001073 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-28 20:40 - 2015-07-28 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-28 20:40 - 2015-07-28 20:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-28 20:40 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-28 20:40 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-28 20:40 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-28 20:36 - 2015-07-28 20:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Dad\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-28 19:51 - 2015-07-28 19:52 - 00038517 _____ C:\Users\Dad\Desktop\Addition.txt
2015-07-28 19:50 - 2015-07-28 22:23 - 00016784 _____ C:\Users\Dad\Desktop\FRST.txt
2015-07-28 19:50 - 2015-07-28 22:23 - 00000000 ____D C:\FRST
2015-07-28 19:49 - 2015-07-28 19:49 - 02146816 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe
2015-07-28 19:48 - 2015-07-28 19:48 - 02146816 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe
2015-07-21 06:33 - 2015-07-21 06:33 - 00002226 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-21 06:33 - 2015-07-21 06:33 - 00002226 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2015-07-21 06:33 - 2015-07-21 06:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-21 06:32 - 2015-07-28 22:06 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-21 06:32 - 2015-07-28 20:37 - 00000900 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-21 06:32 - 2015-07-21 06:32 - 00003896 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-21 06:32 - 2015-07-21 06:32 - 00003644 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-20 23:51 - 2015-07-20 23:51 - 00000000 ____D C:\Users\Dad\AppData\Roaming\AVAST Software
2015-07-20 20:03 - 2015-07-28 19:46 - 00000000 ___SD C:\windows\system32\GWX
2015-07-20 20:03 - 2015-07-20 20:03 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-07-20 20:03 - 2015-07-20 20:03 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-20 20:03 - 2015-07-20 20:03 - 00000000 ____D C:\windows\system32\appraiser
2015-07-20 19:55 - 2015-01-08 18:44 - 00419936 _____ C:\windows\SysWOW64\locale.nls
2015-07-20 19:55 - 2015-01-08 18:43 - 00419936 _____ C:\windows\system32\locale.nls
2015-07-20 19:48 - 2015-07-09 12:59 - 00017856 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-07-20 19:48 - 2015-07-09 12:58 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 02603008 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 01085440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00765440 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00433664 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-07-20 19:48 - 2015-07-09 12:58 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-07-20 19:48 - 2015-07-09 12:58 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-07-20 19:48 - 2015-07-09 12:58 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-07-20 19:48 - 2015-07-09 12:50 - 01145856 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-07-20 19:48 - 2015-07-09 12:43 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-07-20 19:48 - 2015-07-09 12:43 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-07-20 19:48 - 2015-07-09 12:43 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-07-20 19:48 - 2015-07-09 12:43 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-07-20 19:48 - 2015-07-09 12:42 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-07-20 19:48 - 2015-06-03 15:16 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-07-20 19:48 - 2015-06-03 15:16 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-07-20 19:48 - 2015-05-25 13:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-07-20 19:48 - 2015-05-25 13:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-07-20 19:48 - 2015-05-25 13:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-07-20 19:48 - 2015-05-25 13:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-07-20 19:48 - 2015-05-25 13:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-07-20 19:48 - 2015-05-25 13:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-07-20 19:48 - 2015-05-25 13:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-07-20 19:48 - 2015-05-25 13:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-07-20 19:48 - 2015-05-25 13:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-07-20 19:48 - 2015-05-25 13:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-07-20 19:48 - 2015-05-25 13:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-07-20 19:48 - 2015-05-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-07-20 19:48 - 2015-05-25 13:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-07-20 19:48 - 2015-05-25 13:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 13:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-07-20 19:48 - 2015-05-25 13:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-07-20 19:48 - 2015-05-25 13:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-07-20 19:48 - 2015-05-25 13:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-07-20 19:48 - 2015-05-25 13:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-07-20 19:48 - 2015-05-25 13:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-07-20 19:48 - 2015-05-25 13:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-07-20 19:48 - 2015-05-25 13:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-07-20 19:48 - 2015-05-25 13:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-07-20 19:48 - 2015-05-25 13:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-07-20 19:48 - 2015-05-25 13:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-07-20 19:48 - 2015-05-25 13:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-07-20 19:48 - 2015-05-25 13:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-07-20 19:48 - 2015-05-25 13:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-07-20 19:48 - 2015-05-25 12:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-07-20 19:48 - 2015-05-25 12:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-07-20 19:48 - 2015-05-25 12:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 12:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-07-20 19:48 - 2015-05-25 11:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-07-20 19:48 - 2015-05-25 11:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-07-20 19:48 - 2015-05-25 11:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 11:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-20 19:48 - 2015-05-25 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-20 19:48 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-07-20 19:48 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-07-20 19:47 - 2015-04-27 14:23 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-07-20 19:47 - 2015-04-27 14:23 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-07-20 19:47 - 2015-04-27 14:23 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-07-20 19:47 - 2015-04-27 14:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-07-20 19:47 - 2015-04-27 14:05 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-07-20 19:47 - 2015-04-27 14:04 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-07-20 19:47 - 2015-04-27 14:04 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-07-20 19:47 - 2015-04-27 14:04 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-07-20 19:47 - 2015-04-10 22:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-07-20 19:47 - 2015-03-13 22:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-07-20 19:47 - 2015-03-13 22:21 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-07-20 19:47 - 2015-03-13 22:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-07-20 19:47 - 2015-03-13 22:04 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-07-20 19:47 - 2015-03-03 23:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-07-20 19:47 - 2015-03-03 23:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-07-20 19:47 - 2015-03-03 23:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-07-20 19:47 - 2015-03-03 23:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-07-20 19:47 - 2015-03-03 23:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-07-20 19:47 - 2015-03-03 23:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-07-20 19:47 - 2015-03-03 23:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-07-20 19:45 - 2015-07-20 19:45 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\AVAST Software
2015-07-20 19:44 - 2015-07-20 19:44 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-20 19:44 - 2015-07-20 19:44 - 00001933 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2015-07-20 19:44 - 2015-07-20 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-20 19:42 - 2015-07-20 23:51 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-07-20 19:42 - 2015-07-20 19:41 - 01048856 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2015-07-20 19:42 - 2015-07-20 19:41 - 00447944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2015-07-20 19:42 - 2015-07-20 19:41 - 00274808 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-07-20 19:42 - 2015-07-20 19:41 - 00150160 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-07-20 19:42 - 2015-07-20 19:41 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-07-20 19:42 - 2015-07-20 19:41 - 00090968 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2015-07-20 19:42 - 2015-07-20 19:41 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-07-20 19:42 - 2015-07-20 19:41 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-07-20 19:41 - 2015-07-20 19:41 - 00378880 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-07-20 19:41 - 2015-07-20 19:41 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-07-20 19:37 - 2015-05-09 13:26 - 00493504 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-07-20 19:29 - 2015-07-20 19:29 - 00001436 _____ C:\Users\Spencer\Desktop\Internet Explorer.lnk
2015-07-20 19:20 - 2012-07-18 11:26 - 02097152 ___RH C:\TKBSR.BIN
2015-07-20 19:19 - 2015-07-20 19:19 - 00000000 ____D C:\UBIOS
2015-07-20 18:18 - 2015-07-14 22:19 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-07-20 18:18 - 2015-07-14 22:19 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-07-20 18:18 - 2015-07-14 22:19 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-07-20 18:18 - 2015-07-14 22:19 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-07-20 18:18 - 2015-07-14 21:55 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-07-20 18:18 - 2015-07-14 21:55 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-07-20 18:18 - 2015-07-14 21:55 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-07-20 18:18 - 2015-07-14 21:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-07-20 18:18 - 2015-07-14 20:59 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-07-20 18:18 - 2015-07-14 20:52 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-07-20 17:58 - 2015-07-20 17:58 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-20 17:56 - 2015-07-20 17:56 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online_cnet.exe
2015-07-20 17:56 - 2015-07-20 17:56 - 05481336 _____ (Avast Software s.r.o.) C:\ProgramData\Desktop\avast_free_antivirus_setup_online_cnet.exe
2015-07-20 17:56 - 2015-07-20 17:56 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-16 16:51 - 2015-07-16 16:51 - 00000000 ____D C:\ProgramData\.mono
2015-07-16 16:07 - 2015-07-16 16:07 - 03077905 _____ C:\Users\Spencer\Downloads\forge-1.7.10-10.13.2.1230-installer.jar
2015-07-16 16:02 - 2015-07-04 13:07 - 02087424 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-16 16:02 - 2015-07-04 12:48 - 01414656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-16 15:46 - 2015-07-16 15:46 - 00000000 ____D C:\Users\Spencer\AppData\Local\IsolatedStorage
2015-07-16 15:45 - 2015-07-20 20:14 - 00000000 ____D C:\Program Files (x86)\TampaEdit
2015-07-16 12:15 - 2015-07-16 12:21 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\.minecraft
2015-07-15 20:29 - 2015-07-15 20:29 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\java
2015-07-15 20:23 - 2015-06-25 13:09 - 00389832 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-07-15 20:23 - 2015-06-25 12:43 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-15 20:23 - 2015-06-20 15:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-07-15 20:23 - 2015-06-20 14:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-07-15 20:23 - 2015-06-20 14:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-07-15 20:23 - 2015-06-20 14:49 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-07-15 20:23 - 2015-06-20 14:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-07-15 20:23 - 2015-06-20 14:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-07-15 20:23 - 2015-06-20 14:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-07-15 20:23 - 2015-06-20 14:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-07-15 20:23 - 2015-06-20 14:34 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-07-15 20:23 - 2015-06-20 14:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-07-15 20:23 - 2015-06-20 14:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-07-15 20:23 - 2015-06-20 14:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-07-15 20:23 - 2015-06-20 14:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-07-15 20:23 - 2015-06-20 14:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 20:23 - 2015-06-20 14:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-07-15 20:23 - 2015-06-20 14:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-15 20:23 - 2015-06-20 14:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-15 20:23 - 2015-06-20 13:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-07-15 20:23 - 2015-06-20 13:48 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-07-15 20:23 - 2015-06-20 13:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-07-15 20:23 - 2015-06-20 13:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-07-15 20:23 - 2015-06-20 13:26 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-07-15 20:23 - 2015-06-20 13:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-07-15 20:23 - 2015-06-19 13:25 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-07-15 20:23 - 2015-06-19 13:25 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-07-15 20:23 - 2015-06-19 13:24 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-07-15 20:23 - 2015-06-19 13:24 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-07-15 20:23 - 2015-06-19 13:23 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-07-15 20:23 - 2015-06-19 13:17 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-07-15 20:23 - 2015-06-19 13:16 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-07-15 20:23 - 2015-06-19 13:13 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-07-15 20:23 - 2015-06-19 13:13 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-07-15 20:23 - 2015-06-19 13:03 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-07-15 20:23 - 2015-06-19 12:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 20:23 - 2015-06-19 12:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-07-15 20:23 - 2015-06-19 12:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-15 20:23 - 2015-06-19 12:51 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-15 20:23 - 2015-06-19 12:40 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-07-15 20:23 - 2015-06-19 12:40 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-07-15 20:23 - 2015-06-19 12:39 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-07-15 20:23 - 2015-06-19 12:15 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-07-15 20:23 - 2015-06-19 12:11 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-07-15 20:22 - 2015-07-01 15:56 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-15 20:22 - 2015-07-01 15:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-07-15 20:22 - 2015-07-01 15:49 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-07-15 20:22 - 2015-07-01 15:49 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-07-15 20:22 - 2015-07-01 15:48 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-07-15 20:22 - 2015-07-01 15:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-07-15 20:22 - 2015-07-01 15:47 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-07-15 20:22 - 2015-07-01 15:47 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-07-15 20:22 - 2015-07-01 15:43 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-07-15 20:22 - 2015-07-01 15:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-07-15 20:22 - 2015-07-01 15:39 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-07-15 20:22 - 2015-07-01 15:30 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-07-15 20:22 - 2015-07-01 15:29 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-15 20:22 - 2015-07-01 15:29 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-07-15 20:22 - 2015-07-01 15:29 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-07-15 20:22 - 2015-07-01 15:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-07-15 20:22 - 2015-07-01 15:26 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-07-15 20:22 - 2015-07-01 15:24 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-07-15 20:22 - 2015-07-01 14:27 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-15 20:22 - 2015-07-01 14:26 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-15 20:22 - 2015-07-01 14:26 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-15 20:20 - 2015-07-02 16:21 - 19877376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-07-15 20:20 - 2015-06-26 21:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-07-15 20:20 - 2015-06-26 21:43 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-07-15 20:20 - 2015-06-26 20:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-07-15 20:20 - 2015-06-26 20:39 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-07-15 20:20 - 2015-06-25 03:57 - 03207168 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-07-15 20:20 - 2015-06-17 12:47 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-15 20:20 - 2015-06-17 12:37 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-15 20:20 - 2015-06-09 13:03 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-07-15 20:20 - 2015-06-09 13:03 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 20:20 - 2015-06-01 19:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
2015-07-15 20:20 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
2015-07-15 20:19 - 2015-07-02 16:08 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-07-15 20:19 - 2015-07-02 15:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-07-15 20:19 - 2015-07-02 15:49 - 25193984 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-07-15 20:19 - 2015-07-02 15:46 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-07-15 20:19 - 2015-07-02 15:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-07-15 20:19 - 2015-07-02 15:23 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-07-15 20:19 - 2015-07-02 15:19 - 12855296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-07-15 20:19 - 2015-07-02 15:12 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-07-15 20:19 - 2015-07-02 14:55 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-07-15 20:19 - 2015-07-02 14:20 - 14453248 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-07-15 20:19 - 2015-07-02 13:59 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-07-15 20:19 - 2015-06-15 16:50 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-07-15 20:19 - 2015-06-15 16:45 - 03242496 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-15 20:19 - 2015-06-15 16:45 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-15 20:19 - 2015-06-15 16:45 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-07-15 20:19 - 2015-06-15 16:45 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-07-15 20:19 - 2015-06-15 16:44 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-15 20:19 - 2015-06-15 16:43 - 02364416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-15 20:19 - 2015-06-15 16:43 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-15 20:19 - 2015-06-15 16:43 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2015-07-15 20:19 - 2015-06-15 16:42 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-15 20:19 - 2015-06-15 16:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2015-07-15 20:19 - 2015-06-15 16:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2015-07-15 20:19 - 2015-06-11 12:57 - 06131200 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-07-15 20:19 - 2015-06-11 12:57 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-07-15 20:19 - 2015-06-11 12:57 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-07-15 20:19 - 2015-06-11 12:56 - 07077376 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-07-15 20:19 - 2015-06-11 12:56 - 01057792 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-07-15 20:19 - 2015-06-11 12:56 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-07-15 20:19 - 2015-06-11 08:15 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-07-15 19:45 - 2015-07-15 19:45 - 00003330 _____ C:\windows\System32\Tasks\SpyHunter4Startup
2015-07-15 19:45 - 2015-07-15 19:45 - 00001098 _____ C:\Users\Spencer\Desktop\SpyHunter.lnk
2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Enigma Software Group
2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 ____D C:\sh4ldr
2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 _____ C:\autoexec.bat
2015-07-15 19:44 - 2015-07-15 19:44 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2015-07-15 19:44 - 2015-07-15 19:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-07-15 19:39 - 2015-07-15 19:41 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Spencer\Desktop\SpyHunter-Installer.exe
2015-07-15 19:04 - 2015-07-16 15:45 - 00000000 ____D C:\Program Files (x86)\LiveReader
2015-07-15 19:01 - 2015-07-20 17:57 - 00000024 _____ C:\Users\Spencer\AppData\Roaming\appdataFr25.bin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 22:16 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-28 22:16 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-28 22:14 - 2015-02-16 15:50 - 02051186 _____ C:\windows\WindowsUpdate.log
2015-07-28 22:06 - 2015-02-17 11:59 - 00006686 _____ C:\windows\setupact.log
2015-07-28 22:06 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-28 21:32 - 2015-02-17 09:53 - 00765464 _____ C:\windows\PFRO.log
2015-07-28 21:19 - 2015-04-16 21:14 - 00000000 ____D C:\ProgramData\coupcoup
2015-07-28 21:19 - 2015-04-01 21:24 - 00000000 ____D C:\ProgramData\BlockIt Ad remover
2015-07-28 21:19 - 2013-02-25 17:37 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Funmoods
2015-07-28 19:55 - 2013-03-22 19:52 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Skype
2015-07-28 19:46 - 2014-12-13 15:26 - 00000000 __SHD C:\Users\Dad\AppData\Local\EmieBrowserModeList
2015-07-28 19:46 - 2014-05-03 14:41 - 00000000 __SHD C:\Users\Dad\AppData\Local\EmieUserList
2015-07-28 19:46 - 2014-05-03 14:41 - 00000000 __SHD C:\Users\Dad\AppData\Local\EmieSiteList
2015-07-28 19:46 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2015-07-21 06:33 - 2015-02-18 13:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-21 06:29 - 2009-07-13 22:20 - 00000000 ____D C:\windows\AppCompat
2015-07-21 02:27 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2015-07-20 23:53 - 2009-07-14 00:13 - 00800820 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-20 23:50 - 2015-02-18 13:01 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Apple Computer
2015-07-20 23:32 - 2015-02-18 13:48 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Apple Computer
2015-07-20 20:46 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-20 20:44 - 2015-03-27 16:56 - 00000000 ____D C:\ProgramData\{3d0b09bd-2b90-6605-3d0b-b09bd2b926f4}
2015-07-20 20:20 - 2015-06-08 13:45 - 00000000 ____D C:\Program Files (x86)\VK Switcher
2015-07-20 20:05 - 2015-02-17 09:53 - 00306640 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-20 20:03 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-07-20 20:03 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-07-20 20:02 - 2012-10-05 12:02 - 00002086 _____ C:\windows\epplauncher.mif
2015-07-20 19:18 - 2015-02-18 12:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-20 18:21 - 2012-10-05 15:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-20 18:05 - 2013-08-11 10:17 - 00000000 ____D C:\windows\system32\MRT
2015-07-20 17:55 - 2015-02-17 14:56 - 00000000 __SHD C:\Users\Spencer\AppData\Local\EmieBrowserModeList
2015-07-20 17:55 - 2014-09-04 21:58 - 00000000 __SHD C:\Users\Spencer\AppData\Local\EmieUserList
2015-07-20 17:55 - 2014-09-04 21:58 - 00000000 __SHD C:\Users\Spencer\AppData\Local\EmieSiteList
2015-07-16 16:22 - 2012-11-27 18:15 - 00000000 ____D C:\Users\Spencer\Desktop\.minecraft
2015-07-16 15:35 - 2013-08-14 10:33 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2015-07-15 20:27 - 2015-01-14 13:02 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-07-15 19:07 - 2014-04-01 16:31 - 00016722 _____ C:\windows\wininit.ini
2015-07-15 19:04 - 2015-03-27 16:59 - 00000000 ____D C:\Program Files (x86)\IndepthFunc
2015-07-05 05:08 - 2010-11-20 22:27 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-07-03 08:43 - 2012-10-05 13:08 - 130333168 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-06-08 13:45 - 2015-06-21 15:54 - 0000024 _____ () C:\Users\Dad\AppData\Roaming\appdataFr25.bin
2015-04-23 19:00 - 2015-05-12 19:23 - 0000020 _____ () C:\Users\Dad\AppData\Roaming\appdataFr3.bin
2014-03-31 07:08 - 2014-03-31 07:08 - 0000035 _____ () C:\Users\Dad\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\temp\setacl.exe
C:\Users\Spencer\AppData\Local\temp\dllnt_dump.dll
C:\Users\Spencer\AppData\Local\temp\jre-8u45-windows-au.exe
C:\Users\Spencer\AppData\Local\temp\jre-8u51-windows-au.exe
C:\Users\Spencer\AppData\Local\temp\setacl.exe
C:\Users\Spencer\AppData\Local\temp\xm8asgh3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-21 02:19

==================== End of log ============================


  • 0

#6
Missemily

Missemily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Dad (2015-07-29 20:37:17)
Running from C:\Users\Dad\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2532736474-479128405-2498110611-500 - Administrator - Disabled)
Dad (S-1-5-21-2532736474-479128405-2498110611-1000 - Administrator - Enabled) => C:\Users\Dad
Guest (S-1-5-21-2532736474-479128405-2498110611-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2532736474-479128405-2498110611-1003 - Limited - Enabled)
Spencer (S-1-5-21-2532736474-479128405-2498110611-1001 - Administrator - Enabled) => C:\Users\Spencer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC Universe Online Live (HKU\S-1-5-21-2532736474-479128405-2498110611-1000\...\SOE-DC Universe Online Live) (Version: - Sony Online Entertainment)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Iminent (x32 Version: 5.50.21.0 - Iminent) Hidden <==== ATTENTION
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{63227E62-F417-497E-9060-22B3A9A52D7A}) (Version: 1.0.1.0 - Mojang)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6410 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0014 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0006 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.7 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

20-07-2015 19:39:08 Removed Google Chrome
20-07-2015 19:48:49 Windows Update
28-07-2015 20:03:37 Windows Update
29-07-2015 20:12:36 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-02-18 09:59 - 00000000 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3C1A4D24-E190-4777-942E-0C728EAEDE97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-21] (Google Inc.)
Task: {C1F94B9D-35FD-44A3-BD3C-350C95895A6E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CA7EF5D6-16C7-4078-B35E-5794C26F73A1} - System32\Tasks\{D2057F98-863E-40F4-AD44-CA19CAA3F940} => Chrome.exe http://ui.skype.com/...all?page=tsMain
Task: {E50EB9F3-6C98-4FAE-B087-509407C29A10} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {EB6629B8-8347-4A72-B06E-1C76E79BF732} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 14:13 - 2011-08-31 14:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-06-09 23:09 - 2011-06-09 23:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-07-20 19:41 - 2015-07-20 19:41 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 19:41 - 2015-07-20 19:41 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-29 19:09 - 2015-07-29 19:09 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15072900\algo.dll
2015-07-20 19:41 - 2015-07-20 19:41 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WUAUSERV => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2532736474-479128405-2498110611-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2015 08:31:54 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (07/29/2015 08:12:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2532736474-479128405-2498110611-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {01ecadf5-4e0b-4a1e-93bb-1baf551075ff}

Error: (07/29/2015 07:56:56 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/29/2015 07:56:56 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/29/2015 07:55:38 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (07/29/2015 07:54:10 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (07/29/2015 07:41:09 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (07/29/2015 07:39:10 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (07/29/2015 07:09:55 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (07/29/2015 07:08:53 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.


System errors:
=============
Error: (07/29/2015 08:13:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).

Error: (07/29/2015 08:13:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/29/2015 08:13:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/29/2015 08:13:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA HDD SSD Alert Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/29/2015 08:13:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly. It has done this 1 time(s).

Error: (07/29/2015 08:13:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/29/2015 08:13:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).

Error: (07/29/2015 08:13:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/29/2015 08:13:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA Power Saver service terminated unexpectedly. It has done this 1 time(s).

Error: (07/29/2015 08:13:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================

CodeIntegrity:
===================================
Date: 2014-04-01 15:43:32.849
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-01 15:43:32.786
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-01 15:43:32.724
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-01 15:43:32.662
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-01 14:04:48.183
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-01 14:04:48.121
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 4007.98 MB
Available physical RAM: 1986.14 MB
Total Virtual: 8014.17 MB
Available Virtual: 5913.27 MB

==================== Drives ================================

Drive c: (TI106303W0D) (Fixed) (Total:281.52 GB) (Free:175.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: B1D21E96)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=281.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.1 GB) - (Type=17)

==================== End of log ============================
  • 0

#7
Missemily

Missemily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Dad (2015-07-29 19:22:10) Run:1
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad (Available Profiles: Dad & Spencer)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
EmptyTemp:

R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-07-15] (Enigma Software Group USA, LLC.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-07-15] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-07-15] (
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
Task: {EC6E9A8A-AD51-48ED-ABAF-00C512A00579} - \EPUpdater No Task File <==== ATTENTION
Task: {EE8C4C16-54CC-4F62-B308-E912116F2838} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-07-15] (Enigma Software Group USA, LLC.)
Task: {F159397C-A597-499A-95B9-03D9FA806E8F} - \iWebar-enabler No Task File <==== ATTENTION
Task: {F2144DF2-940E-441E-A6A2-B67F8B8A100F} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {CEA497F7-8077-4CA4-A9D4-4584496F5F5C} - \AmiUpdXp No Task File <==== ATTENTION
Task: {DE98CE31-8674-4042-9C46-8814797156F8} - \Updater26278.exe No Task File <==== ATTENTION
Task: {E46123AB-0235-4EB8-B63D-1C8D5A2E7B5E} - \Dealply No Task File <==== ATTENTION
Task: {5763F4F5-57C1-41CB-BB35-74D776753975} - \RegClean Pro No Task File <==== ATTENTION
Task: {69A0F68A-EAE2-43AE-8812-7E4FD6F40404} - \Funmoods No Task File <==== ATTENTION
Task: {7D957EA3-C287-4F7C-BDC0-D15C11C46DE7} - \iWebar-codedownloader No Task File <==== ATTENTION
Task: {977CE999-149C-4B05-804D-E8BFD5DF28B9} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {9D24A265-E37F-4EE3-817F-E9260F4C30BF} - \iWebar-updater No Task File <==== ATTENTION
Task: {B0F49BFF-E753-41D6-82D7-C3FF10088E1B} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {BE657BB7-1A28-4212-9083-C5B3D8CEB3C3} - System32\Tasks\{934354F8-379E-4195-83E6-B24284286D69} => pcalua.exe -a "C:\Program Files (x86)\YTDownloader\YTDUninstall.exe"
Task: {189240AE-E38D-41BE-B6F8-B3429C122F3E} - \iWebar-chromeinstaller No Task File <==== ATTENTION
Task: {1A7919E5-15D2-463D-9A7A-B2F3D604DBAE} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {3050439D-087A-4D89-B172-A074AD3C6583} - \iWebar-firefoxinstaller No Task File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2532736474-479128405-2498110611-1000_Classes\CLSID\{939A0D04-0E07-48FE-A463-6623B70C3A96}\localserver32 -> "C:\Users\Dad\AppData\Local\Conduit\ValueApps\IE\64\ValueApps.exe" No File
C:\Users\Dad\AppData\Local\Conduit
2015-06-08 13:45 - 2015-06-21 15:54 - 0000024 _____ () C:\Users\Dad\AppData\Roaming\appdataFr25.bin
2015-04-23 19:00 - 2015-05-12 19:23 - 0000020 _____ () C:\Users\Dad\AppData\Roaming\appdataFr3.bin
2015-07-15 19:04 - 2015-03-27 16:59 - 00000000 ____D C:\Program Files (x86)\IndepthFunc
2015-07-20 20:44 - 2015-03-27 16:56 - 00000000 ____D C:\ProgramData\{3d0b09bd-2b90-6605-3d0b-b09bd2b926f4}
2015-07-28 21:19 - 2015-04-16 21:14 - 00000000 ____D C:\ProgramData\coupcoup
2015-07-28 21:19 - 2015-04-01 21:24 - 00000000 ____D C:\ProgramData\BlockIt Ad remover
2015-07-28 21:19 - 2013-02-25 17:37 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Funmoods
2015-07-15 19:01 - 2015-07-20 17:57 - 00000024 _____ C:\Users\Spencer\AppData\Roaming\appdataFr25.bin
2015-07-15 19:44 - 2015-07-15 19:44 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2015-07-15 19:44 - 2015-07-15 19:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-07-15 19:39 - 2015-07-15 19:41 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Spencer\Desktop\SpyHunter-Installer.exe
2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 ____D C:\sh4ldr
2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 _____ C:\autoexec.bat
2015-07-15 19:45 - 2015-07-15 19:45 - 00003330 _____ C:\windows\System32\Tasks\SpyHunter4Startup
2015-07-15 19:45 - 2015-07-15 19:45 - 00001098 _____ C:\Users\Spencer\Desktop\SpyHunter.lnk
2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-07-15 19:45 - 2015-07-15 19:45 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\Enigma Software Group
2015-07-15 20:29 - 2015-07-15 20:29 - 00000000 ____D C:\Users\Spencer\AppData\Roaming\java
2015-07-16 15:45 - 2015-07-20 20:14 - 00000000 ____D C:\Program Files (x86)\TampaEdit
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
C:\Program Files\Enigma Software Group
FF user.js: detected! => C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\my844vf8.default\user.js [2014-04-01]
Toolbar: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.aol....kusaolp00000800
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> DefaultScope {CB664957-89B6-478F-AD5E-1E4AFE3D4EB0} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> {CB664957-89B6-478F-AD5E-1E4AFE3D4EB0} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2532736474-479128405-2498110611-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
*****************

Processes closed successfully.
SpyHunter 4 Service => service removed successfully
esgiguard => service removed successfully
EsgScanner => service removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sndappv2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC6E9A8A-AD51-48ED-ABAF-00C512A00579}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC6E9A8A-AD51-48ED-ABAF-00C512A00579}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE8C4C16-54CC-4F62-B308-E912116F2838}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE8C4C16-54CC-4F62-B308-E912116F2838}" => key removed successfully
C:\Windows\System32\Tasks\SpyHunter4Startup => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F159397C-A597-499A-95B9-03D9FA806E8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F159397C-A597-499A-95B9-03D9FA806E8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iWebar-enabler" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2144DF2-940E-441E-A6A2-B67F8B8A100F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2144DF2-940E-441E-A6A2-B67F8B8A100F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CEA497F7-8077-4CA4-A9D4-4584496F5F5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEA497F7-8077-4CA4-A9D4-4584496F5F5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE98CE31-8674-4042-9C46-8814797156F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE98CE31-8674-4042-9C46-8814797156F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater26278.exe" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E46123AB-0235-4EB8-B63D-1C8D5A2E7B5E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E46123AB-0235-4EB8-B63D-1C8D5A2E7B5E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5763F4F5-57C1-41CB-BB35-74D776753975}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5763F4F5-57C1-41CB-BB35-74D776753975}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69A0F68A-EAE2-43AE-8812-7E4FD6F40404}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69A0F68A-EAE2-43AE-8812-7E4FD6F40404}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7D957EA3-C287-4F7C-BDC0-D15C11C46DE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D957EA3-C287-4F7C-BDC0-D15C11C46DE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iWebar-codedownloader" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{977CE999-149C-4B05-804D-E8BFD5DF28B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{977CE999-149C-4B05-804D-E8BFD5DF28B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D24A265-E37F-4EE3-817F-E9260F4C30BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D24A265-E37F-4EE3-817F-E9260F4C30BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iWebar-updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B0F49BFF-E753-41D6-82D7-C3FF10088E1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0F49BFF-E753-41D6-82D7-C3FF10088E1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE657BB7-1A28-4212-9083-C5B3D8CEB3C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE657BB7-1A28-4212-9083-C5B3D8CEB3C3}" => key removed successfully
C:\Windows\System32\Tasks\{934354F8-379E-4195-83E6-B24284286D69} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{934354F8-379E-4195-83E6-B24284286D69}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{189240AE-E38D-41BE-B6F8-B3429C122F3E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{189240AE-E38D-41BE-B6F8-B3429C122F3E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iWebar-chromeinstaller" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A7919E5-15D2-463D-9A7A-B2F3D604DBAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A7919E5-15D2-463D-9A7A-B2F3D604DBAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3050439D-087A-4D89-B172-A074AD3C6583}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3050439D-087A-4D89-B172-A074AD3C6583}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iWebar-firefoxinstaller" => key removed successfully
"HKU\S-1-5-21-2532736474-479128405-2498110611-1000_Classes\CLSID\{939A0D04-0E07-48FE-A463-6623B70C3A96}" => key removed successfully
"C:\Users\Dad\AppData\Local\Conduit" => File/Folder not found.
C:\Users\Dad\AppData\Roaming\appdataFr25.bin => moved successfully.
C:\Users\Dad\AppData\Roaming\appdataFr3.bin => moved successfully.
C:\Program Files (x86)\IndepthFunc => moved successfully.
C:\ProgramData\{3d0b09bd-2b90-6605-3d0b-b09bd2b926f4} => moved successfully.
C:\ProgramData\coupcoup => moved successfully.
C:\ProgramData\BlockIt Ad remover => moved successfully.
C:\Users\Dad\AppData\Roaming\Funmoods => moved successfully.
C:\Users\Spencer\AppData\Roaming\appdataFr25.bin => moved successfully.
C:\windows\system32\Drivers\EsgScanner.sys => moved successfully.
C:\Program Files\Enigma Software Group => moved successfully.
C:\Users\Spencer\Desktop\SpyHunter-Installer.exe => moved successfully.
C:\sh4ldr => moved successfully.
C:\autoexec.bat => moved successfully.
"C:\windows\System32\Tasks\SpyHunter4Startup" => File/Folder not found.
C:\Users\Spencer\Desktop\SpyHunter.lnk => moved successfully.
C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter => moved successfully.
C:\Users\Spencer\AppData\Roaming\Enigma Software Group => moved successfully.
C:\Users\Spencer\AppData\Roaming\java => moved successfully.
C:\Program Files (x86)\TampaEdit => moved successfully.
AppMgmt => service removed successfully
gfiark => service removed successfully
gfiutil => service removed successfully
"C:\Program Files\Enigma Software Group" => File/Folder not found.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\my844vf8.default\user.js => moved successfully.
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}" => key removed successfully
HKCR\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}" => key removed successfully
HKCR\Wow6432Node\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} => key not found.
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2532736474-479128405-2498110611-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB664957-89B6-478F-AD5E-1E4AFE3D4EB0}" => key removed successfully
HKCR\CLSID\{CB664957-89B6-478F-AD5E-1E4AFE3D4EB0} => key not found.
"HKU\S-1-5-21-2532736474-479128405-2498110611-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}" => key removed successfully
HKCR\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2532736474-479128405-2498110611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {4E448082-B8AE-4F05-80D7-D949CFDE9FB3}.
Unable to cancel {43D33A3E-153F-422B-A257-166396D23E38}.
Unable to cancel {28DFFC77-260C-4070-9C43-42B74BB92A88}.
Unable to cancel {5A35EE0D-F258-4E69-A87C-555946C558A6}.
{EE00D49F-A615-48F1-9B15-E0C00A88A077} canceled.
{2AF6CDAF-A367-4678-B875-580F8DEE551A} canceled.
{F6421831-C8F7-459E-9DBD-E8D5A74F7F96} canceled.
{A70D3490-CA8C-4661-AF9E-8EC9F314ACFC} canceled.
{D681E888-A671-479E-9584-D681D4214889} canceled.
{3A512627-75F0-453D-A48A-A999CE79A64E} canceled.
6 out of 10 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========

EmptyTemp: => 1.5 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 19:22:46 ====
  • 0

#8
Missemily

Missemily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
It seems the computer is back to it's usual self, unfortunately it is leaving today to go back home with it's owner.

My son thanks you for taking the time to help him get his dad's computer fixed.

If there is anything more that needs to be done other than a another good lecture about downloading programs that you don't know what they are and about never turning off the antivirus to do so, please reply and I will work with his dad to get it done.

Thanks :)
  • 0

#9
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
That sounds good to hear! I actually needed fresh FRST logs to see whether we have already cleaned everything... you seem to have accidentally posted the old ones. If you can generate new ones for me, that would be great. :)
  • 0

#10
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Since this issue appears to be resolved, this topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a new topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP