erinpaige Posted July 18, 2014 ID:854211 Share Posted July 18, 2014 Can someone please help me? We have lots of chrome.exe*32 and other .exe*32. I've downloaded AVG and Malwarebytes that looked like they got rid of some things but it is still on all the processes and every time we connect through the internet through our cable wi-fi it slows everything waaay down. Funnily enough, we can connect through our verizon jetpack with no problem, even though all the .exe*32s still show up. Can someone help? My next step is to save everything to discs and wipe it clean to factory settings. Link to post Share on other sites More sharing options...
erinpaige Posted July 20, 2014 Author ID:855552 Share Posted July 20, 2014 Is anyone able to help me with this? I can't get rid of the malware. Please offer assistance. Thanks so much! Link to post Share on other sites More sharing options...
deeprybka Posted July 21, 2014 ID:855777 Share Posted July 21, 2014 Hi & My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1 Please run a FRST scan. This will help us diagnose your problem. Please download Farbar Recovery Scan Tool and save it to your Desktop. (If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply. Link to post Share on other sites More sharing options...
erinpaige Posted July 21, 2014 Author ID:855977 Share Posted July 21, 2014 Log from FRST: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014Ran by Owner at 2014-07-21 19:41:42Running from C:\Users\Owner\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) HiddenAdobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC)Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) HiddenApple Application Support (HKLM-x32\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)Ask Toolbar for Epson (HKLM-x32\...\{45504E56-3634-006A-76A7-A758B70C0A06}) (Version: 12.10.6.5424 - APN, LLC) <==== ATTENTIONAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)ATI Catalyst Install Manager (HKLM\...\{5792CD64-61B4-C448-0D22-3C51DD73AB2A}) (Version: 3.0.765.0 - ATI Technologies, Inc.)AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4744 - AVG Technologies)AVG 2014 (Version: 14.0.3986 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4744 - AVG Technologies) HiddenAVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.1.0.6 - AVG Technologies)Best Buy pc app (Version: 3.0.0.0 - Best Buy) HiddenBonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) HiddenCatalyst Control Center Core Implementation (x32 Version: 2010.0315.1050.17562 - ATI) HiddenCatalyst Control Center Graphics Full Existing (x32 Version: 2010.0315.1050.17562 - ATI) HiddenCatalyst Control Center Graphics Full New (x32 Version: 2010.0315.1050.17562 - ATI) HiddenCatalyst Control Center Graphics Light (x32 Version: 2010.0315.1050.17562 - ATI) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2010.0315.1050.17562 - ATI) HiddenCatalyst Control Center Graphics Previews Vista (x32 Version: 2010.0315.1050.17562 - ATI) HiddenCatalyst Control Center InstallProxy (x32 Version: 2010.0315.1050.17562 - ATI Technologies, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2010.0315.1050.17562 - ATI) HiddenCCC Help Chinese Standard (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Chinese Traditional (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Czech (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Danish (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Dutch (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help English (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Finnish (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help French (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help German (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Greek (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Hungarian (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Italian (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Japanese (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Korean (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Norwegian (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Polish (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Portuguese (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Russian (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Spanish (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Swedish (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Thai (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Turkish (x32 Version: 2010.0315.1049.17562 - ATI) Hiddenccc-core-static (x32 Version: 2010.0315.1050.17562 - ATI) Hiddenccc-utility64 (Version: 2010.0315.1050.17562 - ATI) HiddenCisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDiamond Mind Baseball version 10 (HKLM-x32\...\Diamond Mind Baseball version 10) (Version: 10 - Diamond Mind, Inc.)DMB version 10a patch (HKLM-x32\...\DMB version 10a patch) (Version: 10a - Diamond Mind, Inc.)Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.0.0 - SEIKO EPSON CORPORATION)Epson Event Manager (HKLM-x32\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddeniTunes (HKLM\...\{18155797-EF2E-4699-9A16-FE787C4C10DB}) (Version: 10.2.2.14 - Apple Inc.)Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLabel@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) HiddenLeapFrog My Pals Plugin (x32 Version: 4.2.9.15649 - LeapFrog) HiddenLeapFrog Tag Junior Plugin (x32 Version: 4.2.9.15649 - LeapFrog) HiddenLexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version: - Lexmark International, Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MotoHelper 2.1.40 Driver 5.5.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.40 - Motorola)MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) HiddenMotorola Mobile Drivers Installation 5.5.0 (Version: 5.5.0 - Motorola Inc.) HiddenMozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0011 - Realtek)Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.1.0.0 - Shutterfly, Inc.)Shutterfly Express Uploader (x32 Version: 1.1.0 - Shutterfly, Inc.) HiddenSkype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)Software Updater (HKLM-x32\...\{A3B308B9-BE96-4334-816F-3D82B19A7DE2}) (Version: 4.1.7 - SEIKO EPSON CORPORATION)TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)Toshiba Book Place (HKLM-x32\...\{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}) (Version: 2.0.3977.0 - K-NFB Reading Technology, Inc.)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)TOSHIBA Bulletin Board (Version: 1.6.06.64 - TOSHIBA Corporation) HiddenTOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.7.64 - TOSHIBA Corporation)TOSHIBA eco Utility (Version: 1.2.7.64 - TOSHIBA Corporation) HiddenTOSHIBA eco Utility (x32 Version: 1.2.7.64 - TOSHIBA Corporation) HiddenTOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) HiddenTOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.03.02.00 - )TOSHIBA Hardware Setup (Version: 4.03.02.00 - TOSHIBA) HiddenTOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) HiddenTOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) HiddenTOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.05.64 - TOSHIBA Corporation)TOSHIBA ReelTime (Version: 1.6.05.64 - TOSHIBA Corporation) HiddenTOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.03.02.00 - )TOSHIBA Supervisor Password (Version: 4.03.02.00 - TOSHIBA) HiddenTOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.2.64 - TOSHIBA Corporation)TOSHIBA Value Added Package (Version: 1.3.2.64 - TOSHIBA Corporation) HiddenTOSHIBA Value Added Package (x32 Version: 1.3.2.64 - TOSHIBA Corporation) HiddenTOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version: - LeapFrog)Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version: - LeapFrog)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)VMware View Client (HKLM\...\{70C29540-5625-443D-BC4F-6D0C763F44C8}) (Version: 4.6.0.366101 - VMware, Inc.)War2Combat version 3.15 (HKLM-x32\...\War2Combat_is1) (Version: 3.15 - War2 RU Admins)Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.7 - HTC) ==================== Restore Points ========================= 07-07-2014 04:29:19 Windows Update11-07-2014 01:12:14 Windows Update11-07-2014 03:49:09 Windows Update12-07-2014 06:11:40 Windows Update12-07-2014 17:03:00 Windows Update13-07-2014 21:17:23 Windows Update14-07-2014 04:15:32 Windows Update15-07-2014 04:38:48 Windows Update16-07-2014 01:04:02 Windows Update16-07-2014 02:12:14 Installed AVG 201416-07-2014 02:12:57 Installed AVG 201416-07-2014 04:53:11 Windows Update17-07-2014 04:14:32 Windows Update19-07-2014 01:39:41 Windows Update19-07-2014 02:52:42 Windows Update20-07-2014 05:34:22 Windows Update21-07-2014 04:30:38 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2011-05-22 17:05 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0409A1E2-BA6C-4984-A381-A3C11819B00F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19] (Google Inc.)Task: {17D15337-C682-45C1-8CF4-F854DB3D8155} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)Task: {2651E268-08E9-40E0-81E6-3DA7A21737B9} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()Task: {3702F7EB-6DA3-41FE-A05D-BB46C1DC5E12} - System32\Tasks\EPSON XP-310 Series Update {0B27C824-AF46-476A-B592-12B2DD9EAFF4} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {3A1B607A-5A60-4E97-B856-1E516335CAAF} - System32\Tasks\EPSON XP-310 Series Update {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {460A3B3F-80BA-44B7-9A6E-15377179A22C} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()Task: {6F676728-0A6D-4512-B4AD-95E5426FF69D} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()Task: {70036A4B-A5E3-4584-BE0E-A492CD5324BC} - System32\Tasks\EPSON XP-310 Series Invitation {0B27C824-AF46-476A-B592-12B2DD9EAFF4} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {85AD9731-CA23-4080-B1B0-E5A7F83722A1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)Task: {86EF6F4E-C5EE-4642-8098-68B98D001686} - System32\Tasks\EPSON XP-310 Series Invitation {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {A142736D-435A-4730-A8E0-F3F7BF2D290E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-18] (Google Inc.)Task: {A46E0F6D-CAFB-4C8C-BC23-F5FDC74EA0F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-18] (Google Inc.)Task: {D24E8ED2-CF1C-49CA-B723-2018802C22CD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19] (Google Inc.)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\EPSON XP-310 Series Invitation {0B27C824-AF46-476A-B592-12B2DD9EAFF4}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXETask: C:\windows\Tasks\EPSON XP-310 Series Invitation {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXETask: C:\windows\Tasks\EPSON XP-310 Series Update {0B27C824-AF46-476A-B592-12B2DD9EAFF4}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXETask: C:\windows\Tasks\EPSON XP-310 Series Update {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXETask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-02-01 17:55 - 2012-02-01 17:55 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe2010-03-03 17:15 - 2010-03-03 17:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll2009-11-03 16:26 - 2009-11-03 16:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll2010-03-03 17:15 - 2010-03-03 17:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll2010-03-03 17:15 - 2010-03-03 17:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll2010-07-18 21:25 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll2012-02-01 17:55 - 2012-02-01 17:55 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe2014-07-17 20:17 - 2014-07-17 20:16 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe2013-12-08 18:30 - 2013-11-24 13:56 - 03139072 _____ () C:\Users\Owner\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe2014-07-17 20:17 - 2014-07-17 20:16 - 02575384 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe2009-10-13 13:00 - 2009-10-13 13:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll2010-09-10 07:30 - 2010-09-10 07:30 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2010-02-05 20:44 - 2010-02-05 20:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll2010-11-21 15:07 - 2010-09-22 14:41 - 00539744 _____ () C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\ziptv06.dll2010-11-21 15:07 - 2010-09-22 14:41 - 00419192 _____ () C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\LockBox.dll2014-07-17 20:17 - 2014-07-17 20:16 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\log4cplusU.dll2011-03-21 17:30 - 2011-03-21 17:30 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-07-18 22:24 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll2014-07-18 22:24 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll2014-07-18 22:24 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll2014-07-18 22:24 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll2014-07-18 22:24 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Owner\Downloads\noname (1).eml:OECustomPropertyAlternateDataStreams: C:\Users\Owner\Downloads\noname.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/20/2014 09:14:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (07/20/2014 09:14:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (07/20/2014 00:12:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (07/20/2014 00:12:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (07/19/2014 11:00:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (07/19/2014 11:00:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (07/19/2014 10:19:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (07/19/2014 10:19:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (07/19/2014 09:20:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (07/19/2014 09:20:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. System errors:=============Error: (07/21/2014 00:32:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service. Error: (07/21/2014 00:31:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Windows 7 for x64-based Systems (KB2813430). Error: (07/20/2014 01:35:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Windows 7 for x64-based Systems (KB2813430). Error: (07/18/2014 10:53:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Windows 7 for x64-based Systems (KB2813430). Error: (07/18/2014 09:42:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Windows 7 for x64-based Systems (KB2813430). Error: (07/17/2014 00:15:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service. Error: (07/17/2014 00:15:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Windows 7 for x64-based Systems (KB2813430). Error: (07/16/2014 00:53:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Windows 7 for x64-based Systems (KB2813430). Error: (07/15/2014 09:59:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Ask Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/15/2014 09:04:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Windows 7 for x64-based Systems (KB2813430). Microsoft Office Sessions:=========================Error: (07/20/2014 09:14:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/20/2014 09:14:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: Performance1637070000000000000000000009030000 Error: (07/20/2014 00:12:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/20/2014 00:12:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: Performance1637070000000000000000000009030000 Error: (07/19/2014 11:00:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/19/2014 11:00:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: Performance1637070000000000000000000009030000 Error: (07/19/2014 10:19:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/19/2014 10:19:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: Performance1637070000000000000000000009030000 Error: (07/19/2014 09:20:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/19/2014 09:20:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: Performance1637070000000000000000000009030000 CodeIntegrity Errors:=================================== Date: 2013-11-03 15:53:09.231 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 15:53:09.227 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 15:53:09.222 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 15:53:09.193 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 15:53:09.189 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 15:53:09.184 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 14:29:46.942 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 14:29:46.872 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 14:29:46.807 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 14:29:46.554 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 61%Total physical RAM: 2810.9 MBAvailable physical RAM: 1072.67 MBTotal Pagefile: 5619.98 MBAvailable Pagefile: 3344.73 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (TI105949W0C) (Fixed) (Total:286.57 GB) (Free:184.56 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 4A473AB0)Partition 1: (Active) - (Size=1 GB) - (Type=27)Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=10 GB) - (Type=17) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
erinpaige Posted July 21, 2014 Author ID:855978 Share Posted July 21, 2014 And here is initial one (additional one was pasted first) Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014Ran by Owner (administrator) on OWNER-PC on 21-07-2014 19:40:38Running from C:\Users\Owner\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe( ) C:\Windows\System32\lxczcoms.exe(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe(Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe() C:\Users\Owner\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] => [X]HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-24] (TOSHIBA Corporation)HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe [74408 2009-04-27] (Lexmark International, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)HKLM-x32\...\Run: [ROC_ROC_NT] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NTHKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1801168 2014-03-18] (APN)HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exeHKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2575384 2014-07-17] ()HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-19] (Google Inc.)HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Run: [Amazon Cloud Player] => C:\Users\Owner\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Run: [EPLTarget\P0000000000000001] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: H - H:\TL-Bootstrap.exeHKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: {2b93059a-6353-11e1-b05a-60eb693fb36f} - E:\MotoCastSetup.exe -aHKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: {3e725b56-9181-11e1-b0c8-60eb693fb36f} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exeHKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: {85334b43-42e2-11e0-bb1a-60eb693fb36f} - E:\TL-Bootstrap.exeHKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: {b58712ed-e7e6-11e1-8a36-60eb693fb36f} - E:\MotoCastSetup.exe -aHKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: {b65e6f9d-5b0e-11e2-8603-60eb693fb36f} - F:\iLinker.exeHKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: {dcb488a7-49a1-11e3-82cc-60eb693fb36f} - E:\TL_Bootstrap.exeHKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: {df07aa66-244c-11e2-adb1-60eb693fb36f} - E:\TL-Bootstrap.exeStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50SearchScopes: HKLM - DefaultScope {B70C8C06-E07D-4550-9D57-FBE5D6A57401} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {B70C8C06-E07D-4550-9D57-FBE5D6A57401} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKLM-x32 - DefaultScope {E5DC73B2-E8F0-4185-B056-9BECD5D441B2} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {E5DC73B2-E8F0-4185-B056-9BECD5D441B2} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}SearchScopes: HKCU - {3CA04391-9CA5-4000-8DA5-E1AE9DE85A84} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS407US408SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid=&mid=29f321c6055a47d0ae35b1a22fdb5a9c-be6688d8e3549667a3ad7bbd768f912983e1116d〈=us&ds=AVG&pr=fr&d=&v=&pid=AVG&sg=&sap=dsp&q={searchTerms}SearchScopes: HKCU - {B70C8C06-E07D-4550-9D57-FBE5D6A57401} URL = SearchScopes: HKCU - {E5DC73B2-E8F0-4185-B056-9BECD5D441B2} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.1.0\ViProtocol.dll (AVG Secure Search)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l260stbr.defaultFF DefaultSearchEngine: Conduit SearchFF SelectedSearchEngine: Conduit SearchFF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.1.0\\npsitesafety.dll No FileFF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l260stbr.default\searchplugins\safeguard-secure-search.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xmlFF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpiFF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: =======CHR HomePage: https://mysearch.avg.com?cid={3596CAB4-F10B-454E-B783-355EEC571130}&mid=29f321c6055a47d0ae35b1a22fdb5a9c-be6688d8e3549667a3ad7bbd768f912983e1116d〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-07-17 20:18:21&v=3.1.0.6&pid=wtu&sg=&sap=hp CHR StartupUrls: "https://mysearch.avg.com?cid={3596CAB4-F10B-454E-B783-355EEC571130}&mid=29f321c6055a47d0ae35b1a22fdb5a9c-be6688d8e3549667a3ad7bbd768f912983e1116d〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-07-17 20:18:21&v=3.1.0.6&pid=wtu&sg=&sap=hp" CHR DefaultSearchKeyword: mysearch.avg.comCHR DefaultSearchURL: https://mysearch.avg.com/search?cid={3596CAB4-F10B-454E-B783-355EEC571130}&mid=29f321c6055a47d0ae35b1a22fdb5a9c-be6688d8e3549667a3ad7bbd768f912983e1116d〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-07-17 20:18:21&v=3.1.0.6&pid=wtu&sg=&sap=dsp&q={searchTerms} CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05]CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-05]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-05]CHR Extension: (McAfee Security Scan+) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-21]CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-05]CHR Extension: (Hangouts) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-03-14]CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-05]CHR HKLM-x32\...\Chrome\Extension: [aaaakabcghbhlohjjnonbaadlhlkhaob] - C:\ProgramData\AskPartnerNetwork\Toolbar\EPNV64\CRX\ToolbarCR.crx [2014-04-08] ==================== Services (Whitelisted) ================= R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-18] (APN LLC.)S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R2 lxcz_device; C:\windows\system32\lxczcoms.exe [566192 2007-04-19] ( )R2 lxcz_device; C:\windows\SysWOW64\lxczcoms.exe [537520 2007-04-19] ( )R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [361472 2011-06-13] (Alcatel-Lucent) [File not signed]R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [441344 2011-06-13] (Alcatel-Lucent) [File not signed]S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-01] ()R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed]R2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [1814040 2014-07-17] (AVG Secure Search)R2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe [3872776 2010-09-22] (Webroot Software, Inc. (www.webroot.com)) ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-07-17] (AVG Technologies)S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-07-05] (LeapFrog)S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)R2 ssfmonm; C:\Windows\System32\DRIVERS\ssfmonm.sys [55360 2010-06-17] (Webroot Software, Inc. (www.webroot.com))R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [136224 2010-06-17] (Webroot Software, Inc. (www.webroot.com))S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-21 19:40 - 2014-07-21 19:40 - 02090496 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe2014-07-21 19:36 - 2014-07-21 19:41 - 00026580 _____ () C:\Users\Owner\Downloads\FRST.txt2014-07-21 19:35 - 2014-07-21 19:40 - 00000000 ____D () C:\FRST2014-07-21 19:34 - 2014-07-21 19:34 - 01080320 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe2014-07-20 22:34 - 2014-07-20 22:35 - 01813321 ____N () C:\Users\Owner\Downloads\IBC14_0720.zip2014-07-18 22:05 - 2014-07-18 22:05 - 01780442 ____N () C:\Users\Owner\Downloads\IBC14_0717.zip2014-07-17 20:18 - 2014-07-18 21:42 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar2014-07-17 20:18 - 2014-07-18 21:38 - 00000000 ____D () C:\Users\Owner\AppData\Local\AVG Web TuneUp2014-07-17 20:18 - 2014-07-17 20:16 - 00050464 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys2014-07-17 20:17 - 2014-07-17 20:18 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp2014-07-17 20:17 - 2014-07-17 20:17 - 00000000 ____D () C:\ProgramData\AVG Secure Search2014-07-17 20:17 - 2014-07-17 20:17 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp2014-07-16 22:13 - 2014-07-17 00:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-16 22:12 - 2014-07-17 00:13 - 00000000 ____D () C:\Users\Owner\Desktop\mbar2014-07-16 22:11 - 2014-07-16 22:12 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012 (1).exe2014-07-16 22:09 - 2014-07-16 22:10 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012.exe2014-07-16 20:42 - 2014-07-16 21:50 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-07-16 20:41 - 2014-07-16 20:41 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-16 20:40 - 2014-07-17 20:12 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-07-16 20:40 - 2014-07-16 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-07-16 20:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-07-16 20:39 - 2014-07-16 20:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-07-16 20:38 - 2014-07-16 20:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe2014-07-15 22:15 - 2014-07-15 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG20142014-07-15 22:14 - 2014-07-15 22:15 - 00000000 ____D () C:\ProgramData\AVG20142014-07-15 22:14 - 2014-07-15 22:14 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ___HD () C:\$AVG2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-07-15 22:12 - 2014-07-15 22:12 - 00000000 ____D () C:\Program Files (x86)\AVG2014-07-15 22:04 - 2014-07-15 22:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg20142014-07-15 22:03 - 2014-07-15 22:04 - 04755832 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-07-15 20:42 - 2014-07-15 20:42 - 00119558 _____ () C:\Users\Owner\Downloads\PB Hispanic Chamber FEF Presentation.pptx2014-07-11 23:54 - 2014-07-11 23:56 - 03932522 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (19).zip2014-07-11 21:19 - 2014-07-11 21:19 - 01910719 ____N () C:\Users\Owner\Downloads\IBC14_0710.zip2014-07-10 22:54 - 2014-07-10 22:55 - 03915260 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (18).zip2014-07-10 21:28 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2014-07-10 21:28 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-07-10 21:28 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-07-10 21:28 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-07-10 21:28 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-07-10 21:28 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-07-10 21:28 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-07-10 21:28 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-07-10 21:28 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-07-10 21:28 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-07-10 21:28 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-07-10 21:28 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-07-10 21:28 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-07-10 21:28 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-10 21:28 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-07-10 21:28 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-07-10 21:28 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-07-10 21:28 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-07-10 21:28 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-07-10 21:27 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-07-10 21:27 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-07-10 21:27 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2014-07-10 21:27 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-07-10 21:27 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2014-07-10 21:27 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-07-10 21:27 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-07-10 21:27 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-07-10 21:27 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2014-07-10 21:27 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-07-10 21:27 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-07-10 21:27 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-07-10 21:27 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-07-10 21:27 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-07-10 21:27 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2014-07-10 21:27 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-07-10 21:27 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-07-10 21:27 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-07-10 21:27 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-07-10 21:27 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-07-10 21:27 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-07-10 21:27 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-07-10 21:27 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2014-07-10 21:27 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-07-10 21:27 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-07-10 21:27 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-07-10 21:27 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2014-07-10 21:27 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-07-10 21:27 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-07-10 21:27 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-07-10 21:27 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-07-10 21:27 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-07-10 21:27 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-07-10 21:27 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-07-10 21:27 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2014-07-10 21:27 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-07-10 21:27 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-07-10 21:27 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-07-10 21:27 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-07-10 21:27 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe2014-07-10 21:27 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe2014-07-10 21:27 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-07-10 21:27 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll2014-07-10 21:27 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2014-07-10 21:27 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys2014-07-10 21:23 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2014-07-10 21:23 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll2014-07-10 21:23 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2014-07-09 00:33 - 2014-07-09 00:34 - 03842754 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (17).zip2014-07-08 23:41 - 2014-07-08 23:52 - 46306576 _____ (Installation Program) C:\Users\Owner\Downloads\bapinstaller.exe2014-07-08 23:37 - 2014-07-08 23:38 - 02402624 _____ () C:\Users\Owner\Downloads\VerizonWindowsInstaller.exe2014-07-08 21:19 - 2014-07-08 21:20 - 03841323 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (16).zip2014-07-06 22:26 - 2014-07-06 22:27 - 01785194 ____N () C:\Users\Owner\Downloads\IBC14_0706.zip2014-07-05 22:29 - 2014-07-05 22:29 - 03796636 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (15).zip2014-07-05 22:28 - 2014-07-05 22:29 - 01664392 ____N () C:\Users\Owner\Downloads\America_censored_Yeah.zip2014-07-03 18:24 - 2014-07-03 18:25 - 03799185 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (14).zip2014-07-01 23:01 - 2014-07-01 23:01 - 00015000 _____ () C:\Users\Owner\Downloads\astigersseries.zip2014-06-30 12:43 - 2014-06-30 12:43 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys2014-06-29 23:09 - 2014-06-29 23:09 - 01734337 ____N () C:\Users\Owner\Downloads\IBC14_0629.zip2014-06-28 23:43 - 2014-06-28 23:44 - 03752791 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (13).zip2014-06-28 23:43 - 2014-06-28 23:44 - 03752791 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (12).zip2014-06-26 23:12 - 2014-06-26 23:12 - 03716525 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (11).zip2014-06-26 21:19 - 2014-06-26 21:19 - 01709209 ____N () C:\Users\Owner\Downloads\IBC14_0626.zip2014-06-26 19:03 - 2014-06-26 19:03 - 21579918 _____ () C:\Users\Owner\Downloads\VIDEO0016.mp42014-06-25 21:04 - 2014-06-25 21:13 - 00000000 ____D () C:\Users\Owner\Desktop\erin htc One 20142014-06-25 20:59 - 2014-06-25 21:27 - 00000000 ____D () C:\Users\Owner\Desktop\Lily beginning2014-06-23 22:32 - 2014-06-23 22:33 - 03669818 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (10).zip2014-06-22 20:56 - 2014-06-22 20:56 - 01646446 ____N () C:\Users\Owner\Downloads\IBC14_0622 (1).zip2014-06-22 20:56 - 2014-06-22 20:56 - 01646446 _____ () C:\Users\Owner\Downloads\IBC14_0622.zip2014-06-22 14:50 - 2014-07-08 19:58 - 00000000 ____D () C:\Users\Owner\Desktop\htconem8photos ==================== One Month Modified Files and Folders ======= 2014-07-21 19:41 - 2014-07-21 19:36 - 00026580 _____ () C:\Users\Owner\Downloads\FRST.txt2014-07-21 19:40 - 2014-07-21 19:40 - 02090496 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe2014-07-21 19:40 - 2014-07-21 19:35 - 00000000 ____D () C:\FRST2014-07-21 19:38 - 2010-09-10 07:29 - 01431158 _____ () C:\windows\WindowsUpdate.log2014-07-21 19:34 - 2014-07-21 19:34 - 01080320 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe2014-07-21 19:29 - 2014-03-03 22:55 - 00000911 _____ () C:\windows\Tasks\EPSON XP-310 Series Update {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12}.job2014-07-21 19:29 - 2014-03-03 22:55 - 00000725 _____ () C:\windows\Tasks\EPSON XP-310 Series Invitation {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12}.job2014-07-21 19:29 - 2013-12-13 22:44 - 00000911 _____ () C:\windows\Tasks\EPSON XP-310 Series Update {0B27C824-AF46-476A-B592-12B2DD9EAFF4}.job2014-07-21 19:29 - 2013-12-13 22:44 - 00000725 _____ () C:\windows\Tasks\EPSON XP-310 Series Invitation {0B27C824-AF46-476A-B592-12B2DD9EAFF4}.job2014-07-21 19:29 - 2012-09-03 19:34 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000UA.job2014-07-21 19:29 - 2012-03-30 19:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-07-21 19:29 - 2010-07-18 21:28 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-21 19:29 - 2009-07-14 01:32 - 00000000 ____D () C:\windows\system32\FxsTmp2014-07-21 18:13 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-21 18:13 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-21 18:10 - 2012-10-10 22:04 - 00000000 ____D () C:\ProgramData\MFAData2014-07-21 18:05 - 2011-02-28 00:17 - 00000000 ____D () C:\Temp2014-07-21 18:04 - 2010-07-18 21:28 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-21 18:04 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-07-21 18:04 - 2009-07-14 00:51 - 00119774 _____ () C:\windows\setupact.log2014-07-20 22:39 - 2012-01-29 22:43 - 00000000 ____D () C:\dmb102014-07-20 22:35 - 2014-07-20 22:34 - 01813321 ____N () C:\Users\Owner\Downloads\IBC14_0720.zip2014-07-20 22:32 - 2012-09-03 19:34 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000Core.job2014-07-20 21:14 - 2009-07-14 01:13 - 00006454 _____ () C:\windows\system32\PerfStringBackup.INI2014-07-18 22:05 - 2014-07-18 22:05 - 01780442 ____N () C:\Users\Owner\Downloads\IBC14_0717.zip2014-07-18 21:42 - 2014-07-17 20:18 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar2014-07-18 21:38 - 2014-07-17 20:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\AVG Web TuneUp2014-07-17 20:18 - 2014-07-17 20:17 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp2014-07-17 20:17 - 2014-07-17 20:17 - 00000000 ____D () C:\ProgramData\AVG Secure Search2014-07-17 20:17 - 2014-07-17 20:17 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp2014-07-17 20:16 - 2014-07-17 20:18 - 00050464 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys2014-07-17 20:12 - 2014-07-16 20:40 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-07-17 20:07 - 2010-07-18 21:36 - 00342838 _____ () C:\windows\PFRO.log2014-07-17 00:13 - 2014-07-16 22:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-17 00:13 - 2014-07-16 22:12 - 00000000 ____D () C:\Users\Owner\Desktop\mbar2014-07-16 22:12 - 2014-07-16 22:11 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012 (1).exe2014-07-16 22:10 - 2014-07-16 22:09 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012.exe2014-07-16 21:50 - 2014-07-16 20:42 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-07-16 21:49 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF2014-07-16 21:24 - 2010-07-18 21:30 - 00000000 ____D () C:\windows\PCHEALTH2014-07-16 21:22 - 2014-04-27 01:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\systweak2014-07-16 20:41 - 2014-07-16 20:41 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-16 20:41 - 2014-07-16 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-07-16 20:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-07-16 20:39 - 2014-07-16 20:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe2014-07-16 20:30 - 2009-07-14 01:08 - 00032610 _____ () C:\windows\Tasks\SCHEDLGU.TXT2014-07-16 00:52 - 2010-11-29 23:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client2014-07-15 22:55 - 2014-07-15 22:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg20142014-07-15 22:15 - 2014-07-15 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG20142014-07-15 22:15 - 2014-07-15 22:14 - 00000000 ____D () C:\ProgramData\AVG20142014-07-15 22:14 - 2014-07-15 22:14 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ___HD () C:\$AVG2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-07-15 22:12 - 2014-07-15 22:12 - 00000000 ____D () C:\Program Files (x86)\AVG2014-07-15 22:04 - 2014-07-15 22:03 - 04755832 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-07-15 20:42 - 2014-07-15 20:42 - 00119558 _____ () C:\Users\Owner\Downloads\PB Hispanic Chamber FEF Presentation.pptx2014-07-11 23:56 - 2014-07-11 23:54 - 03932522 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (19).zip2014-07-11 22:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache2014-07-11 21:19 - 2014-07-11 21:19 - 01910719 ____N () C:\Users\Owner\Downloads\IBC14_0710.zip2014-07-11 20:36 - 2009-07-14 00:45 - 00275712 _____ () C:\windows\system32\FNTCACHE.DAT2014-07-11 20:34 - 2014-05-07 00:07 - 00000000 ___SD () C:\windows\system32\CompatTel2014-07-11 20:34 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-11 20:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism2014-07-11 20:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism2014-07-10 23:54 - 2013-07-21 10:43 - 00000000 ____D () C:\windows\system32\MRT2014-07-10 23:52 - 2010-11-20 23:02 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-07-10 22:55 - 2014-07-10 22:54 - 03915260 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (18).zip2014-07-09 00:34 - 2014-07-09 00:33 - 03842754 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (17).zip2014-07-08 23:52 - 2014-07-08 23:41 - 46306576 _____ (Installation Program) C:\Users\Owner\Downloads\bapinstaller.exe2014-07-08 23:38 - 2014-07-08 23:37 - 02402624 _____ () C:\Users\Owner\Downloads\VerizonWindowsInstaller.exe2014-07-08 21:20 - 2014-07-08 21:19 - 03841323 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (16).zip2014-07-08 21:07 - 2012-03-30 19:36 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-07-08 21:07 - 2012-03-30 19:35 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-07-08 21:07 - 2011-09-23 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-08 19:58 - 2014-06-22 14:50 - 00000000 ____D () C:\Users\Owner\Desktop\htconem8photos2014-07-06 22:27 - 2014-07-06 22:26 - 01785194 ____N () C:\Users\Owner\Downloads\IBC14_0706.zip2014-07-05 22:29 - 2014-07-05 22:29 - 03796636 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (15).zip2014-07-05 22:29 - 2014-07-05 22:28 - 01664392 ____N () C:\Users\Owner\Downloads\America_censored_Yeah.zip2014-07-03 18:25 - 2014-07-03 18:24 - 03799185 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (14).zip2014-07-01 23:01 - 2014-07-01 23:01 - 00015000 _____ () C:\Users\Owner\Downloads\astigersseries.zip2014-06-30 12:43 - 2014-06-30 12:43 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys2014-06-29 23:09 - 2014-06-29 23:09 - 01734337 ____N () C:\Users\Owner\Downloads\IBC14_0629.zip2014-06-29 22:09 - 2014-07-10 21:27 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-06-29 22:04 - 2014-07-10 21:27 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-06-28 23:44 - 2014-06-28 23:43 - 03752791 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (13).zip2014-06-28 23:44 - 2014-06-28 23:43 - 03752791 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (12).zip2014-06-26 23:12 - 2014-06-26 23:12 - 03716525 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (11).zip2014-06-26 21:19 - 2014-06-26 21:19 - 01709209 ____N () C:\Users\Owner\Downloads\IBC14_0626.zip2014-06-26 19:03 - 2014-06-26 19:03 - 21579918 _____ () C:\Users\Owner\Downloads\VIDEO0016.mp42014-06-25 21:27 - 2014-06-25 20:59 - 00000000 ____D () C:\Users\Owner\Desktop\Lily beginning2014-06-25 21:13 - 2014-06-25 21:04 - 00000000 ____D () C:\Users\Owner\Desktop\erin htc One 20142014-06-23 22:33 - 2014-06-23 22:32 - 03669818 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (10).zip2014-06-22 20:56 - 2014-06-22 20:56 - 01646446 ____N () C:\Users\Owner\Downloads\IBC14_0622 (1).zip2014-06-22 20:56 - 2014-06-22 20:56 - 01646446 _____ () C:\Users\Owner\Downloads\IBC14_0622.zip2014-06-22 00:14 - 2010-07-18 21:28 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-06-22 00:14 - 2010-07-18 21:28 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP:====================C:\Users\Owner\AppData\Local\Temp\avguidx.dllC:\Users\Owner\AppData\Local\Temp\CommonInstaller.exeC:\Users\Owner\AppData\Local\Temp\contentDATs.exeC:\Users\Owner\AppData\Local\Temp\jna1055410394220127404.dllC:\Users\Owner\AppData\Local\Temp\jna1073645731335081262.dllC:\Users\Owner\AppData\Local\Temp\jna1089234737564245298.dllC:\Users\Owner\AppData\Local\Temp\jna1265585676370952990.dllC:\Users\Owner\AppData\Local\Temp\jna127990445597468992.dllC:\Users\Owner\AppData\Local\Temp\jna1301368914540418725.dllC:\Users\Owner\AppData\Local\Temp\jna1338255137550711605.dllC:\Users\Owner\AppData\Local\Temp\jna1345494521560818300.dllC:\Users\Owner\AppData\Local\Temp\jna1348819289547376096.dllC:\Users\Owner\AppData\Local\Temp\jna1378459675680451388.dllC:\Users\Owner\AppData\Local\Temp\jna1408599061591347508.dllC:\Users\Owner\AppData\Local\Temp\jna1413721975258181491.dllC:\Users\Owner\AppData\Local\Temp\jna141657952164498110.dllC:\Users\Owner\AppData\Local\Temp\jna1496030830005005658.dllC:\Users\Owner\AppData\Local\Temp\jna1513459348249238754.dllC:\Users\Owner\AppData\Local\Temp\jna1524673651164537592.dllC:\Users\Owner\AppData\Local\Temp\jna1574467497722601740.dllC:\Users\Owner\AppData\Local\Temp\jna1580603678852781161.dllC:\Users\Owner\AppData\Local\Temp\jna1645965475949323265.dllC:\Users\Owner\AppData\Local\Temp\jna1656081241826479993.dllC:\Users\Owner\AppData\Local\Temp\jna1716538426897664777.dllC:\Users\Owner\AppData\Local\Temp\jna1767313942489924967.dllC:\Users\Owner\AppData\Local\Temp\jna1801867979433279340.dllC:\Users\Owner\AppData\Local\Temp\jna1815283812764045204.dllC:\Users\Owner\AppData\Local\Temp\jna1850960933250293754.dllC:\Users\Owner\AppData\Local\Temp\jna1867679894263075910.dllC:\Users\Owner\AppData\Local\Temp\jna191067944006807078.dllC:\Users\Owner\AppData\Local\Temp\jna1927289825285467540.dllC:\Users\Owner\AppData\Local\Temp\jna1940589474289515165.dllC:\Users\Owner\AppData\Local\Temp\jna1944614066371134996.dllC:\Users\Owner\AppData\Local\Temp\jna1970087269113460155.dllC:\Users\Owner\AppData\Local\Temp\jna2017633721869759595.dllC:\Users\Owner\AppData\Local\Temp\jna2020028590486784553.dllC:\Users\Owner\AppData\Local\Temp\jna2113559705531056055.dllC:\Users\Owner\AppData\Local\Temp\jna2137104367701114191.dllC:\Users\Owner\AppData\Local\Temp\jna2161722131168684103.dllC:\Users\Owner\AppData\Local\Temp\jna2199971991625516488.dllC:\Users\Owner\AppData\Local\Temp\jna2217530275308812001.dllC:\Users\Owner\AppData\Local\Temp\jna2229348768420652440.dllC:\Users\Owner\AppData\Local\Temp\jna2253567609384023264.dllC:\Users\Owner\AppData\Local\Temp\jna228318510833324664.dllC:\Users\Owner\AppData\Local\Temp\jna2328577765330815347.dllC:\Users\Owner\AppData\Local\Temp\jna2369314371924235151.dllC:\Users\Owner\AppData\Local\Temp\jna240548302079600137.dllC:\Users\Owner\AppData\Local\Temp\jna2418233799951787796.dllC:\Users\Owner\AppData\Local\Temp\jna2428935791446865617.dllC:\Users\Owner\AppData\Local\Temp\jna2435946527542576318.dllC:\Users\Owner\AppData\Local\Temp\jna2469959920894865431.dllC:\Users\Owner\AppData\Local\Temp\jna2509831631061981279.dllC:\Users\Owner\AppData\Local\Temp\jna2523271446376508757.dllC:\Users\Owner\AppData\Local\Temp\jna2537927882792538420.dllC:\Users\Owner\AppData\Local\Temp\jna2586768692225817985.dllC:\Users\Owner\AppData\Local\Temp\jna2594697291461913147.dllC:\Users\Owner\AppData\Local\Temp\jna2645571677015151069.dllC:\Users\Owner\AppData\Local\Temp\jna2735680648981203359.dllC:\Users\Owner\AppData\Local\Temp\jna2756681175888537788.dllC:\Users\Owner\AppData\Local\Temp\jna2827810566949453595.dllC:\Users\Owner\AppData\Local\Temp\jna2828391036122740736.dllC:\Users\Owner\AppData\Local\Temp\jna2892295468781768602.dllC:\Users\Owner\AppData\Local\Temp\jna2895870575592223102.dllC:\Users\Owner\AppData\Local\Temp\jna2895918678797225321.dllC:\Users\Owner\AppData\Local\Temp\jna2961393520522305924.dllC:\Users\Owner\AppData\Local\Temp\jna2985928321593966527.dllC:\Users\Owner\AppData\Local\Temp\jna3005641893859355318.dllC:\Users\Owner\AppData\Local\Temp\jna3027016499894709429.dllC:\Users\Owner\AppData\Local\Temp\jna3037078456381388547.dllC:\Users\Owner\AppData\Local\Temp\jna3062853685403050728.dllC:\Users\Owner\AppData\Local\Temp\jna3065867243328222421.dllC:\Users\Owner\AppData\Local\Temp\jna3069752364008478534.dllC:\Users\Owner\AppData\Local\Temp\jna307014461172785669.dllC:\Users\Owner\AppData\Local\Temp\jna3084295233232255021.dllC:\Users\Owner\AppData\Local\Temp\jna313228452834760646.dllC:\Users\Owner\AppData\Local\Temp\jna3142072920121137858.dllC:\Users\Owner\AppData\Local\Temp\jna3155038133243808512.dllC:\Users\Owner\AppData\Local\Temp\jna3164243799987185683.dllC:\Users\Owner\AppData\Local\Temp\jna3211549616934451642.dllC:\Users\Owner\AppData\Local\Temp\jna3267813023899180579.dllC:\Users\Owner\AppData\Local\Temp\jna3312013678864753244.dllC:\Users\Owner\AppData\Local\Temp\jna3396728693287280950.dllC:\Users\Owner\AppData\Local\Temp\jna3444654096113666702.dllC:\Users\Owner\AppData\Local\Temp\jna3478357878487589399.dllC:\Users\Owner\AppData\Local\Temp\jna3500833888180731504.dllC:\Users\Owner\AppData\Local\Temp\jna350130323847786012.dllC:\Users\Owner\AppData\Local\Temp\jna3577215428375015529.dllC:\Users\Owner\AppData\Local\Temp\jna3604327406098135628.dllC:\Users\Owner\AppData\Local\Temp\jna3615022425425878832.dllC:\Users\Owner\AppData\Local\Temp\jna361732402473682.dllC:\Users\Owner\AppData\Local\Temp\jna3654440175839414689.dllC:\Users\Owner\AppData\Local\Temp\jna3656584616937356981.dllC:\Users\Owner\AppData\Local\Temp\jna3709897726718360039.dllC:\Users\Owner\AppData\Local\Temp\jna3713905840728048779.dllC:\Users\Owner\AppData\Local\Temp\jna3750481549795837144.dllC:\Users\Owner\AppData\Local\Temp\jna3764312008363231733.dllC:\Users\Owner\AppData\Local\Temp\jna3772982672578239795.dllC:\Users\Owner\AppData\Local\Temp\jna3801742426493493225.dllC:\Users\Owner\AppData\Local\Temp\jna382629137699713869.dllC:\Users\Owner\AppData\Local\Temp\jna3841594382398555998.dllC:\Users\Owner\AppData\Local\Temp\jna3914893796064694303.dllC:\Users\Owner\AppData\Local\Temp\jna4022637142825171109.dllC:\Users\Owner\AppData\Local\Temp\jna4041414395083187497.dllC:\Users\Owner\AppData\Local\Temp\jna4082859652863286553.dllC:\Users\Owner\AppData\Local\Temp\jna4129255236051890007.dllC:\Users\Owner\AppData\Local\Temp\jna4134260619350896236.dllC:\Users\Owner\AppData\Local\Temp\jna4143303086466086913.dllC:\Users\Owner\AppData\Local\Temp\jna4149463184019568982.dllC:\Users\Owner\AppData\Local\Temp\jna4196481678644158245.dllC:\Users\Owner\AppData\Local\Temp\jna4199565959882591509.dllC:\Users\Owner\AppData\Local\Temp\jna4220374977280582286.dllC:\Users\Owner\AppData\Local\Temp\jna4253135213975081978.dllC:\Users\Owner\AppData\Local\Temp\jna4253400650983658442.dllC:\Users\Owner\AppData\Local\Temp\jna4268522948304728567.dllC:\Users\Owner\AppData\Local\Temp\jna4284877007224748757.dllC:\Users\Owner\AppData\Local\Temp\jna4304093955072418001.dllC:\Users\Owner\AppData\Local\Temp\jna4312919535713411569.dllC:\Users\Owner\AppData\Local\Temp\jna4324095293115301064.dllC:\Users\Owner\AppData\Local\Temp\jna4362261550043755591.dllC:\Users\Owner\AppData\Local\Temp\jna4411779524320667613.dllC:\Users\Owner\AppData\Local\Temp\jna4414700258781765186.dllC:\Users\Owner\AppData\Local\Temp\jna4428026053115852264.dllC:\Users\Owner\AppData\Local\Temp\jna4432179026936031362.dllC:\Users\Owner\AppData\Local\Temp\jna4483270876263442655.dllC:\Users\Owner\AppData\Local\Temp\jna4497347906593145865.dllC:\Users\Owner\AppData\Local\Temp\jna45577432389619273.dllC:\Users\Owner\AppData\Local\Temp\jna4561348944493028065.dllC:\Users\Owner\AppData\Local\Temp\jna4584910649214283505.dllC:\Users\Owner\AppData\Local\Temp\jna477492906712338995.dllC:\Users\Owner\AppData\Local\Temp\jna4779856219341661400.dllC:\Users\Owner\AppData\Local\Temp\jna4800010619957898710.dllC:\Users\Owner\AppData\Local\Temp\jna4835326447777631659.dllC:\Users\Owner\AppData\Local\Temp\jna4860029119200075466.dllC:\Users\Owner\AppData\Local\Temp\jna4861363463722171465.dllC:\Users\Owner\AppData\Local\Temp\jna4886612317329354315.dllC:\Users\Owner\AppData\Local\Temp\jna4912277343437799050.dllC:\Users\Owner\AppData\Local\Temp\jna4931909810819809028.dllC:\Users\Owner\AppData\Local\Temp\jna4945229504155667943.dllC:\Users\Owner\AppData\Local\Temp\jna5021525203642597194.dllC:\Users\Owner\AppData\Local\Temp\jna5034256790370779110.dllC:\Users\Owner\AppData\Local\Temp\jna5065008735481289.dllC:\Users\Owner\AppData\Local\Temp\jna5078127617711254055.dllC:\Users\Owner\AppData\Local\Temp\jna5083836432665435381.dllC:\Users\Owner\AppData\Local\Temp\jna51438985191536595.dllC:\Users\Owner\AppData\Local\Temp\jna5272732618646975287.dllC:\Users\Owner\AppData\Local\Temp\jna5302560956159052006.dllC:\Users\Owner\AppData\Local\Temp\jna5331773368275542884.dllC:\Users\Owner\AppData\Local\Temp\jna5336873960719145873.dllC:\Users\Owner\AppData\Local\Temp\jna5341790792077835722.dllC:\Users\Owner\AppData\Local\Temp\jna5344666149690115126.dllC:\Users\Owner\AppData\Local\Temp\jna5345684084140583143.dllC:\Users\Owner\AppData\Local\Temp\jna5379865247257532819.dllC:\Users\Owner\AppData\Local\Temp\jna5410436458805809943.dllC:\Users\Owner\AppData\Local\Temp\jna5516488020769079650.dllC:\Users\Owner\AppData\Local\Temp\jna558010010997087494.dllC:\Users\Owner\AppData\Local\Temp\jna5653542993109469013.dllC:\Users\Owner\AppData\Local\Temp\jna5695151716466104724.dllC:\Users\Owner\AppData\Local\Temp\jna5851357491536793185.dllC:\Users\Owner\AppData\Local\Temp\jna586920566669692761.dllC:\Users\Owner\AppData\Local\Temp\jna5884016690907365101.dllC:\Users\Owner\AppData\Local\Temp\jna5898300810310006489.dllC:\Users\Owner\AppData\Local\Temp\jna595793160003884214.dllC:\Users\Owner\AppData\Local\Temp\jna6053173396507301516.dllC:\Users\Owner\AppData\Local\Temp\jna6108004408687073315.dllC:\Users\Owner\AppData\Local\Temp\jna6108203511628226254.dllC:\Users\Owner\AppData\Local\Temp\jna6226894827182579394.dllC:\Users\Owner\AppData\Local\Temp\jna6229511218587484758.dllC:\Users\Owner\AppData\Local\Temp\jna6285616861569946725.dllC:\Users\Owner\AppData\Local\Temp\jna6291850023169026054.dllC:\Users\Owner\AppData\Local\Temp\jna6295035365988348052.dllC:\Users\Owner\AppData\Local\Temp\jna6334046092770322968.dllC:\Users\Owner\AppData\Local\Temp\jna635663741139323603.dllC:\Users\Owner\AppData\Local\Temp\jna6379538355747710084.dllC:\Users\Owner\AppData\Local\Temp\jna645814274414356079.dllC:\Users\Owner\AppData\Local\Temp\jna6515816975864405405.dllC:\Users\Owner\AppData\Local\Temp\jna6525045410228419854.dllC:\Users\Owner\AppData\Local\Temp\jna654588678970475635.dllC:\Users\Owner\AppData\Local\Temp\jna6566616626067555484.dllC:\Users\Owner\AppData\Local\Temp\jna6632756193070054768.dllC:\Users\Owner\AppData\Local\Temp\jna6667856229689338824.dllC:\Users\Owner\AppData\Local\Temp\jna6669023402398644127.dllC:\Users\Owner\AppData\Local\Temp\jna6779784740513243803.dllC:\Users\Owner\AppData\Local\Temp\jna6786850965707728957.dllC:\Users\Owner\AppData\Local\Temp\jna6821461349221561943.dllC:\Users\Owner\AppData\Local\Temp\jna6836203555943423326.dllC:\Users\Owner\AppData\Local\Temp\jna6852748717023617129.dllC:\Users\Owner\AppData\Local\Temp\jna685353392993797960.dllC:\Users\Owner\AppData\Local\Temp\jna6884692819980808954.dllC:\Users\Owner\AppData\Local\Temp\jna6921397778676949556.dllC:\Users\Owner\AppData\Local\Temp\jna694301182309012124.dllC:\Users\Owner\AppData\Local\Temp\jna6957268513071175047.dllC:\Users\Owner\AppData\Local\Temp\jna6963944392577325395.dllC:\Users\Owner\AppData\Local\Temp\jna6978106619197228332.dllC:\Users\Owner\AppData\Local\Temp\jna6988108271621434392.dllC:\Users\Owner\AppData\Local\Temp\jna7007860799504926931.dllC:\Users\Owner\AppData\Local\Temp\jna7008241526921378853.dllC:\Users\Owner\AppData\Local\Temp\jna7034558343969092770.dllC:\Users\Owner\AppData\Local\Temp\jna7060563050487800505.dllC:\Users\Owner\AppData\Local\Temp\jna7120220566127010029.dllC:\Users\Owner\AppData\Local\Temp\jna7249906907525416813.dllC:\Users\Owner\AppData\Local\Temp\jna7258860542351408454.dllC:\Users\Owner\AppData\Local\Temp\jna7296635038863415624.dllC:\Users\Owner\AppData\Local\Temp\jna731502063672682196.dllC:\Users\Owner\AppData\Local\Temp\jna7365726896964739441.dllC:\Users\Owner\AppData\Local\Temp\jna7376634990843928982.dllC:\Users\Owner\AppData\Local\Temp\jna7409958990271372215.dllC:\Users\Owner\AppData\Local\Temp\jna7410128475298463746.dllC:\Users\Owner\AppData\Local\Temp\jna7430430455485643715.dllC:\Users\Owner\AppData\Local\Temp\jna7442427099195692757.dllC:\Users\Owner\AppData\Local\Temp\jna7444490974465043941.dllC:\Users\Owner\AppData\Local\Temp\jna7467896732558879212.dllC:\Users\Owner\AppData\Local\Temp\jna7477276558307117706.dllC:\Users\Owner\AppData\Local\Temp\jna7506651533749795515.dllC:\Users\Owner\AppData\Local\Temp\jna7537813807773465182.dllC:\Users\Owner\AppData\Local\Temp\jna754422110778155529.dllC:\Users\Owner\AppData\Local\Temp\jna7551202998778283700.dllC:\Users\Owner\AppData\Local\Temp\jna7572465817287009577.dllC:\Users\Owner\AppData\Local\Temp\jna7582005285413423908.dllC:\Users\Owner\AppData\Local\Temp\jna7690641367319228898.dllC:\Users\Owner\AppData\Local\Temp\jna7698100106532435214.dllC:\Users\Owner\AppData\Local\Temp\jna7700193672020811743.dllC:\Users\Owner\AppData\Local\Temp\jna7705564435606168316.dllC:\Users\Owner\AppData\Local\Temp\jna7725289901829707056.dllC:\Users\Owner\AppData\Local\Temp\jna7734671901369106244.dllC:\Users\Owner\AppData\Local\Temp\jna7759497930355525751.dllC:\Users\Owner\AppData\Local\Temp\jna7768841162359542638.dllC:\Users\Owner\AppData\Local\Temp\jna7803515674203191796.dllC:\Users\Owner\AppData\Local\Temp\jna7807397126480674840.dllC:\Users\Owner\AppData\Local\Temp\jna7936408840488875699.dllC:\Users\Owner\AppData\Local\Temp\jna7986096234774717324.dllC:\Users\Owner\AppData\Local\Temp\jna8000422898631349852.dllC:\Users\Owner\AppData\Local\Temp\jna8067162821282140300.dllC:\Users\Owner\AppData\Local\Temp\jna8071555603912291741.dllC:\Users\Owner\AppData\Local\Temp\jna8133324460145535223.dllC:\Users\Owner\AppData\Local\Temp\jna8182213396677485942.dllC:\Users\Owner\AppData\Local\Temp\jna8210959633176675751.dllC:\Users\Owner\AppData\Local\Temp\jna8271523404728139759.dllC:\Users\Owner\AppData\Local\Temp\jna8284235807254542459.dllC:\Users\Owner\AppData\Local\Temp\jna8297680020154361726.dllC:\Users\Owner\AppData\Local\Temp\jna8316540396313167892.dllC:\Users\Owner\AppData\Local\Temp\jna833555766385676975.dllC:\Users\Owner\AppData\Local\Temp\jna8339046905114866762.dllC:\Users\Owner\AppData\Local\Temp\jna8390166455458190193.dllC:\Users\Owner\AppData\Local\Temp\jna8393855062354365697.dllC:\Users\Owner\AppData\Local\Temp\jna8396234797334622748.dllC:\Users\Owner\AppData\Local\Temp\jna8416022480737296104.dllC:\Users\Owner\AppData\Local\Temp\jna8426056621742441602.dllC:\Users\Owner\AppData\Local\Temp\jna8476986077385241060.dllC:\Users\Owner\AppData\Local\Temp\jna8484502264119813862.dllC:\Users\Owner\AppData\Local\Temp\jna8486329879967238906.dllC:\Users\Owner\AppData\Local\Temp\jna8493114186821050151.dllC:\Users\Owner\AppData\Local\Temp\jna8528085553503596366.dllC:\Users\Owner\AppData\Local\Temp\jna8531787249759903430.dllC:\Users\Owner\AppData\Local\Temp\jna8570130788753002254.dllC:\Users\Owner\AppData\Local\Temp\jna8578705908199298278.dllC:\Users\Owner\AppData\Local\Temp\jna8608661622661301450.dllC:\Users\Owner\AppData\Local\Temp\jna8617431188968661086.dllC:\Users\Owner\AppData\Local\Temp\jna8628100531392644011.dllC:\Users\Owner\AppData\Local\Temp\jna863793844727574835.dllC:\Users\Owner\AppData\Local\Temp\jna8657076799159017766.dllC:\Users\Owner\AppData\Local\Temp\jna8713991559301363775.dllC:\Users\Owner\AppData\Local\Temp\jna8716098565859953792.dllC:\Users\Owner\AppData\Local\Temp\jna8776122699420467089.dllC:\Users\Owner\AppData\Local\Temp\jna8825971730381371969.dllC:\Users\Owner\AppData\Local\Temp\jna8871640359453611492.dllC:\Users\Owner\AppData\Local\Temp\jna8875762002979259583.dllC:\Users\Owner\AppData\Local\Temp\jna8881592656392740922.dllC:\Users\Owner\AppData\Local\Temp\jna8935842394902348670.dllC:\Users\Owner\AppData\Local\Temp\jna9000047029031431415.dllC:\Users\Owner\AppData\Local\Temp\jna9015740863254145876.dllC:\Users\Owner\AppData\Local\Temp\jna9018805451120928554.dllC:\Users\Owner\AppData\Local\Temp\jna9190108094731004652.dllC:\Users\Owner\AppData\Local\Temp\jna9212377506602501615.dllC:\Users\Owner\AppData\Local\Temp\jna9217790140952977226.dllC:\Users\Owner\AppData\Local\Temp\jna947411726773802395.dllC:\Users\Owner\AppData\Local\Temp\jna949072021451394907.dllC:\Users\Owner\AppData\Local\Temp\jna979046585045349411.dllC:\Users\Owner\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\MachineIdCreator.exeC:\Users\Owner\AppData\Local\Temp\MotoCast_Installer_1.2.8.exeC:\Users\Owner\AppData\Local\Temp\oi_{E252F3E3-9D7A-4BF8-9187-B50066F28CF9}.exeC:\Users\Owner\AppData\Local\Temp\qdxnuzeg.dllC:\Users\Owner\AppData\Local\Temp\rtdrvmon.exeC:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\Owner\AppData\Local\Temp\SendMsg.dllC:\Users\Owner\AppData\Local\Temp\Setup.exeC:\Users\Owner\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite10193.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite11484.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite11837.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite15498.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite17534.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite18767.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite23106.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite23774.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite29779.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite29985.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite32388.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite33533.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite37381.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite40506.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite43636.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite44268.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite46417.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite48242.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite48871.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite50378.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite50762.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite54897.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite55076.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite55208.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite58610.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite61463.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite62121.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite62176.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite66573.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite66840.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite68968.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite69936.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite70486.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite73246.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite76176.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite77068.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite77210.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite79026.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite79189.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite82277.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite83159.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite83789.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite84913.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite86192.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite90391.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite90848.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite93473.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite94787.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite95414.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite95823.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite95949.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite96420.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite96669.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite96914.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite98487.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite98756.dllC:\Users\Owner\AppData\Local\Temp\ToolbarInstaller.exeC:\Users\Owner\AppData\Local\Temp\Uninstall.exeC:\Users\Owner\AppData\Local\Temp\zclneq8h.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 21:40 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted July 22, 2014 ID:856180 Share Posted July 22, 2014 chrome.exe*32 other processes .exe*32 Hi,why do you think this is malware? Step 1Please download AdwCleaner (by Xplode) and save it to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select "Run As Administrator"Click on the Scan button.After the scan has finished, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.Copy and paste the contents of that logfile in your next reply. Step 2 Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.Please copy and paste the log in your next reply. Link to post Share on other sites More sharing options...
erinpaige Posted July 22, 2014 Author ID:856212 Share Posted July 22, 2014 Our computer was running super slow and when I pulled up the Task Manager, about half of the processes had the .exe*32 ending, which looked very odd to me. Also, each time I used Google Chrome, about 6 or 7 versions of "chrome.exe*32" would show up in Task Manager even if I only had one window open. I googled about it and ended up seeing several folks with similar problems that had a virus and/or malware. I downloaded AVG anti virus which found a worm and several other things and then Malwarebytes which also found things, but the problem has not cleared up. The internet is still extremely slow so I think there is something running in the background. I will complete the above directions as soon as I get home tonite and repost. Thank you for all your help! Link to post Share on other sites More sharing options...
deeprybka Posted July 22, 2014 ID:856220 Share Posted July 22, 2014 Thank you for all your help!You are welcome! I have also one opend chrome window. As you can see, there a many chrome-processes running... Anyway, we will check everything in depth... Link to post Share on other sites More sharing options...
erinpaige Posted July 22, 2014 Author ID:856497 Share Posted July 22, 2014 AdwCleaner: # AdwCleaner v3.216 - Report created 22/07/2014 at 19:41:23# Updated 17/07/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Owner - OWNER-PC# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** Service Deleted : APNMCP ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apnFolder Deleted : C:\ProgramData\AskPartnerNetworkFolder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\ProgramData\AVG Security ToolbarFolder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\ProgramData\VisualBeeFolder Deleted : C:\Program Files (x86)\AskPartnerNetworkFolder Deleted : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\Users\Owner\AppData\Local\BrowsersafeguardFolder Deleted : C:\Users\Owner\AppData\Local\emazeFolder Deleted : C:\Users\Owner\AppData\Local\MobogenieFolder Deleted : C:\Users\Owner\AppData\Local\PackageAwareFolder Deleted : C:\Users\Owner\AppData\Local\Temp\apnFolder Deleted : C:\Users\Owner\AppData\Roaming\SystweakFolder Deleted : C:\Users\Owner\Documents\MobogenieFolder Deleted : C:\Users\Owner\Documents\Optimizer ProFolder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedhFile Deleted : C:\Users\Owner\daemonprocess.txtFile Deleted : C:\Users\Owner\AppData\Local\Temp\Uninstall.exeFile Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xmlFile Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l260stbr.default\searchplugins\safeguard-secure-search.xml ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedhKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAddValue Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\AskPartnerNetworkKey Deleted : HKCU\Software\InstalledThirdPartyProgramsKey Deleted : HKCU\Software\systweakKey Deleted : HKCU\Software\visualbeeKey Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}Key Deleted : HKLM\Software\AskPartnerNetworkKey Deleted : HKLM\Software\AVG Secure SearchKey Deleted : HKLM\Software\systweakKey Deleted : HKLM\Software\visualbeeKey Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l260stbr.default\prefs.js ] Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search"); -\\ Google Chrome v36.0.1985.125 [ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://www.stubhub.com/search/doSearch?searchStr={searchTerms}&pageNumber=1&resultsPerPage=50&searchMode=event&start=0&rows=50&geo_exp=1Deleted [search Provider] : hxxp://www.govdelivery.com/search-results?cx=002978347262224789446%3Apgkhjhnf6gu&cof=FORID%3A10&ie=UTF-8&q={searchTerms}Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}Deleted [search Provider] : hxxp://www.wayfair.com/keyword.php?keyword={searchTerms}&ust=&command=dosearch&new_keyword_search=trueDeleted [Extension] : booedmolknjekdopkepjjeckmjkdpfglDeleted [Extension] : bopakagnckmlgajfccecajhnimjiiedhDeleted [Extension] : flpcjncodpafbgdpnkljologafpionhb ************************* AdwCleaner[R0].txt - [7203 octets] - [22/07/2014 19:39:54]AdwCleaner[s0].txt - [6954 octets] - [22/07/2014 19:41:23] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7014 octets] ########## Link to post Share on other sites More sharing options...
erinpaige Posted July 22, 2014 Author ID:856500 Share Posted July 22, 2014 I'm not sure how to start FRST with administrator privileges. I started the same way as yesterday and here is the log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014Ran by Owner (administrator) on OWNER-PC on 22-07-2014 19:51:01Running from C:\Users\Owner\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe( ) C:\Windows\System32\lxczcoms.exe(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe(Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe() C:\Users\Owner\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] => [X]HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-24] (TOSHIBA Corporation)HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe [74408 2009-04-27] (Lexmark International, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)HKLM-x32\...\Run: [ROC_ROC_NT] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NTHKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-19] (Google Inc.)HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Run: [Amazon Cloud Player] => C:\Users\Owner\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Run: [EPLTarget\P0000000000000001] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: H - H:\TL-Bootstrap.exeHKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: {2b93059a-6353-11e1-b05a-60eb693fb36f} - E:\MotoCastSetup.exe -aHKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: {3e725b56-9181-11e1-b0c8-60eb693fb36f} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exeHKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: {85334b43-42e2-11e0-bb1a-60eb693fb36f} - E:\TL-Bootstrap.exeHKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: {b58712ed-e7e6-11e1-8a36-60eb693fb36f} - E:\MotoCastSetup.exe -aHKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: {b65e6f9d-5b0e-11e2-8603-60eb693fb36f} - F:\iLinker.exeHKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: {dcb488a7-49a1-11e3-82cc-60eb693fb36f} - E:\TL_Bootstrap.exeHKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\MountPoints2: {df07aa66-244c-11e2-adb1-60eb693fb36f} - E:\TL-Bootstrap.exeStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50SearchScopes: HKLM - DefaultScope {B70C8C06-E07D-4550-9D57-FBE5D6A57401} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {B70C8C06-E07D-4550-9D57-FBE5D6A57401} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKLM-x32 - {E5DC73B2-E8F0-4185-B056-9BECD5D441B2} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}SearchScopes: HKCU - {3CA04391-9CA5-4000-8DA5-E1AE9DE85A84} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS407US408SearchScopes: HKCU - {B70C8C06-E07D-4550-9D57-FBE5D6A57401} URL = SearchScopes: HKCU - {E5DC73B2-E8F0-4185-B056-9BECD5D441B2} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l260stbr.defaultFF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xmlFF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpiFF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: =======CHR HomePage: https://mysearch.avg.com?cid={3596CAB4-F10B-454E-B783-355EEC571130}&mid=29f321c6055a47d0ae35b1a22fdb5a9c-be6688d8e3549667a3ad7bbd768f912983e1116d〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-07-17 20:18:21&v=3.1.0.6&pid=wtu&sg=&sap=hp CHR StartupUrls: "https://mysearch.avg.com?cid={3596CAB4-F10B-454E-B783-355EEC571130}&mid=29f321c6055a47d0ae35b1a22fdb5a9c-be6688d8e3549667a3ad7bbd768f912983e1116d〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-07-17 20:18:21&v=3.1.0.6&pid=wtu&sg=&sap=hp" CHR DefaultSearchKeyword: mysearch.avg.comCHR DefaultSearchProvider: AVG Secure SearchCHR DefaultSearchURL: https://mysearch.avg.com/search?cid={3596CAB4-F10B-454E-B783-355EEC571130}&mid=29f321c6055a47d0ae35b1a22fdb5a9c-be6688d8e3549667a3ad7bbd768f912983e1116d〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-07-17 20:18:21&v=3.1.0.6&pid=wtu&sg=&sap=dsp&q={searchTerms} CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05]CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-05]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-05]CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-05]CHR Extension: (Hangouts) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-03-14]CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-05]CHR HKLM-x32\...\Chrome\Extension: [aaaakabcghbhlohjjnonbaadlhlkhaob] - C:\ProgramData\AskPartnerNetwork\Toolbar\EPNV64\CRX\ToolbarCR.crx [2013-10-05] ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R2 lxcz_device; C:\windows\system32\lxczcoms.exe [566192 2007-04-19] ( )R2 lxcz_device; C:\windows\SysWOW64\lxczcoms.exe [537520 2007-04-19] ( )R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [361472 2011-06-13] (Alcatel-Lucent) [File not signed]R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [441344 2011-06-13] (Alcatel-Lucent) [File not signed]S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-01] ()R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed]R2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe [3872776 2010-09-22] (Webroot Software, Inc. (www.webroot.com))S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-07-17] (AVG Technologies)S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-07-05] (LeapFrog)S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)R2 ssfmonm; C:\Windows\System32\DRIVERS\ssfmonm.sys [55360 2010-06-17] (Webroot Software, Inc. (www.webroot.com))R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [136224 2010-06-17] (Webroot Software, Inc. (www.webroot.com))S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-22 19:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll2014-07-22 19:39 - 2014-07-22 19:41 - 00000000 ____D () C:\AdwCleaner2014-07-22 19:38 - 2014-07-22 19:38 - 01354223 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe2014-07-21 21:15 - 2014-07-21 21:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1D54AAA1-D7E5-404E-9205-936F0AB5320B}2014-07-21 19:41 - 2014-07-21 19:42 - 00038865 _____ () C:\Users\Owner\Downloads\Addition.txt2014-07-21 19:40 - 2014-07-21 19:40 - 02090496 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe2014-07-21 19:36 - 2014-07-22 19:51 - 00024287 _____ () C:\Users\Owner\Downloads\FRST.txt2014-07-21 19:35 - 2014-07-22 19:51 - 00000000 ____D () C:\FRST2014-07-21 19:34 - 2014-07-21 19:34 - 01080320 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe2014-07-20 22:34 - 2014-07-20 22:35 - 01813321 ____N () C:\Users\Owner\Downloads\IBC14_0720.zip2014-07-18 22:05 - 2014-07-18 22:05 - 01780442 ____N () C:\Users\Owner\Downloads\IBC14_0717.zip2014-07-17 20:18 - 2014-07-18 21:38 - 00000000 ____D () C:\Users\Owner\AppData\Local\AVG Web TuneUp2014-07-17 20:18 - 2014-07-17 20:16 - 00050464 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys2014-07-17 20:17 - 2014-07-17 20:18 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp2014-07-17 20:17 - 2014-07-17 20:17 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp2014-07-16 22:13 - 2014-07-17 00:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-16 22:12 - 2014-07-17 00:13 - 00000000 ____D () C:\Users\Owner\Desktop\mbar2014-07-16 22:11 - 2014-07-16 22:12 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012 (1).exe2014-07-16 22:09 - 2014-07-16 22:10 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012.exe2014-07-16 20:42 - 2014-07-16 21:50 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-07-16 20:41 - 2014-07-16 20:41 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-16 20:40 - 2014-07-17 20:12 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-07-16 20:40 - 2014-07-16 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-07-16 20:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-07-16 20:39 - 2014-07-16 20:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-07-16 20:38 - 2014-07-16 20:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe2014-07-15 22:15 - 2014-07-15 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG20142014-07-15 22:14 - 2014-07-15 22:15 - 00000000 ____D () C:\ProgramData\AVG20142014-07-15 22:14 - 2014-07-15 22:14 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ___HD () C:\$AVG2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-07-15 22:12 - 2014-07-15 22:12 - 00000000 ____D () C:\Program Files (x86)\AVG2014-07-15 22:04 - 2014-07-15 22:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg20142014-07-15 22:03 - 2014-07-15 22:04 - 04755832 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-07-15 20:42 - 2014-07-15 20:42 - 00119558 _____ () C:\Users\Owner\Downloads\PB Hispanic Chamber FEF Presentation.pptx2014-07-11 23:54 - 2014-07-11 23:56 - 03932522 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (19).zip2014-07-11 21:19 - 2014-07-11 21:19 - 01910719 ____N () C:\Users\Owner\Downloads\IBC14_0710.zip2014-07-10 22:54 - 2014-07-10 22:55 - 03915260 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (18).zip2014-07-10 21:28 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2014-07-10 21:28 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-07-10 21:28 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-07-10 21:28 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-07-10 21:28 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-07-10 21:28 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-07-10 21:28 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-07-10 21:28 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-07-10 21:28 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-07-10 21:28 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-07-10 21:28 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-07-10 21:28 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-07-10 21:28 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-07-10 21:28 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-10 21:28 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-07-10 21:28 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-07-10 21:28 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-07-10 21:28 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-07-10 21:28 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-07-10 21:27 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-07-10 21:27 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-07-10 21:27 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2014-07-10 21:27 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-07-10 21:27 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2014-07-10 21:27 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-07-10 21:27 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-07-10 21:27 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-07-10 21:27 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2014-07-10 21:27 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-07-10 21:27 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-07-10 21:27 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-07-10 21:27 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-07-10 21:27 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-07-10 21:27 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2014-07-10 21:27 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-07-10 21:27 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-07-10 21:27 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-07-10 21:27 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-07-10 21:27 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-07-10 21:27 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-07-10 21:27 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-07-10 21:27 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2014-07-10 21:27 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-07-10 21:27 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-07-10 21:27 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-07-10 21:27 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2014-07-10 21:27 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-07-10 21:27 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-07-10 21:27 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-07-10 21:27 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-07-10 21:27 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-07-10 21:27 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-07-10 21:27 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-07-10 21:27 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2014-07-10 21:27 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-07-10 21:27 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-07-10 21:27 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-07-10 21:27 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-07-10 21:27 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe2014-07-10 21:27 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe2014-07-10 21:27 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-07-10 21:27 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll2014-07-10 21:27 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2014-07-10 21:27 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys2014-07-10 21:23 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2014-07-10 21:23 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll2014-07-10 21:23 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2014-07-09 00:33 - 2014-07-09 00:34 - 03842754 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (17).zip2014-07-08 23:41 - 2014-07-08 23:52 - 46306576 _____ (Installation Program) C:\Users\Owner\Downloads\bapinstaller.exe2014-07-08 23:37 - 2014-07-08 23:38 - 02402624 _____ () C:\Users\Owner\Downloads\VerizonWindowsInstaller.exe2014-07-08 21:19 - 2014-07-08 21:20 - 03841323 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (16).zip2014-07-06 22:26 - 2014-07-06 22:27 - 01785194 ____N () C:\Users\Owner\Downloads\IBC14_0706.zip2014-07-05 22:29 - 2014-07-05 22:29 - 03796636 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (15).zip2014-07-05 22:28 - 2014-07-05 22:29 - 01664392 ____N () C:\Users\Owner\Downloads\America_censored_Yeah.zip2014-07-03 18:24 - 2014-07-03 18:25 - 03799185 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (14).zip2014-07-01 23:01 - 2014-07-01 23:01 - 00015000 _____ () C:\Users\Owner\Downloads\astigersseries.zip2014-06-30 12:43 - 2014-06-30 12:43 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys2014-06-29 23:09 - 2014-06-29 23:09 - 01734337 ____N () C:\Users\Owner\Downloads\IBC14_0629.zip2014-06-28 23:43 - 2014-06-28 23:44 - 03752791 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (13).zip2014-06-28 23:43 - 2014-06-28 23:44 - 03752791 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (12).zip2014-06-26 23:12 - 2014-06-26 23:12 - 03716525 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (11).zip2014-06-26 21:19 - 2014-06-26 21:19 - 01709209 ____N () C:\Users\Owner\Downloads\IBC14_0626.zip2014-06-26 19:03 - 2014-06-26 19:03 - 21579918 _____ () C:\Users\Owner\Downloads\VIDEO0016.mp42014-06-25 21:04 - 2014-06-25 21:13 - 00000000 ____D () C:\Users\Owner\Desktop\erin htc One 20142014-06-25 20:59 - 2014-06-25 21:27 - 00000000 ____D () C:\Users\Owner\Desktop\Lily beginning2014-06-23 22:32 - 2014-06-23 22:33 - 03669818 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (10).zip2014-06-22 20:56 - 2014-06-22 20:56 - 01646446 ____N () C:\Users\Owner\Downloads\IBC14_0622 (1).zip2014-06-22 20:56 - 2014-06-22 20:56 - 01646446 _____ () C:\Users\Owner\Downloads\IBC14_0622.zip2014-06-22 14:50 - 2014-07-08 19:58 - 00000000 ____D () C:\Users\Owner\Desktop\htconem8photos ==================== One Month Modified Files and Folders ======= 2014-07-22 19:53 - 2014-07-21 19:36 - 00024287 _____ () C:\Users\Owner\Downloads\FRST.txt2014-07-22 19:52 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-22 19:52 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-22 19:51 - 2014-07-21 19:35 - 00000000 ____D () C:\FRST2014-07-22 19:44 - 2011-02-28 00:17 - 00000000 ____D () C:\Temp2014-07-22 19:44 - 2010-07-18 21:36 - 00343152 _____ () C:\windows\PFRO.log2014-07-22 19:44 - 2010-07-18 21:28 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-22 19:44 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-07-22 19:44 - 2009-07-14 00:51 - 00119886 _____ () C:\windows\setupact.log2014-07-22 19:42 - 2010-09-10 07:29 - 01475906 _____ () C:\windows\WindowsUpdate.log2014-07-22 19:41 - 2014-07-22 19:39 - 00000000 ____D () C:\AdwCleaner2014-07-22 19:41 - 2010-11-20 22:45 - 00000000 ____D () C:\Users\Owner2014-07-22 19:38 - 2014-07-22 19:38 - 01354223 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe2014-07-22 19:36 - 2012-09-03 19:34 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000UA.job2014-07-22 19:36 - 2010-07-18 21:28 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-22 19:35 - 2012-03-30 19:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-07-22 18:55 - 2014-03-03 22:55 - 00000911 _____ () C:\windows\Tasks\EPSON XP-310 Series Update {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12}.job2014-07-22 18:55 - 2014-03-03 22:55 - 00000725 _____ () C:\windows\Tasks\EPSON XP-310 Series Invitation {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12}.job2014-07-22 18:55 - 2009-07-14 01:32 - 00000000 ____D () C:\windows\system32\FxsTmp2014-07-22 18:54 - 2012-10-10 22:04 - 00000000 ____D () C:\ProgramData\MFAData2014-07-22 18:44 - 2013-12-13 22:44 - 00000911 _____ () C:\windows\Tasks\EPSON XP-310 Series Update {0B27C824-AF46-476A-B592-12B2DD9EAFF4}.job2014-07-22 18:44 - 2013-12-13 22:44 - 00000725 _____ () C:\windows\Tasks\EPSON XP-310 Series Invitation {0B27C824-AF46-476A-B592-12B2DD9EAFF4}.job2014-07-22 00:30 - 2010-11-29 23:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client2014-07-21 23:46 - 2012-01-29 22:43 - 00000000 ____D () C:\dmb102014-07-21 22:22 - 2012-09-03 19:34 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000Core.job2014-07-21 21:15 - 2014-07-21 21:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1D54AAA1-D7E5-404E-9205-936F0AB5320B}2014-07-21 20:31 - 2009-07-14 01:13 - 00006454 _____ () C:\windows\system32\PerfStringBackup.INI2014-07-21 19:42 - 2014-07-21 19:41 - 00038865 _____ () C:\Users\Owner\Downloads\Addition.txt2014-07-21 19:40 - 2014-07-21 19:40 - 02090496 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe2014-07-21 19:34 - 2014-07-21 19:34 - 01080320 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe2014-07-20 22:35 - 2014-07-20 22:34 - 01813321 ____N () C:\Users\Owner\Downloads\IBC14_0720.zip2014-07-18 22:05 - 2014-07-18 22:05 - 01780442 ____N () C:\Users\Owner\Downloads\IBC14_0717.zip2014-07-18 21:38 - 2014-07-17 20:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\AVG Web TuneUp2014-07-17 20:18 - 2014-07-17 20:17 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp2014-07-17 20:17 - 2014-07-17 20:17 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp2014-07-17 20:16 - 2014-07-17 20:18 - 00050464 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys2014-07-17 20:12 - 2014-07-16 20:40 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-07-17 00:13 - 2014-07-16 22:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-17 00:13 - 2014-07-16 22:12 - 00000000 ____D () C:\Users\Owner\Desktop\mbar2014-07-16 22:12 - 2014-07-16 22:11 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012 (1).exe2014-07-16 22:10 - 2014-07-16 22:09 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012.exe2014-07-16 21:50 - 2014-07-16 20:42 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-07-16 21:49 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF2014-07-16 21:24 - 2010-07-18 21:30 - 00000000 ____D () C:\windows\PCHEALTH2014-07-16 20:41 - 2014-07-16 20:41 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-16 20:41 - 2014-07-16 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-07-16 20:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-07-16 20:39 - 2014-07-16 20:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe2014-07-16 20:30 - 2009-07-14 01:08 - 00032610 _____ () C:\windows\Tasks\SCHEDLGU.TXT2014-07-15 22:55 - 2014-07-15 22:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg20142014-07-15 22:15 - 2014-07-15 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG20142014-07-15 22:15 - 2014-07-15 22:14 - 00000000 ____D () C:\ProgramData\AVG20142014-07-15 22:14 - 2014-07-15 22:14 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ___HD () C:\$AVG2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-07-15 22:12 - 2014-07-15 22:12 - 00000000 ____D () C:\Program Files (x86)\AVG2014-07-15 22:04 - 2014-07-15 22:03 - 04755832 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-07-15 20:42 - 2014-07-15 20:42 - 00119558 _____ () C:\Users\Owner\Downloads\PB Hispanic Chamber FEF Presentation.pptx2014-07-11 23:56 - 2014-07-11 23:54 - 03932522 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (19).zip2014-07-11 22:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache2014-07-11 21:19 - 2014-07-11 21:19 - 01910719 ____N () C:\Users\Owner\Downloads\IBC14_0710.zip2014-07-11 20:36 - 2009-07-14 00:45 - 00275712 _____ () C:\windows\system32\FNTCACHE.DAT2014-07-11 20:34 - 2014-05-07 00:07 - 00000000 ___SD () C:\windows\system32\CompatTel2014-07-11 20:34 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-11 20:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism2014-07-11 20:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism2014-07-10 23:54 - 2013-07-21 10:43 - 00000000 ____D () C:\windows\system32\MRT2014-07-10 23:52 - 2010-11-20 23:02 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-07-10 22:55 - 2014-07-10 22:54 - 03915260 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (18).zip2014-07-09 00:34 - 2014-07-09 00:33 - 03842754 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (17).zip2014-07-08 23:52 - 2014-07-08 23:41 - 46306576 _____ (Installation Program) C:\Users\Owner\Downloads\bapinstaller.exe2014-07-08 23:38 - 2014-07-08 23:37 - 02402624 _____ () C:\Users\Owner\Downloads\VerizonWindowsInstaller.exe2014-07-08 21:20 - 2014-07-08 21:19 - 03841323 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (16).zip2014-07-08 21:07 - 2012-03-30 19:36 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-07-08 21:07 - 2012-03-30 19:35 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-07-08 21:07 - 2011-09-23 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-08 19:58 - 2014-06-22 14:50 - 00000000 ____D () C:\Users\Owner\Desktop\htconem8photos2014-07-06 22:27 - 2014-07-06 22:26 - 01785194 ____N () C:\Users\Owner\Downloads\IBC14_0706.zip2014-07-05 22:29 - 2014-07-05 22:29 - 03796636 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (15).zip2014-07-05 22:29 - 2014-07-05 22:28 - 01664392 ____N () C:\Users\Owner\Downloads\America_censored_Yeah.zip2014-07-03 18:25 - 2014-07-03 18:24 - 03799185 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (14).zip2014-07-01 23:01 - 2014-07-01 23:01 - 00015000 _____ () C:\Users\Owner\Downloads\astigersseries.zip2014-06-30 12:43 - 2014-06-30 12:43 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys2014-06-29 23:09 - 2014-06-29 23:09 - 01734337 ____N () C:\Users\Owner\Downloads\IBC14_0629.zip2014-06-29 22:09 - 2014-07-10 21:27 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-06-29 22:04 - 2014-07-10 21:27 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-06-28 23:44 - 2014-06-28 23:43 - 03752791 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (13).zip2014-06-28 23:44 - 2014-06-28 23:43 - 03752791 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (12).zip2014-06-26 23:12 - 2014-06-26 23:12 - 03716525 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (11).zip2014-06-26 21:19 - 2014-06-26 21:19 - 01709209 ____N () C:\Users\Owner\Downloads\IBC14_0626.zip2014-06-26 19:03 - 2014-06-26 19:03 - 21579918 _____ () C:\Users\Owner\Downloads\VIDEO0016.mp42014-06-25 21:27 - 2014-06-25 20:59 - 00000000 ____D () C:\Users\Owner\Desktop\Lily beginning2014-06-25 21:13 - 2014-06-25 21:04 - 00000000 ____D () C:\Users\Owner\Desktop\erin htc One 20142014-06-23 22:33 - 2014-06-23 22:32 - 03669818 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (10).zip2014-06-22 20:56 - 2014-06-22 20:56 - 01646446 ____N () C:\Users\Owner\Downloads\IBC14_0622 (1).zip2014-06-22 20:56 - 2014-06-22 20:56 - 01646446 _____ () C:\Users\Owner\Downloads\IBC14_0622.zip2014-06-22 00:14 - 2010-07-18 21:28 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-06-22 00:14 - 2010-07-18 21:28 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP:====================C:\Users\Owner\AppData\Local\Temp\avguidx.dllC:\Users\Owner\AppData\Local\Temp\CommonInstaller.exeC:\Users\Owner\AppData\Local\Temp\contentDATs.exeC:\Users\Owner\AppData\Local\Temp\jna1055410394220127404.dllC:\Users\Owner\AppData\Local\Temp\jna1073645731335081262.dllC:\Users\Owner\AppData\Local\Temp\jna1089234737564245298.dllC:\Users\Owner\AppData\Local\Temp\jna1265585676370952990.dllC:\Users\Owner\AppData\Local\Temp\jna127990445597468992.dllC:\Users\Owner\AppData\Local\Temp\jna1301368914540418725.dllC:\Users\Owner\AppData\Local\Temp\jna1338255137550711605.dllC:\Users\Owner\AppData\Local\Temp\jna1345494521560818300.dllC:\Users\Owner\AppData\Local\Temp\jna1348819289547376096.dllC:\Users\Owner\AppData\Local\Temp\jna1378459675680451388.dllC:\Users\Owner\AppData\Local\Temp\jna1408599061591347508.dllC:\Users\Owner\AppData\Local\Temp\jna1413721975258181491.dllC:\Users\Owner\AppData\Local\Temp\jna141657952164498110.dllC:\Users\Owner\AppData\Local\Temp\jna1496030830005005658.dllC:\Users\Owner\AppData\Local\Temp\jna1513459348249238754.dllC:\Users\Owner\AppData\Local\Temp\jna1524673651164537592.dllC:\Users\Owner\AppData\Local\Temp\jna1574467497722601740.dllC:\Users\Owner\AppData\Local\Temp\jna1580603678852781161.dllC:\Users\Owner\AppData\Local\Temp\jna1645965475949323265.dllC:\Users\Owner\AppData\Local\Temp\jna1656081241826479993.dllC:\Users\Owner\AppData\Local\Temp\jna1716538426897664777.dllC:\Users\Owner\AppData\Local\Temp\jna1767313942489924967.dllC:\Users\Owner\AppData\Local\Temp\jna1801867979433279340.dllC:\Users\Owner\AppData\Local\Temp\jna1815283812764045204.dllC:\Users\Owner\AppData\Local\Temp\jna1850960933250293754.dllC:\Users\Owner\AppData\Local\Temp\jna1867679894263075910.dllC:\Users\Owner\AppData\Local\Temp\jna191067944006807078.dllC:\Users\Owner\AppData\Local\Temp\jna1927289825285467540.dllC:\Users\Owner\AppData\Local\Temp\jna1940589474289515165.dllC:\Users\Owner\AppData\Local\Temp\jna1944614066371134996.dllC:\Users\Owner\AppData\Local\Temp\jna1970087269113460155.dllC:\Users\Owner\AppData\Local\Temp\jna2017633721869759595.dllC:\Users\Owner\AppData\Local\Temp\jna2020028590486784553.dllC:\Users\Owner\AppData\Local\Temp\jna2113559705531056055.dllC:\Users\Owner\AppData\Local\Temp\jna2137104367701114191.dllC:\Users\Owner\AppData\Local\Temp\jna2161722131168684103.dllC:\Users\Owner\AppData\Local\Temp\jna2199971991625516488.dllC:\Users\Owner\AppData\Local\Temp\jna2217530275308812001.dllC:\Users\Owner\AppData\Local\Temp\jna2229348768420652440.dllC:\Users\Owner\AppData\Local\Temp\jna2253567609384023264.dllC:\Users\Owner\AppData\Local\Temp\jna228318510833324664.dllC:\Users\Owner\AppData\Local\Temp\jna2328577765330815347.dllC:\Users\Owner\AppData\Local\Temp\jna2369314371924235151.dllC:\Users\Owner\AppData\Local\Temp\jna240548302079600137.dllC:\Users\Owner\AppData\Local\Temp\jna2418233799951787796.dllC:\Users\Owner\AppData\Local\Temp\jna2428935791446865617.dllC:\Users\Owner\AppData\Local\Temp\jna2435946527542576318.dllC:\Users\Owner\AppData\Local\Temp\jna2469959920894865431.dllC:\Users\Owner\AppData\Local\Temp\jna2509831631061981279.dllC:\Users\Owner\AppData\Local\Temp\jna2523271446376508757.dllC:\Users\Owner\AppData\Local\Temp\jna2537927882792538420.dllC:\Users\Owner\AppData\Local\Temp\jna2586768692225817985.dllC:\Users\Owner\AppData\Local\Temp\jna2594697291461913147.dllC:\Users\Owner\AppData\Local\Temp\jna2645571677015151069.dllC:\Users\Owner\AppData\Local\Temp\jna2735680648981203359.dllC:\Users\Owner\AppData\Local\Temp\jna2756681175888537788.dllC:\Users\Owner\AppData\Local\Temp\jna2827810566949453595.dllC:\Users\Owner\AppData\Local\Temp\jna2828391036122740736.dllC:\Users\Owner\AppData\Local\Temp\jna2892295468781768602.dllC:\Users\Owner\AppData\Local\Temp\jna2895870575592223102.dllC:\Users\Owner\AppData\Local\Temp\jna2895918678797225321.dllC:\Users\Owner\AppData\Local\Temp\jna2961393520522305924.dllC:\Users\Owner\AppData\Local\Temp\jna2985928321593966527.dllC:\Users\Owner\AppData\Local\Temp\jna3005641893859355318.dllC:\Users\Owner\AppData\Local\Temp\jna3027016499894709429.dllC:\Users\Owner\AppData\Local\Temp\jna3037078456381388547.dllC:\Users\Owner\AppData\Local\Temp\jna3062853685403050728.dllC:\Users\Owner\AppData\Local\Temp\jna3065867243328222421.dllC:\Users\Owner\AppData\Local\Temp\jna3069752364008478534.dllC:\Users\Owner\AppData\Local\Temp\jna307014461172785669.dllC:\Users\Owner\AppData\Local\Temp\jna3084295233232255021.dllC:\Users\Owner\AppData\Local\Temp\jna313228452834760646.dllC:\Users\Owner\AppData\Local\Temp\jna3142072920121137858.dllC:\Users\Owner\AppData\Local\Temp\jna3155038133243808512.dllC:\Users\Owner\AppData\Local\Temp\jna3164243799987185683.dllC:\Users\Owner\AppData\Local\Temp\jna3211549616934451642.dllC:\Users\Owner\AppData\Local\Temp\jna3267813023899180579.dllC:\Users\Owner\AppData\Local\Temp\jna3312013678864753244.dllC:\Users\Owner\AppData\Local\Temp\jna3396728693287280950.dllC:\Users\Owner\AppData\Local\Temp\jna3444654096113666702.dllC:\Users\Owner\AppData\Local\Temp\jna3478357878487589399.dllC:\Users\Owner\AppData\Local\Temp\jna3500833888180731504.dllC:\Users\Owner\AppData\Local\Temp\jna350130323847786012.dllC:\Users\Owner\AppData\Local\Temp\jna3577215428375015529.dllC:\Users\Owner\AppData\Local\Temp\jna3604327406098135628.dllC:\Users\Owner\AppData\Local\Temp\jna3615022425425878832.dllC:\Users\Owner\AppData\Local\Temp\jna361732402473682.dllC:\Users\Owner\AppData\Local\Temp\jna3654440175839414689.dllC:\Users\Owner\AppData\Local\Temp\jna3656584616937356981.dllC:\Users\Owner\AppData\Local\Temp\jna3709897726718360039.dllC:\Users\Owner\AppData\Local\Temp\jna3713905840728048779.dllC:\Users\Owner\AppData\Local\Temp\jna3750481549795837144.dllC:\Users\Owner\AppData\Local\Temp\jna3764312008363231733.dllC:\Users\Owner\AppData\Local\Temp\jna3772982672578239795.dllC:\Users\Owner\AppData\Local\Temp\jna3801742426493493225.dllC:\Users\Owner\AppData\Local\Temp\jna382629137699713869.dllC:\Users\Owner\AppData\Local\Temp\jna3841594382398555998.dllC:\Users\Owner\AppData\Local\Temp\jna3914893796064694303.dllC:\Users\Owner\AppData\Local\Temp\jna4022637142825171109.dllC:\Users\Owner\AppData\Local\Temp\jna4041414395083187497.dllC:\Users\Owner\AppData\Local\Temp\jna4082859652863286553.dllC:\Users\Owner\AppData\Local\Temp\jna4129255236051890007.dllC:\Users\Owner\AppData\Local\Temp\jna4134260619350896236.dllC:\Users\Owner\AppData\Local\Temp\jna4143303086466086913.dllC:\Users\Owner\AppData\Local\Temp\jna4149463184019568982.dllC:\Users\Owner\AppData\Local\Temp\jna4196481678644158245.dllC:\Users\Owner\AppData\Local\Temp\jna4199565959882591509.dllC:\Users\Owner\AppData\Local\Temp\jna4220374977280582286.dllC:\Users\Owner\AppData\Local\Temp\jna4253135213975081978.dllC:\Users\Owner\AppData\Local\Temp\jna4253400650983658442.dllC:\Users\Owner\AppData\Local\Temp\jna4268522948304728567.dllC:\Users\Owner\AppData\Local\Temp\jna4284877007224748757.dllC:\Users\Owner\AppData\Local\Temp\jna4304093955072418001.dllC:\Users\Owner\AppData\Local\Temp\jna4312919535713411569.dllC:\Users\Owner\AppData\Local\Temp\jna4324095293115301064.dllC:\Users\Owner\AppData\Local\Temp\jna4362261550043755591.dllC:\Users\Owner\AppData\Local\Temp\jna4411779524320667613.dllC:\Users\Owner\AppData\Local\Temp\jna4414700258781765186.dllC:\Users\Owner\AppData\Local\Temp\jna4428026053115852264.dllC:\Users\Owner\AppData\Local\Temp\jna4432179026936031362.dllC:\Users\Owner\AppData\Local\Temp\jna4483270876263442655.dllC:\Users\Owner\AppData\Local\Temp\jna4497347906593145865.dllC:\Users\Owner\AppData\Local\Temp\jna45577432389619273.dllC:\Users\Owner\AppData\Local\Temp\jna4561348944493028065.dllC:\Users\Owner\AppData\Local\Temp\jna4584910649214283505.dllC:\Users\Owner\AppData\Local\Temp\jna477492906712338995.dllC:\Users\Owner\AppData\Local\Temp\jna4779856219341661400.dllC:\Users\Owner\AppData\Local\Temp\jna4800010619957898710.dllC:\Users\Owner\AppData\Local\Temp\jna4835326447777631659.dllC:\Users\Owner\AppData\Local\Temp\jna4860029119200075466.dllC:\Users\Owner\AppData\Local\Temp\jna4861363463722171465.dllC:\Users\Owner\AppData\Local\Temp\jna4886612317329354315.dllC:\Users\Owner\AppData\Local\Temp\jna4912277343437799050.dllC:\Users\Owner\AppData\Local\Temp\jna4931909810819809028.dllC:\Users\Owner\AppData\Local\Temp\jna4945229504155667943.dllC:\Users\Owner\AppData\Local\Temp\jna5021525203642597194.dllC:\Users\Owner\AppData\Local\Temp\jna5034256790370779110.dllC:\Users\Owner\AppData\Local\Temp\jna5065008735481289.dllC:\Users\Owner\AppData\Local\Temp\jna5078127617711254055.dllC:\Users\Owner\AppData\Local\Temp\jna5083836432665435381.dllC:\Users\Owner\AppData\Local\Temp\jna51438985191536595.dllC:\Users\Owner\AppData\Local\Temp\jna5272732618646975287.dllC:\Users\Owner\AppData\Local\Temp\jna5302560956159052006.dllC:\Users\Owner\AppData\Local\Temp\jna5331773368275542884.dllC:\Users\Owner\AppData\Local\Temp\jna5336873960719145873.dllC:\Users\Owner\AppData\Local\Temp\jna5341790792077835722.dllC:\Users\Owner\AppData\Local\Temp\jna5344666149690115126.dllC:\Users\Owner\AppData\Local\Temp\jna5345684084140583143.dllC:\Users\Owner\AppData\Local\Temp\jna5379865247257532819.dllC:\Users\Owner\AppData\Local\Temp\jna5410436458805809943.dllC:\Users\Owner\AppData\Local\Temp\jna5516488020769079650.dllC:\Users\Owner\AppData\Local\Temp\jna558010010997087494.dllC:\Users\Owner\AppData\Local\Temp\jna5653542993109469013.dllC:\Users\Owner\AppData\Local\Temp\jna5695151716466104724.dllC:\Users\Owner\AppData\Local\Temp\jna5851357491536793185.dllC:\Users\Owner\AppData\Local\Temp\jna586920566669692761.dllC:\Users\Owner\AppData\Local\Temp\jna5884016690907365101.dllC:\Users\Owner\AppData\Local\Temp\jna5898300810310006489.dllC:\Users\Owner\AppData\Local\Temp\jna595793160003884214.dllC:\Users\Owner\AppData\Local\Temp\jna6053173396507301516.dllC:\Users\Owner\AppData\Local\Temp\jna6108004408687073315.dllC:\Users\Owner\AppData\Local\Temp\jna6108203511628226254.dllC:\Users\Owner\AppData\Local\Temp\jna6226894827182579394.dllC:\Users\Owner\AppData\Local\Temp\jna6229511218587484758.dllC:\Users\Owner\AppData\Local\Temp\jna6285616861569946725.dllC:\Users\Owner\AppData\Local\Temp\jna6291850023169026054.dllC:\Users\Owner\AppData\Local\Temp\jna6295035365988348052.dllC:\Users\Owner\AppData\Local\Temp\jna6334046092770322968.dllC:\Users\Owner\AppData\Local\Temp\jna635663741139323603.dllC:\Users\Owner\AppData\Local\Temp\jna6379538355747710084.dllC:\Users\Owner\AppData\Local\Temp\jna645814274414356079.dllC:\Users\Owner\AppData\Local\Temp\jna6515816975864405405.dllC:\Users\Owner\AppData\Local\Temp\jna6525045410228419854.dllC:\Users\Owner\AppData\Local\Temp\jna654588678970475635.dllC:\Users\Owner\AppData\Local\Temp\jna6566616626067555484.dllC:\Users\Owner\AppData\Local\Temp\jna6632756193070054768.dllC:\Users\Owner\AppData\Local\Temp\jna6667856229689338824.dllC:\Users\Owner\AppData\Local\Temp\jna6669023402398644127.dllC:\Users\Owner\AppData\Local\Temp\jna6779784740513243803.dllC:\Users\Owner\AppData\Local\Temp\jna6786850965707728957.dllC:\Users\Owner\AppData\Local\Temp\jna6821461349221561943.dllC:\Users\Owner\AppData\Local\Temp\jna6836203555943423326.dllC:\Users\Owner\AppData\Local\Temp\jna6852748717023617129.dllC:\Users\Owner\AppData\Local\Temp\jna685353392993797960.dllC:\Users\Owner\AppData\Local\Temp\jna6884692819980808954.dllC:\Users\Owner\AppData\Local\Temp\jna6921397778676949556.dllC:\Users\Owner\AppData\Local\Temp\jna694301182309012124.dllC:\Users\Owner\AppData\Local\Temp\jna6957268513071175047.dllC:\Users\Owner\AppData\Local\Temp\jna6963944392577325395.dllC:\Users\Owner\AppData\Local\Temp\jna6978106619197228332.dllC:\Users\Owner\AppData\Local\Temp\jna6988108271621434392.dllC:\Users\Owner\AppData\Local\Temp\jna7007860799504926931.dllC:\Users\Owner\AppData\Local\Temp\jna7008241526921378853.dllC:\Users\Owner\AppData\Local\Temp\jna7034558343969092770.dllC:\Users\Owner\AppData\Local\Temp\jna7060563050487800505.dllC:\Users\Owner\AppData\Local\Temp\jna7120220566127010029.dllC:\Users\Owner\AppData\Local\Temp\jna7249906907525416813.dllC:\Users\Owner\AppData\Local\Temp\jna7258860542351408454.dllC:\Users\Owner\AppData\Local\Temp\jna7296635038863415624.dllC:\Users\Owner\AppData\Local\Temp\jna731502063672682196.dllC:\Users\Owner\AppData\Local\Temp\jna7365726896964739441.dllC:\Users\Owner\AppData\Local\Temp\jna7376634990843928982.dllC:\Users\Owner\AppData\Local\Temp\jna7409958990271372215.dllC:\Users\Owner\AppData\Local\Temp\jna7410128475298463746.dllC:\Users\Owner\AppData\Local\Temp\jna7430430455485643715.dllC:\Users\Owner\AppData\Local\Temp\jna7442427099195692757.dllC:\Users\Owner\AppData\Local\Temp\jna7444490974465043941.dllC:\Users\Owner\AppData\Local\Temp\jna7467896732558879212.dllC:\Users\Owner\AppData\Local\Temp\jna7477276558307117706.dllC:\Users\Owner\AppData\Local\Temp\jna7506651533749795515.dllC:\Users\Owner\AppData\Local\Temp\jna7537813807773465182.dllC:\Users\Owner\AppData\Local\Temp\jna754422110778155529.dllC:\Users\Owner\AppData\Local\Temp\jna7551202998778283700.dllC:\Users\Owner\AppData\Local\Temp\jna7572465817287009577.dllC:\Users\Owner\AppData\Local\Temp\jna7582005285413423908.dllC:\Users\Owner\AppData\Local\Temp\jna7690641367319228898.dllC:\Users\Owner\AppData\Local\Temp\jna7698100106532435214.dllC:\Users\Owner\AppData\Local\Temp\jna7700193672020811743.dllC:\Users\Owner\AppData\Local\Temp\jna7705564435606168316.dllC:\Users\Owner\AppData\Local\Temp\jna7725289901829707056.dllC:\Users\Owner\AppData\Local\Temp\jna7734671901369106244.dllC:\Users\Owner\AppData\Local\Temp\jna7759497930355525751.dllC:\Users\Owner\AppData\Local\Temp\jna7768841162359542638.dllC:\Users\Owner\AppData\Local\Temp\jna7803515674203191796.dllC:\Users\Owner\AppData\Local\Temp\jna7807397126480674840.dllC:\Users\Owner\AppData\Local\Temp\jna7936408840488875699.dllC:\Users\Owner\AppData\Local\Temp\jna7986096234774717324.dllC:\Users\Owner\AppData\Local\Temp\jna8000422898631349852.dllC:\Users\Owner\AppData\Local\Temp\jna8067162821282140300.dllC:\Users\Owner\AppData\Local\Temp\jna8071555603912291741.dllC:\Users\Owner\AppData\Local\Temp\jna8133324460145535223.dllC:\Users\Owner\AppData\Local\Temp\jna8182213396677485942.dllC:\Users\Owner\AppData\Local\Temp\jna8210959633176675751.dllC:\Users\Owner\AppData\Local\Temp\jna8271523404728139759.dllC:\Users\Owner\AppData\Local\Temp\jna8284235807254542459.dllC:\Users\Owner\AppData\Local\Temp\jna8297680020154361726.dllC:\Users\Owner\AppData\Local\Temp\jna8316540396313167892.dllC:\Users\Owner\AppData\Local\Temp\jna833555766385676975.dllC:\Users\Owner\AppData\Local\Temp\jna8339046905114866762.dllC:\Users\Owner\AppData\Local\Temp\jna8390166455458190193.dllC:\Users\Owner\AppData\Local\Temp\jna8393855062354365697.dllC:\Users\Owner\AppData\Local\Temp\jna8396234797334622748.dllC:\Users\Owner\AppData\Local\Temp\jna8416022480737296104.dllC:\Users\Owner\AppData\Local\Temp\jna8426056621742441602.dllC:\Users\Owner\AppData\Local\Temp\jna8476986077385241060.dllC:\Users\Owner\AppData\Local\Temp\jna8484502264119813862.dllC:\Users\Owner\AppData\Local\Temp\jna8486329879967238906.dllC:\Users\Owner\AppData\Local\Temp\jna8493114186821050151.dllC:\Users\Owner\AppData\Local\Temp\jna8528085553503596366.dllC:\Users\Owner\AppData\Local\Temp\jna8531787249759903430.dllC:\Users\Owner\AppData\Local\Temp\jna8570130788753002254.dllC:\Users\Owner\AppData\Local\Temp\jna8578705908199298278.dllC:\Users\Owner\AppData\Local\Temp\jna8608661622661301450.dllC:\Users\Owner\AppData\Local\Temp\jna8617431188968661086.dllC:\Users\Owner\AppData\Local\Temp\jna8628100531392644011.dllC:\Users\Owner\AppData\Local\Temp\jna863793844727574835.dllC:\Users\Owner\AppData\Local\Temp\jna8657076799159017766.dllC:\Users\Owner\AppData\Local\Temp\jna8713991559301363775.dllC:\Users\Owner\AppData\Local\Temp\jna8716098565859953792.dllC:\Users\Owner\AppData\Local\Temp\jna8776122699420467089.dllC:\Users\Owner\AppData\Local\Temp\jna8825971730381371969.dllC:\Users\Owner\AppData\Local\Temp\jna8871640359453611492.dllC:\Users\Owner\AppData\Local\Temp\jna8875762002979259583.dllC:\Users\Owner\AppData\Local\Temp\jna8881592656392740922.dllC:\Users\Owner\AppData\Local\Temp\jna8935842394902348670.dllC:\Users\Owner\AppData\Local\Temp\jna9000047029031431415.dllC:\Users\Owner\AppData\Local\Temp\jna9015740863254145876.dllC:\Users\Owner\AppData\Local\Temp\jna9018805451120928554.dllC:\Users\Owner\AppData\Local\Temp\jna9190108094731004652.dllC:\Users\Owner\AppData\Local\Temp\jna9212377506602501615.dllC:\Users\Owner\AppData\Local\Temp\jna9217790140952977226.dllC:\Users\Owner\AppData\Local\Temp\jna947411726773802395.dllC:\Users\Owner\AppData\Local\Temp\jna949072021451394907.dllC:\Users\Owner\AppData\Local\Temp\jna979046585045349411.dllC:\Users\Owner\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\MachineIdCreator.exeC:\Users\Owner\AppData\Local\Temp\MotoCast_Installer_1.2.8.exeC:\Users\Owner\AppData\Local\Temp\oi_{E252F3E3-9D7A-4BF8-9187-B50066F28CF9}.exeC:\Users\Owner\AppData\Local\Temp\qdxnuzeg.dllC:\Users\Owner\AppData\Local\Temp\Quarantine.exeC:\Users\Owner\AppData\Local\Temp\rtdrvmon.exeC:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\Owner\AppData\Local\Temp\SendMsg.dllC:\Users\Owner\AppData\Local\Temp\Setup.exeC:\Users\Owner\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite10193.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite11484.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite11837.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite15498.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite17534.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite18767.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite23106.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite23774.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite29779.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite29985.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite32388.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite33533.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite37381.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite40506.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite43636.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite44268.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite46417.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite48242.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite48871.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite50378.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite50762.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite54897.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite55076.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite55208.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite58610.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite61463.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite62121.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite62176.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite66573.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite66840.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite68968.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite69936.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite70486.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite73246.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite76176.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite77068.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite77210.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite79026.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite79189.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite82277.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite83159.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite83789.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite84913.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite86192.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite90391.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite90848.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite93473.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite94787.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite95414.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite95823.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite95949.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite96420.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite96669.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite96914.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite98487.dllC:\Users\Owner\AppData\Local\Temp\System.Data.SQLite98756.dllC:\Users\Owner\AppData\Local\Temp\ToolbarInstaller.exeC:\Users\Owner\AppData\Local\Temp\zclneq8h.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 21:40 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted July 23, 2014 ID:856820 Share Posted July 23, 2014 Hi, Ran by Owner (administrator) on OWNER-PC on 22-07-2014 19:51:01 Running from C:\Users\Owner\Downloads it is OK. But please run the next tool from Desktop (copy from Download to Desktop). Please download Combofix (by sUBs) and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start Combofix.exe and follow its instructions.Do not use the computer while the scan is running. This may cause the program to stall.When finished, a log file will be displayed (that can also be found at C:\Combofix.txt). Please copy and paste the contents of this file into your next post.Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer. (You can find more detailed instructions in this guide on using Combofix.) Link to post Share on other sites More sharing options...
erinpaige Posted July 23, 2014 Author ID:856986 Share Posted July 23, 2014 ComboFix 14-07-22.01 - Owner 07/23/2014 18:44:36.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.816 [GMT -4:00]Running from: c:\users\Owner\Desktop\ComboFix.exeAV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2014-06-23 to 2014-07-23 )))))))))))))))))))))))))))))))..2014-07-23 22:59 . 2014-07-23 22:59 -------- d-----w- c:\users\Default\AppData\Local\temp2014-07-22 23:41 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-07-22 23:39 . 2014-07-22 23:41 -------- d-----w- C:\AdwCleaner2014-07-21 23:35 . 2014-07-22 23:54 -------- d-----w- C:\FRST2014-07-18 00:18 . 2014-07-19 01:38 -------- d-----w- c:\users\Owner\AppData\Local\AVG Web TuneUp2014-07-18 00:18 . 2014-07-18 00:16 50464 ----a-w- c:\windows\system32\drivers\avgtpx64.sys2014-07-18 00:17 . 2014-07-18 00:18 -------- d-----w- c:\programdata\AVG Web TuneUp2014-07-18 00:17 . 2014-07-18 00:17 -------- d-----w- c:\program files (x86)\AVG Web TuneUp2014-07-17 02:13 . 2014-07-17 04:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-07-17 00:42 . 2014-07-23 22:39 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-07-17 00:40 . 2014-07-18 00:12 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-07-17 00:40 . 2014-07-17 00:40 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-07-17 00:40 . 2014-07-17 00:40 -------- d-----w- c:\programdata\Malwarebytes2014-07-17 00:40 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-07-17 00:40 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-07-16 02:15 . 2014-07-16 02:15 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG20142014-07-16 02:14 . 2014-07-16 02:15 -------- d-----w- c:\programdata\AVG20142014-07-16 02:14 . 2014-07-16 02:14 -------- d-----w- C:\$AVG2014-07-16 02:12 . 2014-07-16 02:12 -------- d-----w- c:\program files (x86)\AVG2014-07-16 02:04 . 2014-07-16 02:55 -------- d-----w- c:\users\Owner\AppData\Local\Avg20142014-07-12 00:45 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37965C92-145D-464E-BDC1-309D436CEE70}\mpengine.dll2014-07-11 01:23 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-07-11 01:23 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll2014-07-11 01:23 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2014-06-30 16:43 . 2014-06-30 16:43 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-11 03:52 . 2010-11-21 03:02 96441528 ----a-w- c:\windows\system32\MRT.exe2014-07-09 01:07 . 2012-03-30 23:35 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-07-09 01:07 . 2011-09-24 02:52 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-06-17 20:21 . 2014-06-17 20:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys2014-06-17 20:07 . 2014-06-17 20:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys2014-06-17 20:06 . 2014-06-17 20:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys2014-06-17 20:06 . 2014-06-17 20:06 190744 ----a-w- c:\windows\system32\drivers\avgidsha.sys2014-06-17 20:06 . 2014-06-17 20:06 242968 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys2014-06-17 20:06 . 2014-06-17 20:06 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys2014-06-17 20:06 . 2014-06-17 20:06 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys2014-04-25 02:34 . 2014-06-15 02:14 801280 ----a-w- c:\windows\system32\usp10.dll2014-04-25 02:06 . 2014-06-15 02:14 626688 ----a-w- c:\windows\SysWow64\usp10.dll2011-11-11 02:31 . 2011-11-11 02:29 13282121 ----a-w- c:\program files\War2Combat305.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Amazon Cloud Player"="c:\users\Owner\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-11-24 3139072]"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE" [2013-01-24 297024].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2013-03-28 1058880]"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-07-10 5187088].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-6-24 9216].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u wsauth livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]@="".R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [x]R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys;c:\windows\SYSNATIVE\DRIVERS\ssfmonm.sys [x]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [x]S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys;c:\windows\SYSNATIVE\Drivers\vmwvusb.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-07-19 02:20 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 01:07].2014-07-23 c:\windows\Tasks\EPSON XP-310 Series Invitation {0B27C824-AF46-476A-B592-12B2DD9EAFF4}.job- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-12-13 06:20].2014-07-23 c:\windows\Tasks\EPSON XP-310 Series Invitation {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12}.job- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-12-13 06:20].2014-07-23 c:\windows\Tasks\EPSON XP-310 Series Update {0B27C824-AF46-476A-B592-12B2DD9EAFF4}.job- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-12-13 06:20].2014-07-23 c:\windows\Tasks\EPSON XP-310 Series Update {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12}.job- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-12-13 06:20].2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 01:28].2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 01:28].2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000Core.job- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 23:20].2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000UA.job- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 23:20]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]"lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2009-04-27 74408].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = www.google.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <-loopback>;192.168.*.*IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{4C93EEAE-8387-4A74-B63C-9CE870BF98E8}: DhcpNameServer = 192.168.1.1TCP: Interfaces\{4C93EEAE-8387-4A74-B63C-9CE870BF98E8}\84453463532353C46575026393022403: DhcpNameServer = 192.168.1.1TCP: Interfaces\{4C93EEAE-8387-4A74-B63C-9CE870BF98E8}\94E647562777562605F6274716C6: DhcpNameServer = 75.75.75.75 75.75.76.76FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l260stbr.default\.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-TomTomHOME.exe - c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exeWow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEHKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exeHKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exeHKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exeHKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exeHKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exeHKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exeHKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exeHKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a, ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db, f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13, 36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99, 0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:61,6a,e3,28,07,29,ce,01.[HKEY_USERS\S-1-5-21-1990790332-1153374141-1900704237-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-1990790332-1153374141-1900704237-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.14".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-07-23 19:03:57ComboFix-quarantined-files.txt 2014-07-23 23:03.Pre-Run: 197,828,497,408 bytes freePost-Run: 200,285,528,064 bytes free.- - End Of File - - 3DB4756D3D2F357CDC2BEE924269F26A5B5E648D12FCADC244C1EC30318E1EB9 Link to post Share on other sites More sharing options...
deeprybka Posted July 24, 2014 ID:857052 Share Posted July 24, 2014 Hi, Step 1 Scan with Malwarebytes AntimalwarePlease update the database by clicking on the "Update Now" button.Following the update and click "Settings" and go to "Detection and Protection"Make sure "Scan for Rootkits" is checked.Click on Dashboard, then click on Scan Now to start the scan. (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)A window with an option to view the detailed log will appear. Click on "View Detailed Log".After viewing the results, please click on the "Copy to Clipboard" button and then OK.Return to our forum. Paste your log into your next reply.Step 2 Please download the ESET Online Scanner and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start esetsmartinstaller_enu.exe with administartor privileges.Select the option Yes, I accept the Terms of Use and click on Start.Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.Now click on Advanced Settings and select the following:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick on Start. The virus signature database will begin to download. This may take some time.When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!Now click on FinishA log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt. Copy and paste the content of this log file in your next reply.Note: Do not forget to re-enable your antivirus application after running the above scan! Step 3 Start FRST with administator privileges.Make sure the following option is checked: Press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from. Please copy and paste these logs in your next reply. Link to post Share on other sites More sharing options...
erinpaige Posted July 25, 2014 Author ID:857522 Share Posted July 25, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/24/2014Scan Time: 7:48:58 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.24.09Rootkit Database: v2014.07.17.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Owner Scan Type: Threat ScanResult: CompletedObjects Scanned: 342984Time Elapsed: 50 min, 48 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
erinpaige Posted July 25, 2014 Author ID:857660 Share Posted July 25, 2014 C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir Win32/Bundled.Toolbar.Ask.E potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\EPNV64\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\EPNV64\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\EPNV64\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\EPNV64\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\EPNV64\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\EPNV64\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\EPNV64\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\EPNV64\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\EPNV64\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\EPNV64\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\EPNV64\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.5.zip.vir a variant of Win32/Mobogenie.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted applicationC:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\l260stbr.default\Cache\9\3B\E1C0Ad01 JS/Toolbar.Crossrider.A potentially unwanted applicationC:\Users\Owner\Documents\APNSetup.exe Win32/Bundled.Toolbar.Ask.E potentially unsafe applicationC:\Users\Owner\Downloads\DownloadSetup.exe Win32/InstallMate.A potentially unwanted applicationC:\Users\Owner\Downloads\epson15216.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-EPNV64[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-EPNV64[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-EPNV64[3].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-EPNV64[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-EPNV64[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-EPNV64[3].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application Link to post Share on other sites More sharing options...
erinpaige Posted July 25, 2014 Author ID:857670 Share Posted July 25, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01Ran by Owner (administrator) on OWNER-PC on 25-07-2014 07:57:00Running from C:\Users\Owner\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe( ) C:\Windows\System32\lxczcoms.exe(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe(Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe() C:\Users\Owner\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Silverlight_x64.exe(Microsoft Corporation) C:\ec9d78b80df147fc7bc1501fb0\install.exe(Microsoft Corporation) C:\Windows\System32\msiexec.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe(Microsoft Corporation) C:\Windows\Installer\MSID5A8.tmp(Microsoft Corporation) C:\Program Files\Microsoft Silverlight\5.1.30514.0\coregen.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-24] (TOSHIBA Corporation)HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe [74408 2009-04-27] (Lexmark International, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Run: [Amazon Cloud Player] => C:\Users\Owner\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Run: [EPLTarget\P0000000000000001] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope {B70C8C06-E07D-4550-9D57-FBE5D6A57401} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {B70C8C06-E07D-4550-9D57-FBE5D6A57401} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKLM-x32 - {E5DC73B2-E8F0-4185-B056-9BECD5D441B2} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}SearchScopes: HKCU - {3CA04391-9CA5-4000-8DA5-E1AE9DE85A84} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS407US408SearchScopes: HKCU - {B70C8C06-E07D-4550-9D57-FBE5D6A57401} URL = SearchScopes: HKCU - {E5DC73B2-E8F0-4185-B056-9BECD5D441B2} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l260stbr.defaultFF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xmlFF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpiFF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: =======CHR HomePage: https://mysearch.avg.com?cid={3596CAB4-F10B-454E-B783-355EEC571130}&mid=29f321c6055a47d0ae35b1a22fdb5a9c-be6688d8e3549667a3ad7bbd768f912983e1116d〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-07-17 20:18:21&v=3.1.0.6&pid=wtu&sg=&sap=hp CHR StartupUrls: "https://mysearch.avg.com?cid={3596CAB4-F10B-454E-B783-355EEC571130}&mid=29f321c6055a47d0ae35b1a22fdb5a9c-be6688d8e3549667a3ad7bbd768f912983e1116d〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-07-17 20:18:21&v=3.1.0.6&pid=wtu&sg=&sap=hp" CHR DefaultSearchKeyword: mysearch.avg.comCHR DefaultSearchProvider: AVG Secure SearchCHR DefaultSearchURL: https://mysearch.avg.com/search?cid={3596CAB4-F10B-454E-B783-355EEC571130}&mid=29f321c6055a47d0ae35b1a22fdb5a9c-be6688d8e3549667a3ad7bbd768f912983e1116d〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-07-17 20:18:21&v=3.1.0.6&pid=wtu&sg=&sap=dsp&q={searchTerms} CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05]CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-05]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-05]CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-05]CHR Extension: (Hangouts) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-03-14]CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-05]CHR HKLM-x32\...\Chrome\Extension: [aaaakabcghbhlohjjnonbaadlhlkhaob] - C:\ProgramData\AskPartnerNetwork\Toolbar\EPNV64\CRX\ToolbarCR.crx [2013-10-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R2 lxcz_device; C:\windows\system32\lxczcoms.exe [566192 2007-04-19] ( )R2 lxcz_device; C:\windows\SysWOW64\lxczcoms.exe [537520 2007-04-19] ( )R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [361472 2011-06-13] (Alcatel-Lucent) [File not signed]R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [441344 2011-06-13] (Alcatel-Lucent) [File not signed]S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-01] ()R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed]R2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe [3872776 2010-09-22] (Webroot Software, Inc. (www.webroot.com))S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-07-17] (AVG Technologies)S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-07-05] (LeapFrog)S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)R2 ssfmonm; C:\Windows\System32\DRIVERS\ssfmonm.sys [55360 2010-06-17] (Webroot Software, Inc. (www.webroot.com))R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [136224 2010-06-17] (Webroot Software, Inc. (www.webroot.com))S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-25 07:56 - 2014-07-25 07:56 - 00013314 _____ () C:\Users\Owner\Desktop\FRST64 - Shortcut.lnk2014-07-25 07:56 - 2014-07-25 07:56 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion2014-07-24 22:50 - 2014-07-24 22:50 - 02030424 ____N () C:\Users\Owner\Downloads\IBC14_0724.zip2014-07-24 21:32 - 2014-07-24 21:32 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-24 21:31 - 2014-07-24 21:31 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu (1).exe2014-07-24 21:30 - 2014-07-24 21:30 - 02347384 _____ (ESET) C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe2014-07-23 22:57 - 2014-07-23 22:57 - 00003009 _____ () C:\windows\baseball.INI2014-07-23 19:03 - 2014-07-23 19:03 - 00025907 _____ () C:\ComboFix.txt2014-07-23 18:41 - 2011-06-26 02:45 - 00256000 _____ () C:\windows\PEV.exe2014-07-23 18:41 - 2010-11-07 13:20 - 00208896 _____ () C:\windows\MBR.exe2014-07-23 18:41 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe2014-07-23 18:41 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe2014-07-23 18:41 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe2014-07-23 18:41 - 2000-08-30 20:00 - 00098816 _____ () C:\windows\sed.exe2014-07-23 18:41 - 2000-08-30 20:00 - 00080412 _____ () C:\windows\grep.exe2014-07-23 18:41 - 2000-08-30 20:00 - 00068096 _____ () C:\windows\zip.exe2014-07-23 18:40 - 2014-07-23 19:04 - 00000000 ____D () C:\Qoobox2014-07-23 18:39 - 2014-07-23 19:01 - 00000000 ____D () C:\windows\erdnt2014-07-23 18:36 - 2014-07-23 18:37 - 05562024 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe2014-07-22 23:20 - 2014-07-22 23:20 - 04046619 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (20).zip2014-07-22 19:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll2014-07-22 19:39 - 2014-07-22 19:41 - 00000000 ____D () C:\AdwCleaner2014-07-22 19:38 - 2014-07-22 19:38 - 01354223 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe2014-07-21 21:15 - 2014-07-21 21:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1D54AAA1-D7E5-404E-9205-936F0AB5320B}2014-07-21 19:41 - 2014-07-21 19:42 - 00038865 _____ () C:\Users\Owner\Downloads\Addition.txt2014-07-21 19:40 - 2014-07-25 07:56 - 02093568 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe2014-07-21 19:36 - 2014-07-25 07:59 - 00023915 _____ () C:\Users\Owner\Downloads\FRST.txt2014-07-21 19:35 - 2014-07-25 07:57 - 00000000 ____D () C:\FRST2014-07-20 22:34 - 2014-07-20 22:35 - 01813321 ____N () C:\Users\Owner\Downloads\IBC14_0720.zip2014-07-18 22:05 - 2014-07-18 22:05 - 01780442 ____N () C:\Users\Owner\Downloads\IBC14_0717.zip2014-07-17 20:18 - 2014-07-18 21:38 - 00000000 ____D () C:\Users\Owner\AppData\Local\AVG Web TuneUp2014-07-17 20:18 - 2014-07-17 20:16 - 00050464 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys2014-07-17 20:17 - 2014-07-17 20:18 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp2014-07-17 20:17 - 2014-07-17 20:17 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp2014-07-16 22:13 - 2014-07-17 00:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-16 22:12 - 2014-07-17 00:13 - 00000000 ____D () C:\Users\Owner\Desktop\mbar2014-07-16 22:11 - 2014-07-16 22:12 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012 (1).exe2014-07-16 22:09 - 2014-07-16 22:10 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012.exe2014-07-16 20:42 - 2014-07-24 19:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-07-16 20:41 - 2014-07-16 20:41 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-16 20:40 - 2014-07-17 20:12 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-07-16 20:40 - 2014-07-16 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-07-16 20:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-07-16 20:39 - 2014-07-16 20:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-07-16 20:38 - 2014-07-16 20:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe2014-07-15 22:15 - 2014-07-15 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG20142014-07-15 22:14 - 2014-07-15 22:15 - 00000000 ____D () C:\ProgramData\AVG20142014-07-15 22:14 - 2014-07-15 22:14 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ____D () C:\$AVG2014-07-15 22:12 - 2014-07-15 22:12 - 00000000 ____D () C:\Program Files (x86)\AVG2014-07-15 22:04 - 2014-07-15 22:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg20142014-07-15 22:03 - 2014-07-15 22:04 - 04755832 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-07-15 20:42 - 2014-07-15 20:42 - 00119558 _____ () C:\Users\Owner\Downloads\PB Hispanic Chamber FEF Presentation.pptx2014-07-11 23:54 - 2014-07-11 23:56 - 03932522 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (19).zip2014-07-11 21:19 - 2014-07-11 21:19 - 01910719 ____N () C:\Users\Owner\Downloads\IBC14_0710.zip2014-07-10 22:54 - 2014-07-10 22:55 - 03915260 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (18).zip2014-07-10 21:28 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2014-07-10 21:28 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-07-10 21:28 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-07-10 21:28 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-07-10 21:28 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-07-10 21:28 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-07-10 21:28 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-07-10 21:28 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-07-10 21:28 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-07-10 21:28 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-07-10 21:28 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-07-10 21:28 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-07-10 21:28 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-07-10 21:28 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-10 21:28 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-07-10 21:28 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-07-10 21:28 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-07-10 21:28 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-07-10 21:28 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-07-10 21:27 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-07-10 21:27 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-07-10 21:27 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2014-07-10 21:27 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-07-10 21:27 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2014-07-10 21:27 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-07-10 21:27 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-07-10 21:27 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-07-10 21:27 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2014-07-10 21:27 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-07-10 21:27 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-07-10 21:27 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-07-10 21:27 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-07-10 21:27 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-07-10 21:27 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2014-07-10 21:27 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-07-10 21:27 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-07-10 21:27 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-07-10 21:27 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-07-10 21:27 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-07-10 21:27 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-07-10 21:27 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-07-10 21:27 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2014-07-10 21:27 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-07-10 21:27 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-07-10 21:27 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-07-10 21:27 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2014-07-10 21:27 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-07-10 21:27 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-07-10 21:27 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-07-10 21:27 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-07-10 21:27 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-07-10 21:27 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-07-10 21:27 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-07-10 21:27 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2014-07-10 21:27 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-07-10 21:27 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-07-10 21:27 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-07-10 21:27 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-07-10 21:27 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe2014-07-10 21:27 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe2014-07-10 21:27 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-07-10 21:27 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll2014-07-10 21:27 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2014-07-10 21:27 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys2014-07-10 21:23 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2014-07-10 21:23 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll2014-07-10 21:23 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2014-07-09 00:33 - 2014-07-09 00:34 - 03842754 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (17).zip2014-07-08 23:41 - 2014-07-08 23:52 - 46306576 _____ (Installation Program) C:\Users\Owner\Downloads\bapinstaller.exe2014-07-08 23:37 - 2014-07-08 23:38 - 02402624 _____ () C:\Users\Owner\Downloads\VerizonWindowsInstaller.exe2014-07-08 21:19 - 2014-07-08 21:20 - 03841323 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (16).zip2014-07-06 22:26 - 2014-07-06 22:27 - 01785194 ____N () C:\Users\Owner\Downloads\IBC14_0706.zip2014-07-05 22:29 - 2014-07-05 22:29 - 03796636 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (15).zip2014-07-05 22:28 - 2014-07-05 22:29 - 01664392 ____N () C:\Users\Owner\Downloads\America_censored_Yeah.zip2014-07-03 18:24 - 2014-07-03 18:25 - 03799185 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (14).zip2014-07-01 23:01 - 2014-07-01 23:01 - 00015000 _____ () C:\Users\Owner\Downloads\astigersseries.zip2014-06-30 12:43 - 2014-06-30 12:43 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys2014-06-29 23:09 - 2014-06-29 23:09 - 01734337 ____N () C:\Users\Owner\Downloads\IBC14_0629.zip2014-06-28 23:43 - 2014-06-28 23:44 - 03752791 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (13).zip2014-06-28 23:43 - 2014-06-28 23:44 - 03752791 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (12).zip2014-06-26 23:12 - 2014-06-26 23:12 - 03716525 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (11).zip2014-06-26 21:19 - 2014-06-26 21:19 - 01709209 ____N () C:\Users\Owner\Downloads\IBC14_0626.zip2014-06-26 19:03 - 2014-06-26 19:03 - 21579918 _____ () C:\Users\Owner\Downloads\VIDEO0016.mp42014-06-25 21:04 - 2014-06-25 21:13 - 00000000 ____D () C:\Users\Owner\Desktop\erin htc One 20142014-06-25 20:59 - 2014-06-25 21:27 - 00000000 ____D () C:\Users\Owner\Desktop\Lily beginning ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-25 07:59 - 2014-07-21 19:36 - 00023915 _____ () C:\Users\Owner\Downloads\FRST.txt2014-07-25 07:58 - 2012-05-11 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-25 07:58 - 2010-09-10 07:29 - 01580447 _____ () C:\windows\WindowsUpdate.log2014-07-25 07:57 - 2014-07-21 19:35 - 00000000 ____D () C:\FRST2014-07-25 07:56 - 2014-07-25 07:56 - 00013314 _____ () C:\Users\Owner\Desktop\FRST64 - Shortcut.lnk2014-07-25 07:56 - 2014-07-25 07:56 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion2014-07-25 07:56 - 2014-07-21 19:40 - 02093568 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe2014-07-25 07:56 - 2009-07-14 01:13 - 00006454 _____ () C:\windows\system32\PerfStringBackup.INI2014-07-25 07:55 - 2014-03-03 22:55 - 00000911 _____ () C:\windows\Tasks\EPSON XP-310 Series Update {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12}.job2014-07-25 07:55 - 2014-03-03 22:55 - 00000725 _____ () C:\windows\Tasks\EPSON XP-310 Series Invitation {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12}.job2014-07-25 07:55 - 2012-05-11 22:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-25 07:55 - 2012-05-11 22:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-07-25 07:55 - 2009-07-14 01:32 - 00000000 ____D () C:\windows\system32\FxsTmp2014-07-25 07:53 - 2012-09-03 19:34 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000UA.job2014-07-25 07:53 - 2010-07-18 21:28 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-25 07:52 - 2013-12-13 22:44 - 00000911 _____ () C:\windows\Tasks\EPSON XP-310 Series Update {0B27C824-AF46-476A-B592-12B2DD9EAFF4}.job2014-07-25 07:52 - 2013-12-13 22:44 - 00000725 _____ () C:\windows\Tasks\EPSON XP-310 Series Invitation {0B27C824-AF46-476A-B592-12B2DD9EAFF4}.job2014-07-25 07:52 - 2012-03-30 19:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-07-25 00:19 - 2010-07-18 21:28 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-25 00:14 - 2012-01-29 22:43 - 00000000 ____D () C:\dmb102014-07-24 22:50 - 2014-07-24 22:50 - 02030424 ____N () C:\Users\Owner\Downloads\IBC14_0724.zip2014-07-24 22:22 - 2012-09-03 19:34 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000Core.job2014-07-24 21:32 - 2014-07-24 21:32 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-24 21:31 - 2014-07-24 21:31 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu (1).exe2014-07-24 21:30 - 2014-07-24 21:30 - 02347384 _____ (ESET) C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe2014-07-24 19:50 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-24 19:50 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-24 19:48 - 2014-07-16 20:42 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-07-24 19:48 - 2012-10-10 22:04 - 00000000 ____D () C:\ProgramData\MFAData2014-07-24 19:42 - 2011-02-28 00:17 - 00000000 ____D () C:\Temp2014-07-24 19:42 - 2010-07-18 21:36 - 00343704 _____ () C:\windows\PFRO.log2014-07-24 19:42 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-07-24 19:42 - 2009-07-14 00:51 - 00119998 _____ () C:\windows\setupact.log2014-07-23 22:57 - 2014-07-23 22:57 - 00003009 _____ () C:\windows\baseball.INI2014-07-23 19:04 - 2014-07-23 18:40 - 00000000 ____D () C:\Qoobox2014-07-23 19:03 - 2014-07-23 19:03 - 00025907 _____ () C:\ComboFix.txt2014-07-23 19:03 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default2014-07-23 19:01 - 2014-07-23 18:39 - 00000000 ____D () C:\windows\erdnt2014-07-23 19:00 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini2014-07-23 18:37 - 2014-07-23 18:36 - 05562024 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe2014-07-22 23:20 - 2014-07-22 23:20 - 04046619 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (20).zip2014-07-22 19:41 - 2014-07-22 19:39 - 00000000 ____D () C:\AdwCleaner2014-07-22 19:41 - 2010-11-20 22:45 - 00000000 ____D () C:\Users\Owner2014-07-22 19:38 - 2014-07-22 19:38 - 01354223 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe2014-07-22 00:30 - 2010-11-29 23:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client2014-07-21 21:15 - 2014-07-21 21:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1D54AAA1-D7E5-404E-9205-936F0AB5320B}2014-07-21 19:42 - 2014-07-21 19:41 - 00038865 _____ () C:\Users\Owner\Downloads\Addition.txt2014-07-20 22:35 - 2014-07-20 22:34 - 01813321 ____N () C:\Users\Owner\Downloads\IBC14_0720.zip2014-07-18 22:05 - 2014-07-18 22:05 - 01780442 ____N () C:\Users\Owner\Downloads\IBC14_0717.zip2014-07-18 21:38 - 2014-07-17 20:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\AVG Web TuneUp2014-07-17 20:18 - 2014-07-17 20:17 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp2014-07-17 20:17 - 2014-07-17 20:17 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp2014-07-17 20:16 - 2014-07-17 20:18 - 00050464 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys2014-07-17 20:12 - 2014-07-16 20:40 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-07-17 00:13 - 2014-07-16 22:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-17 00:13 - 2014-07-16 22:12 - 00000000 ____D () C:\Users\Owner\Desktop\mbar2014-07-16 22:12 - 2014-07-16 22:11 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012 (1).exe2014-07-16 22:10 - 2014-07-16 22:09 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012.exe2014-07-16 21:49 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF2014-07-16 21:24 - 2010-07-18 21:30 - 00000000 ____D () C:\windows\PCHEALTH2014-07-16 20:41 - 2014-07-16 20:41 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-16 20:41 - 2014-07-16 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-07-16 20:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-07-16 20:39 - 2014-07-16 20:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe2014-07-16 20:30 - 2009-07-14 01:08 - 00032610 _____ () C:\windows\Tasks\SCHEDLGU.TXT2014-07-15 22:55 - 2014-07-15 22:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg20142014-07-15 22:15 - 2014-07-15 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG20142014-07-15 22:15 - 2014-07-15 22:14 - 00000000 ____D () C:\ProgramData\AVG20142014-07-15 22:14 - 2014-07-15 22:14 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ____D () C:\$AVG2014-07-15 22:12 - 2014-07-15 22:12 - 00000000 ____D () C:\Program Files (x86)\AVG2014-07-15 22:04 - 2014-07-15 22:03 - 04755832 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-07-15 20:42 - 2014-07-15 20:42 - 00119558 _____ () C:\Users\Owner\Downloads\PB Hispanic Chamber FEF Presentation.pptx2014-07-11 23:56 - 2014-07-11 23:54 - 03932522 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (19).zip2014-07-11 22:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache2014-07-11 21:19 - 2014-07-11 21:19 - 01910719 ____N () C:\Users\Owner\Downloads\IBC14_0710.zip2014-07-11 20:36 - 2009-07-14 00:45 - 00275712 _____ () C:\windows\system32\FNTCACHE.DAT2014-07-11 20:34 - 2014-05-07 00:07 - 00000000 ___SD () C:\windows\system32\CompatTel2014-07-11 20:34 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-11 20:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism2014-07-11 20:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism2014-07-10 23:54 - 2013-07-21 10:43 - 00000000 ____D () C:\windows\system32\MRT2014-07-10 23:52 - 2010-11-20 23:02 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-07-10 22:55 - 2014-07-10 22:54 - 03915260 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (18).zip2014-07-09 00:34 - 2014-07-09 00:33 - 03842754 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (17).zip2014-07-08 23:52 - 2014-07-08 23:41 - 46306576 _____ (Installation Program) C:\Users\Owner\Downloads\bapinstaller.exe2014-07-08 23:38 - 2014-07-08 23:37 - 02402624 _____ () C:\Users\Owner\Downloads\VerizonWindowsInstaller.exe2014-07-08 21:20 - 2014-07-08 21:19 - 03841323 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (16).zip2014-07-08 21:07 - 2012-03-30 19:36 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-07-08 21:07 - 2012-03-30 19:35 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-07-08 21:07 - 2011-09-23 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-08 19:58 - 2014-06-22 14:50 - 00000000 ____D () C:\Users\Owner\Desktop\htconem8photos2014-07-06 22:27 - 2014-07-06 22:26 - 01785194 ____N () C:\Users\Owner\Downloads\IBC14_0706.zip2014-07-05 22:29 - 2014-07-05 22:29 - 03796636 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (15).zip2014-07-05 22:29 - 2014-07-05 22:28 - 01664392 ____N () C:\Users\Owner\Downloads\America_censored_Yeah.zip2014-07-03 18:25 - 2014-07-03 18:24 - 03799185 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (14).zip2014-07-01 23:01 - 2014-07-01 23:01 - 00015000 _____ () C:\Users\Owner\Downloads\astigersseries.zip2014-06-30 12:43 - 2014-06-30 12:43 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys2014-06-29 23:09 - 2014-06-29 23:09 - 01734337 ____N () C:\Users\Owner\Downloads\IBC14_0629.zip2014-06-29 22:09 - 2014-07-10 21:27 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-06-29 22:04 - 2014-07-10 21:27 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-06-28 23:44 - 2014-06-28 23:43 - 03752791 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (13).zip2014-06-28 23:44 - 2014-06-28 23:43 - 03752791 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (12).zip2014-06-26 23:12 - 2014-06-26 23:12 - 03716525 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (11).zip2014-06-26 21:19 - 2014-06-26 21:19 - 01709209 ____N () C:\Users\Owner\Downloads\IBC14_0626.zip2014-06-26 19:03 - 2014-06-26 19:03 - 21579918 _____ () C:\Users\Owner\Downloads\VIDEO0016.mp42014-06-25 21:27 - 2014-06-25 20:59 - 00000000 ____D () C:\Users\Owner\Desktop\Lily beginning2014-06-25 21:13 - 2014-06-25 21:04 - 00000000 ____D () C:\Users\Owner\Desktop\erin htc One 2014 Some content of TEMP:====================C:\Users\Owner\AppData\Local\Temp\rtdrvmon.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 21:40 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
erinpaige Posted July 25, 2014 Author ID:857672 Share Posted July 25, 2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01Ran by Owner at 2014-07-25 08:00:59Running from C:\Users\Owner\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) HiddenAdobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC)Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) HiddenApple Application Support (HKLM-x32\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)Ask Toolbar for Epson (HKLM-x32\...\{45504E56-3634-006A-76A7-A758B70C0A06}) (Version: 12.10.6.5424 - APN, LLC) <==== ATTENTIONAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)ATI Catalyst Install Manager (HKLM\...\{5792CD64-61B4-C448-0D22-3C51DD73AB2A}) (Version: 3.0.765.0 - ATI Technologies, Inc.)AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4744 - AVG Technologies)AVG 2014 (Version: 14.0.3986 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4744 - AVG Technologies) HiddenAVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.1.0.6 - AVG Technologies)Best Buy pc app (Version: 3.0.0.0 - Best Buy) HiddenBonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) HiddenCatalyst Control Center Core Implementation (x32 Version: 2010.0315.1050.17562 - ATI) HiddenCatalyst Control Center Graphics Full Existing (x32 Version: 2010.0315.1050.17562 - ATI) HiddenCatalyst Control Center Graphics Full New (x32 Version: 2010.0315.1050.17562 - ATI) HiddenCatalyst Control Center Graphics Light (x32 Version: 2010.0315.1050.17562 - ATI) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2010.0315.1050.17562 - ATI) HiddenCatalyst Control Center Graphics Previews Vista (x32 Version: 2010.0315.1050.17562 - ATI) HiddenCatalyst Control Center InstallProxy (x32 Version: 2010.0315.1050.17562 - ATI Technologies, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2010.0315.1050.17562 - ATI) HiddenCCC Help Chinese Standard (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Chinese Traditional (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Czech (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Danish (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Dutch (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help English (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Finnish (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help French (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help German (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Greek (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Hungarian (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Italian (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Japanese (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Korean (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Norwegian (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Polish (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Portuguese (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Russian (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Spanish (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Swedish (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Thai (x32 Version: 2010.0315.1049.17562 - ATI) HiddenCCC Help Turkish (x32 Version: 2010.0315.1049.17562 - ATI) Hiddenccc-core-static (x32 Version: 2010.0315.1050.17562 - ATI) Hiddenccc-utility64 (Version: 2010.0315.1050.17562 - ATI) HiddenCisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDiamond Mind Baseball version 10 (HKLM-x32\...\Diamond Mind Baseball version 10) (Version: 10 - Diamond Mind, Inc.)DMB version 10a patch (HKLM-x32\...\DMB version 10a patch) (Version: 10a - Diamond Mind, Inc.)Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.0.0 - SEIKO EPSON CORPORATION)Epson Event Manager (HKLM-x32\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddeniTunes (HKLM\...\{18155797-EF2E-4699-9A16-FE787C4C10DB}) (Version: 10.2.2.14 - Apple Inc.)Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLabel@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) HiddenLeapFrog My Pals Plugin (x32 Version: 4.2.9.15649 - LeapFrog) HiddenLeapFrog Tag Junior Plugin (x32 Version: 4.2.9.15649 - LeapFrog) HiddenLexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version: - Lexmark International, Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MotoHelper 2.1.40 Driver 5.5.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.40 - Motorola)MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) HiddenMotorola Mobile Drivers Installation 5.5.0 (Version: 5.5.0 - Motorola Inc.) HiddenMozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0011 - Realtek)Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.1.0.0 - Shutterfly, Inc.)Shutterfly Express Uploader (x32 Version: 1.1.0 - Shutterfly, Inc.) HiddenSkype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)Software Updater (HKLM-x32\...\{A3B308B9-BE96-4334-816F-3D82B19A7DE2}) (Version: 4.1.7 - SEIKO EPSON CORPORATION)TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)Toshiba Book Place (HKLM-x32\...\{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}) (Version: 2.0.3977.0 - K-NFB Reading Technology, Inc.)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)TOSHIBA Bulletin Board (Version: 1.6.06.64 - TOSHIBA Corporation) HiddenTOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.7.64 - TOSHIBA Corporation)TOSHIBA eco Utility (Version: 1.2.7.64 - TOSHIBA Corporation) HiddenTOSHIBA eco Utility (x32 Version: 1.2.7.64 - TOSHIBA Corporation) HiddenTOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) HiddenTOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.03.02.00 - )TOSHIBA Hardware Setup (Version: 4.03.02.00 - TOSHIBA) HiddenTOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) HiddenTOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) HiddenTOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.05.64 - TOSHIBA Corporation)TOSHIBA ReelTime (Version: 1.6.05.64 - TOSHIBA Corporation) HiddenTOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.03.02.00 - )TOSHIBA Supervisor Password (Version: 4.03.02.00 - TOSHIBA) HiddenTOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.2.64 - TOSHIBA Corporation)TOSHIBA Value Added Package (Version: 1.3.2.64 - TOSHIBA Corporation) HiddenTOSHIBA Value Added Package (x32 Version: 1.3.2.64 - TOSHIBA Corporation) HiddenTOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version: - LeapFrog)Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version: - LeapFrog)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)VMware View Client (HKLM\...\{70C29540-5625-443D-BC4F-6D0C763F44C8}) (Version: 4.6.0.366101 - VMware, Inc.)War2Combat version 3.15 (HKLM-x32\...\War2Combat_is1) (Version: 3.15 - War2 RU Admins)Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.7 - HTC) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1990790332-1153374141-1900704237-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-1990790332-1153374141-1900704237-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-1990790332-1153374141-1900704237-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-1990790332-1153374141-1900704237-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 13-07-2014 21:17:23 Windows Update14-07-2014 04:15:32 Windows Update15-07-2014 04:38:48 Windows Update16-07-2014 01:04:02 Windows Update16-07-2014 02:12:14 Installed AVG 201416-07-2014 02:12:57 Installed AVG 201416-07-2014 04:53:11 Windows Update17-07-2014 04:14:32 Windows Update19-07-2014 01:39:41 Windows Update19-07-2014 02:52:42 Windows Update20-07-2014 05:34:22 Windows Update21-07-2014 04:30:38 Windows Update22-07-2014 04:31:50 Windows Update23-07-2014 03:59:13 Windows Update24-07-2014 03:51:40 Windows Update25-07-2014 11:53:11 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2011-05-22 17:05 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0409A1E2-BA6C-4984-A381-A3C11819B00F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19] (Google Inc.)Task: {17D15337-C682-45C1-8CF4-F854DB3D8155} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)Task: {2651E268-08E9-40E0-81E6-3DA7A21737B9} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()Task: {3702F7EB-6DA3-41FE-A05D-BB46C1DC5E12} - System32\Tasks\EPSON XP-310 Series Update {0B27C824-AF46-476A-B592-12B2DD9EAFF4} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {3A1B607A-5A60-4E97-B856-1E516335CAAF} - System32\Tasks\EPSON XP-310 Series Update {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {460A3B3F-80BA-44B7-9A6E-15377179A22C} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()Task: {6F676728-0A6D-4512-B4AD-95E5426FF69D} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()Task: {70036A4B-A5E3-4584-BE0E-A492CD5324BC} - System32\Tasks\EPSON XP-310 Series Invitation {0B27C824-AF46-476A-B592-12B2DD9EAFF4} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {85AD9731-CA23-4080-B1B0-E5A7F83722A1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)Task: {86EF6F4E-C5EE-4642-8098-68B98D001686} - System32\Tasks\EPSON XP-310 Series Invitation {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {A142736D-435A-4730-A8E0-F3F7BF2D290E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-18] (Google Inc.)Task: {A46E0F6D-CAFB-4C8C-BC23-F5FDC74EA0F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-18] (Google Inc.)Task: {D24E8ED2-CF1C-49CA-B723-2018802C22CD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19] (Google Inc.)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\EPSON XP-310 Series Invitation {0B27C824-AF46-476A-B592-12B2DD9EAFF4}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXETask: C:\windows\Tasks\EPSON XP-310 Series Invitation {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXETask: C:\windows\Tasks\EPSON XP-310 Series Update {0B27C824-AF46-476A-B592-12B2DD9EAFF4}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXETask: C:\windows\Tasks\EPSON XP-310 Series Update {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXETask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-02-01 17:55 - 2012-02-01 17:55 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe2012-02-01 17:55 - 2012-02-01 17:55 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe2010-03-03 17:15 - 2010-03-03 17:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll2009-11-03 16:26 - 2009-11-03 16:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll2010-03-03 17:15 - 2010-03-03 17:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll2010-03-03 17:15 - 2010-03-03 17:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll2010-07-18 21:25 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll2013-12-08 18:30 - 2013-11-24 13:56 - 03139072 _____ () C:\Users\Owner\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe2009-10-13 13:00 - 2009-10-13 13:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll2010-09-10 07:30 - 2010-09-10 07:30 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2010-02-05 20:44 - 2010-02-05 20:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll2010-11-21 15:07 - 2010-09-22 14:41 - 00539744 _____ () C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\ziptv06.dll2010-11-21 15:07 - 2010-09-22 14:41 - 00419192 _____ () C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\LockBox.dll2011-03-21 17:30 - 2011-03-21 17:30 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-07-18 22:24 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll2014-07-18 22:24 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll2014-07-18 22:24 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll2014-07-18 22:24 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll2014-07-18 22:24 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Owner\Downloads\noname (1).eml:OECustomPropertyAlternateDataStreams: C:\Users\Owner\Downloads\noname.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/25/2014 07:55:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (07/25/2014 07:55:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (07/25/2014 07:55:56 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/25/2014 07:55:14 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: SHELL32.dll, version: 6.1.7601.18429, time stamp: 0x5330ecd9Exception code: 0xc0000005Fault offset: 0x000000000028d142Faulting process id: 0x79cFaulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 Error: (07/25/2014 02:02:44 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (07/25/2014 02:02:44 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (07/25/2014 01:22:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (07/25/2014 01:22:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (07/24/2014 09:33:19 PM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/24/2014 09:33:13 PM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors:=============Error: (07/25/2014 07:53:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Windows 7 for x64-based Systems (KB2813430). Error: (07/24/2014 07:42:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The vToolbarUpdater3.1.0 service failed to start due to the following error: %%2 Error: (07/23/2014 11:52:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Windows 7 for x64-based Systems (KB2813430). Error: (07/23/2014 07:41:24 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (07/23/2014 07:00:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (07/23/2014 06:54:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (07/23/2014 06:32:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The vToolbarUpdater3.1.0 service failed to start due to the following error: %%2 Error: (07/23/2014 00:00:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Windows 7 for x64-based Systems (KB2813430). Error: (07/22/2014 07:44:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The vToolbarUpdater3.1.0 service failed to start due to the following error: %%2 Error: (07/22/2014 07:35:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WebrootSpySweeperService service. Microsoft Office Sessions:=========================Error: (07/25/2014 07:55:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/25/2014 07:55:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: Performance1637070000000000000000000009030000 Error: (07/25/2014 07:55:56 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\esetsmartinstaller_enu.exe Error: (07/25/2014 07:55:14 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.184295330ecd9c0000005000000000028d14279c01cfa798f8af0475C:\windows\Explorer.EXEC:\windows\system32\SHELL32.dll8946eda3-13f2-11e4-869d-60eb693fb36f Error: (07/25/2014 02:02:44 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/25/2014 02:02:44 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: Performance1637070000000000000000000009030000 Error: (07/25/2014 01:22:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/25/2014 01:22:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: Performance1637070000000000000000000009030000 Error: (07/24/2014 09:33:19 PM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\esetsmartinstaller_enu.exe Error: (07/24/2014 09:33:13 PM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\esetsmartinstaller_enu.exe CodeIntegrity Errors:=================================== Date: 2013-11-03 15:53:09.231 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 15:53:09.227 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 15:53:09.222 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 15:53:09.193 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 15:53:09.189 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 15:53:09.184 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 14:29:46.942 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 14:29:46.872 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 14:29:46.807 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 14:29:46.554 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 69%Total physical RAM: 2810.9 MBAvailable physical RAM: 845.73 MBTotal Pagefile: 5619.98 MBAvailable Pagefile: 2564.21 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (TI105949W0C) (Fixed) (Total:286.57 GB) (Free:186.74 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 4A473AB0)Partition 1: (Active) - (Size=1 GB) - (Type=27)Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=10 GB) - (Type=17) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted July 25, 2014 ID:857790 Share Posted July 25, 2014 Hi, Step 1 Please download TFC (by Oldtimer) and save it to your Desktop.Start TFC.exe with administrator privileges.Close all other running programs.Click on Start.Allow a reboot if one is requested.Step 2 Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from. Please copy and paste the log in your next reply. Link to post Share on other sites More sharing options...
erinpaige Posted July 25, 2014 Author ID:857918 Share Posted July 25, 2014 Didn't know if you wanted the TFC log as well so just in case: Getting user folders. Stopping running processes. Emptying Temp folders. User: Administrator->Temp folder emptied: 0 bytes User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 56502 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Owner->Temp folder emptied: 80552 bytes->Temporary Internet Files folder emptied: 1703785368 bytes->Java cache emptied: 1095386 bytes->FireFox cache emptied: 445210001 bytes->Google Chrome cache emptied: 418419618 bytes->Flash cache emptied: 1276254 bytes User: Public->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 1245239 bytes%systemroot% .tmp files removed: 2781737 bytes%systemroot%\System32 .tmp files removed: 5 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 3788586 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13176806 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 522225 bytes Emptying RecycleBin. Do not interrupt. RecycleBin emptied: 171 bytesProcess complete! Total Files Cleaned = 2,471.00 mb Link to post Share on other sites More sharing options...
erinpaige Posted July 26, 2014 Author ID:857935 Share Posted July 26, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01Ran by Owner (administrator) on OWNER-PC on 25-07-2014 19:57:20Running from C:\Users\Owner\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe( ) C:\Windows\System32\lxczcoms.exe(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe(Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-24] (TOSHIBA Corporation)HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe [74408 2009-04-27] (Lexmark International, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Run: [Amazon Cloud Player] => C:\Users\Owner\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Run: [EPLTarget\P0000000000000001] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-1990790332-1153374141-1900704237-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope {B70C8C06-E07D-4550-9D57-FBE5D6A57401} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {B70C8C06-E07D-4550-9D57-FBE5D6A57401} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKLM-x32 - {E5DC73B2-E8F0-4185-B056-9BECD5D441B2} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDSearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}SearchScopes: HKCU - {3CA04391-9CA5-4000-8DA5-E1AE9DE85A84} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS407US408SearchScopes: HKCU - {B70C8C06-E07D-4550-9D57-FBE5D6A57401} URL = SearchScopes: HKCU - {E5DC73B2-E8F0-4185-B056-9BECD5D441B2} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNDBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l260stbr.defaultFF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xmlFF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpiFF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: =======CHR HomePage: https://mysearch.avg.com?cid={3596CAB4-F10B-454E-B783-355EEC571130}&mid=29f321c6055a47d0ae35b1a22fdb5a9c-be6688d8e3549667a3ad7bbd768f912983e1116d〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-07-17 20:18:21&v=3.1.0.6&pid=wtu&sg=&sap=hp CHR StartupUrls: "https://mysearch.avg.com?cid={3596CAB4-F10B-454E-B783-355EEC571130}&mid=29f321c6055a47d0ae35b1a22fdb5a9c-be6688d8e3549667a3ad7bbd768f912983e1116d〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-07-17 20:18:21&v=3.1.0.6&pid=wtu&sg=&sap=hp" CHR DefaultSearchKeyword: mysearch.avg.comCHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-05]CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-05]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-05]CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-05]CHR Extension: (Hangouts) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-03-14]CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-05]CHR HKLM-x32\...\Chrome\Extension: [aaaakabcghbhlohjjnonbaadlhlkhaob] - C:\ProgramData\AskPartnerNetwork\Toolbar\EPNV64\CRX\ToolbarCR.crx [2013-10-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R2 lxcz_device; C:\windows\system32\lxczcoms.exe [566192 2007-04-19] ( )R2 lxcz_device; C:\windows\SysWOW64\lxczcoms.exe [537520 2007-04-19] ( )R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [361472 2011-06-13] (Alcatel-Lucent) [File not signed]R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [441344 2011-06-13] (Alcatel-Lucent) [File not signed]S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-01] ()R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed]R2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe [3872776 2010-09-22] (Webroot Software, Inc. (www.webroot.com))S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-07-17] (AVG Technologies)S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-07-05] (LeapFrog)S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)R2 ssfmonm; C:\Windows\System32\DRIVERS\ssfmonm.sys [55360 2010-06-17] (Webroot Software, Inc. (www.webroot.com))R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [136224 2010-06-17] (Webroot Software, Inc. (www.webroot.com))S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-25 19:33 - 2014-07-25 19:33 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Downloads\TFC (1).exe2014-07-25 19:33 - 2014-07-25 19:33 - 00001466 _____ () C:\Users\Owner\Desktop\TFC (1) - Shortcut.lnk2014-07-25 19:32 - 2014-07-25 19:32 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Downloads\TFC.exe2014-07-25 07:56 - 2014-07-25 07:56 - 00013314 _____ () C:\Users\Owner\Desktop\FRST64 - Shortcut.lnk2014-07-25 07:56 - 2014-07-25 07:56 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion2014-07-24 22:50 - 2014-07-24 22:50 - 02030424 ____N () C:\Users\Owner\Downloads\IBC14_0724.zip2014-07-24 21:32 - 2014-07-24 21:32 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-24 21:31 - 2014-07-24 21:31 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu (1).exe2014-07-24 21:30 - 2014-07-24 21:30 - 02347384 _____ (ESET) C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe2014-07-23 22:57 - 2014-07-23 22:57 - 00003009 _____ () C:\windows\baseball.INI2014-07-23 19:03 - 2014-07-23 19:03 - 00025907 _____ () C:\ComboFix.txt2014-07-23 18:41 - 2011-06-26 02:45 - 00256000 _____ () C:\windows\PEV.exe2014-07-23 18:41 - 2010-11-07 13:20 - 00208896 _____ () C:\windows\MBR.exe2014-07-23 18:41 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe2014-07-23 18:41 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe2014-07-23 18:41 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe2014-07-23 18:41 - 2000-08-30 20:00 - 00098816 _____ () C:\windows\sed.exe2014-07-23 18:41 - 2000-08-30 20:00 - 00080412 _____ () C:\windows\grep.exe2014-07-23 18:41 - 2000-08-30 20:00 - 00068096 _____ () C:\windows\zip.exe2014-07-23 18:40 - 2014-07-23 19:04 - 00000000 ____D () C:\Qoobox2014-07-23 18:39 - 2014-07-23 19:01 - 00000000 ____D () C:\windows\erdnt2014-07-23 18:36 - 2014-07-23 18:37 - 05562024 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe2014-07-22 23:20 - 2014-07-22 23:20 - 04046619 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (20).zip2014-07-22 19:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll2014-07-22 19:39 - 2014-07-22 19:41 - 00000000 ____D () C:\AdwCleaner2014-07-22 19:38 - 2014-07-22 19:38 - 01354223 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe2014-07-21 21:15 - 2014-07-21 21:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1D54AAA1-D7E5-404E-9205-936F0AB5320B}2014-07-21 19:41 - 2014-07-25 08:02 - 00043032 _____ () C:\Users\Owner\Downloads\Addition.txt2014-07-21 19:40 - 2014-07-25 07:56 - 02093568 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe2014-07-21 19:36 - 2014-07-25 19:57 - 00022651 _____ () C:\Users\Owner\Downloads\FRST.txt2014-07-21 19:35 - 2014-07-25 19:57 - 00000000 ____D () C:\FRST2014-07-20 22:34 - 2014-07-20 22:35 - 01813321 ____N () C:\Users\Owner\Downloads\IBC14_0720.zip2014-07-18 22:05 - 2014-07-18 22:05 - 01780442 ____N () C:\Users\Owner\Downloads\IBC14_0717.zip2014-07-17 20:18 - 2014-07-18 21:38 - 00000000 ____D () C:\Users\Owner\AppData\Local\AVG Web TuneUp2014-07-17 20:18 - 2014-07-17 20:16 - 00050464 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys2014-07-17 20:17 - 2014-07-17 20:18 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp2014-07-17 20:17 - 2014-07-17 20:17 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp2014-07-16 22:13 - 2014-07-17 00:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-16 22:12 - 2014-07-17 00:13 - 00000000 ____D () C:\Users\Owner\Desktop\mbar2014-07-16 22:11 - 2014-07-16 22:12 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012 (1).exe2014-07-16 22:09 - 2014-07-16 22:10 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012.exe2014-07-16 20:42 - 2014-07-24 19:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-07-16 20:41 - 2014-07-16 20:41 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-16 20:40 - 2014-07-17 20:12 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-07-16 20:40 - 2014-07-16 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-07-16 20:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-07-16 20:39 - 2014-07-16 20:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-07-16 20:38 - 2014-07-16 20:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe2014-07-15 22:15 - 2014-07-15 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG20142014-07-15 22:14 - 2014-07-15 22:15 - 00000000 ____D () C:\ProgramData\AVG20142014-07-15 22:14 - 2014-07-15 22:14 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ____D () C:\$AVG2014-07-15 22:12 - 2014-07-15 22:12 - 00000000 ____D () C:\Program Files (x86)\AVG2014-07-15 22:04 - 2014-07-15 22:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg20142014-07-15 22:03 - 2014-07-15 22:04 - 04755832 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-07-15 20:42 - 2014-07-15 20:42 - 00119558 _____ () C:\Users\Owner\Downloads\PB Hispanic Chamber FEF Presentation.pptx2014-07-11 23:54 - 2014-07-11 23:56 - 03932522 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (19).zip2014-07-11 21:19 - 2014-07-11 21:19 - 01910719 ____N () C:\Users\Owner\Downloads\IBC14_0710.zip2014-07-10 22:54 - 2014-07-10 22:55 - 03915260 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (18).zip2014-07-10 21:28 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2014-07-10 21:28 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-07-10 21:28 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-07-10 21:28 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-07-10 21:28 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-07-10 21:28 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-07-10 21:28 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-07-10 21:28 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-07-10 21:28 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-07-10 21:28 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-07-10 21:28 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-07-10 21:28 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-07-10 21:28 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-07-10 21:28 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-10 21:28 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-07-10 21:28 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-07-10 21:28 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-07-10 21:28 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-07-10 21:28 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-07-10 21:27 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-07-10 21:27 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-07-10 21:27 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2014-07-10 21:27 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-07-10 21:27 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2014-07-10 21:27 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-07-10 21:27 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-07-10 21:27 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-07-10 21:27 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2014-07-10 21:27 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-07-10 21:27 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-07-10 21:27 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-07-10 21:27 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-07-10 21:27 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-07-10 21:27 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2014-07-10 21:27 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-07-10 21:27 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-07-10 21:27 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-07-10 21:27 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-07-10 21:27 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-07-10 21:27 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-07-10 21:27 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-07-10 21:27 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2014-07-10 21:27 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-07-10 21:27 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-07-10 21:27 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-07-10 21:27 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2014-07-10 21:27 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-07-10 21:27 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-07-10 21:27 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-07-10 21:27 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-07-10 21:27 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-07-10 21:27 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-07-10 21:27 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-07-10 21:27 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2014-07-10 21:27 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-07-10 21:27 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-07-10 21:27 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-07-10 21:27 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-07-10 21:27 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe2014-07-10 21:27 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe2014-07-10 21:27 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-07-10 21:27 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll2014-07-10 21:27 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2014-07-10 21:27 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2014-07-10 21:27 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2014-07-10 21:27 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys2014-07-10 21:23 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2014-07-10 21:23 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll2014-07-10 21:23 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2014-07-09 00:33 - 2014-07-09 00:34 - 03842754 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (17).zip2014-07-08 23:41 - 2014-07-08 23:52 - 46306576 _____ (Installation Program) C:\Users\Owner\Downloads\bapinstaller.exe2014-07-08 23:37 - 2014-07-08 23:38 - 02402624 _____ () C:\Users\Owner\Downloads\VerizonWindowsInstaller.exe2014-07-08 21:19 - 2014-07-08 21:20 - 03841323 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (16).zip2014-07-06 22:26 - 2014-07-06 22:27 - 01785194 ____N () C:\Users\Owner\Downloads\IBC14_0706.zip2014-07-05 22:29 - 2014-07-05 22:29 - 03796636 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (15).zip2014-07-05 22:28 - 2014-07-05 22:29 - 01664392 ____N () C:\Users\Owner\Downloads\America_censored_Yeah.zip2014-07-03 18:24 - 2014-07-03 18:25 - 03799185 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (14).zip2014-07-01 23:01 - 2014-07-01 23:01 - 00015000 _____ () C:\Users\Owner\Downloads\astigersseries.zip2014-06-30 12:43 - 2014-06-30 12:43 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys2014-06-29 23:09 - 2014-06-29 23:09 - 01734337 ____N () C:\Users\Owner\Downloads\IBC14_0629.zip2014-06-28 23:43 - 2014-06-28 23:44 - 03752791 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (13).zip2014-06-28 23:43 - 2014-06-28 23:44 - 03752791 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (12).zip2014-06-26 23:12 - 2014-06-26 23:12 - 03716525 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (11).zip2014-06-26 21:19 - 2014-06-26 21:19 - 01709209 ____N () C:\Users\Owner\Downloads\IBC14_0626.zip2014-06-26 19:03 - 2014-06-26 19:03 - 21579918 _____ () C:\Users\Owner\Downloads\VIDEO0016.mp42014-06-25 21:04 - 2014-06-25 21:13 - 00000000 ____D () C:\Users\Owner\Desktop\erin htc One 20142014-06-25 20:59 - 2014-06-25 21:27 - 00000000 ____D () C:\Users\Owner\Desktop\Lily beginning ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-25 19:59 - 2014-07-21 19:36 - 00022651 _____ () C:\Users\Owner\Downloads\FRST.txt2014-07-25 19:57 - 2014-07-21 19:35 - 00000000 ____D () C:\FRST2014-07-25 19:55 - 2014-03-03 22:55 - 00000911 _____ () C:\windows\Tasks\EPSON XP-310 Series Update {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12}.job2014-07-25 19:55 - 2014-03-03 22:55 - 00000725 _____ () C:\windows\Tasks\EPSON XP-310 Series Invitation {7DEBD26C-7DEA-40C3-B495-0CAD00B3EA12}.job2014-07-25 19:55 - 2009-07-14 01:32 - 00000000 ____D () C:\windows\system32\FxsTmp2014-07-25 19:44 - 2013-12-13 22:44 - 00000911 _____ () C:\windows\Tasks\EPSON XP-310 Series Update {0B27C824-AF46-476A-B592-12B2DD9EAFF4}.job2014-07-25 19:44 - 2013-12-13 22:44 - 00000725 _____ () C:\windows\Tasks\EPSON XP-310 Series Invitation {0B27C824-AF46-476A-B592-12B2DD9EAFF4}.job2014-07-25 19:34 - 2011-02-28 00:17 - 00000000 ____D () C:\Temp2014-07-25 19:33 - 2014-07-25 19:33 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Downloads\TFC (1).exe2014-07-25 19:33 - 2014-07-25 19:33 - 00001466 _____ () C:\Users\Owner\Desktop\TFC (1) - Shortcut.lnk2014-07-25 19:32 - 2014-07-25 19:32 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Downloads\TFC.exe2014-07-25 19:31 - 2012-09-03 19:34 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000UA.job2014-07-25 19:31 - 2012-03-30 19:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-07-25 19:31 - 2010-07-18 21:28 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-07-25 18:19 - 2009-07-14 01:13 - 00006454 _____ () C:\windows\system32\PerfStringBackup.INI2014-07-25 18:16 - 2010-09-10 07:29 - 01614441 _____ () C:\windows\WindowsUpdate.log2014-07-25 17:55 - 2012-10-10 22:04 - 00000000 ____D () C:\ProgramData\MFAData2014-07-25 16:57 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-25 16:57 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-25 16:49 - 2012-05-11 22:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-25 16:49 - 2012-05-11 22:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-07-25 16:49 - 2010-07-18 21:28 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-07-25 16:49 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-07-25 16:49 - 2009-07-14 00:51 - 00120054 _____ () C:\windows\setupact.log2014-07-25 08:02 - 2014-07-21 19:41 - 00043032 _____ () C:\Users\Owner\Downloads\Addition.txt2014-07-25 07:58 - 2012-05-11 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-25 07:56 - 2014-07-25 07:56 - 00013314 _____ () C:\Users\Owner\Desktop\FRST64 - Shortcut.lnk2014-07-25 07:56 - 2014-07-25 07:56 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion2014-07-25 07:56 - 2014-07-21 19:40 - 02093568 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe2014-07-25 00:14 - 2012-01-29 22:43 - 00000000 ____D () C:\dmb102014-07-24 22:50 - 2014-07-24 22:50 - 02030424 ____N () C:\Users\Owner\Downloads\IBC14_0724.zip2014-07-24 22:22 - 2012-09-03 19:34 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990790332-1153374141-1900704237-1000Core.job2014-07-24 21:32 - 2014-07-24 21:32 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-24 21:31 - 2014-07-24 21:31 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu (1).exe2014-07-24 21:30 - 2014-07-24 21:30 - 02347384 _____ (ESET) C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe2014-07-24 19:48 - 2014-07-16 20:42 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-07-24 19:42 - 2010-07-18 21:36 - 00343704 _____ () C:\windows\PFRO.log2014-07-23 22:57 - 2014-07-23 22:57 - 00003009 _____ () C:\windows\baseball.INI2014-07-23 19:04 - 2014-07-23 18:40 - 00000000 ____D () C:\Qoobox2014-07-23 19:03 - 2014-07-23 19:03 - 00025907 _____ () C:\ComboFix.txt2014-07-23 19:03 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default2014-07-23 19:01 - 2014-07-23 18:39 - 00000000 ____D () C:\windows\erdnt2014-07-23 19:00 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini2014-07-23 18:37 - 2014-07-23 18:36 - 05562024 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe2014-07-22 23:20 - 2014-07-22 23:20 - 04046619 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (20).zip2014-07-22 19:41 - 2014-07-22 19:39 - 00000000 ____D () C:\AdwCleaner2014-07-22 19:41 - 2010-11-20 22:45 - 00000000 ____D () C:\Users\Owner2014-07-22 19:38 - 2014-07-22 19:38 - 01354223 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe2014-07-22 00:30 - 2010-11-29 23:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client2014-07-21 21:15 - 2014-07-21 21:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1D54AAA1-D7E5-404E-9205-936F0AB5320B}2014-07-20 22:35 - 2014-07-20 22:34 - 01813321 ____N () C:\Users\Owner\Downloads\IBC14_0720.zip2014-07-18 22:05 - 2014-07-18 22:05 - 01780442 ____N () C:\Users\Owner\Downloads\IBC14_0717.zip2014-07-18 21:38 - 2014-07-17 20:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\AVG Web TuneUp2014-07-17 20:18 - 2014-07-17 20:17 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp2014-07-17 20:17 - 2014-07-17 20:17 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp2014-07-17 20:16 - 2014-07-17 20:18 - 00050464 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys2014-07-17 20:12 - 2014-07-16 20:40 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-07-17 00:13 - 2014-07-16 22:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-17 00:13 - 2014-07-16 22:12 - 00000000 ____D () C:\Users\Owner\Desktop\mbar2014-07-16 22:12 - 2014-07-16 22:11 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012 (1).exe2014-07-16 22:10 - 2014-07-16 22:09 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1012.exe2014-07-16 21:49 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF2014-07-16 21:24 - 2010-07-18 21:30 - 00000000 ____D () C:\windows\PCHEALTH2014-07-16 20:41 - 2014-07-16 20:41 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-16 20:41 - 2014-07-16 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-16 20:40 - 2014-07-16 20:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-16 20:40 - 2014-07-16 20:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-07-16 20:39 - 2014-07-16 20:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe2014-07-16 20:30 - 2009-07-14 01:08 - 00032610 _____ () C:\windows\Tasks\SCHEDLGU.TXT2014-07-15 22:55 - 2014-07-15 22:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg20142014-07-15 22:15 - 2014-07-15 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG20142014-07-15 22:15 - 2014-07-15 22:14 - 00000000 ____D () C:\ProgramData\AVG20142014-07-15 22:14 - 2014-07-15 22:14 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-07-15 22:14 - 2014-07-15 22:14 - 00000000 ____D () C:\$AVG2014-07-15 22:12 - 2014-07-15 22:12 - 00000000 ____D () C:\Program Files (x86)\AVG2014-07-15 22:04 - 2014-07-15 22:03 - 04755832 _____ (AVG Technologies) C:\Users\Owner\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-07-15 20:42 - 2014-07-15 20:42 - 00119558 _____ () C:\Users\Owner\Downloads\PB Hispanic Chamber FEF Presentation.pptx2014-07-11 23:56 - 2014-07-11 23:54 - 03932522 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (19).zip2014-07-11 22:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache2014-07-11 21:19 - 2014-07-11 21:19 - 01910719 ____N () C:\Users\Owner\Downloads\IBC14_0710.zip2014-07-11 20:36 - 2009-07-14 00:45 - 00275712 _____ () C:\windows\system32\FNTCACHE.DAT2014-07-11 20:34 - 2014-05-07 00:07 - 00000000 ___SD () C:\windows\system32\CompatTel2014-07-11 20:34 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-11 20:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism2014-07-11 20:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism2014-07-10 23:54 - 2013-07-21 10:43 - 00000000 ____D () C:\windows\system32\MRT2014-07-10 23:52 - 2010-11-20 23:02 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-07-10 22:55 - 2014-07-10 22:54 - 03915260 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (18).zip2014-07-09 00:34 - 2014-07-09 00:33 - 03842754 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (17).zip2014-07-08 23:52 - 2014-07-08 23:41 - 46306576 _____ (Installation Program) C:\Users\Owner\Downloads\bapinstaller.exe2014-07-08 23:38 - 2014-07-08 23:37 - 02402624 _____ () C:\Users\Owner\Downloads\VerizonWindowsInstaller.exe2014-07-08 21:20 - 2014-07-08 21:19 - 03841323 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (16).zip2014-07-08 21:07 - 2012-03-30 19:36 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-07-08 21:07 - 2012-03-30 19:35 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-07-08 21:07 - 2011-09-23 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-08 19:58 - 2014-06-22 14:50 - 00000000 ____D () C:\Users\Owner\Desktop\htconem8photos2014-07-06 22:27 - 2014-07-06 22:26 - 01785194 ____N () C:\Users\Owner\Downloads\IBC14_0706.zip2014-07-05 22:29 - 2014-07-05 22:29 - 03796636 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (15).zip2014-07-05 22:29 - 2014-07-05 22:28 - 01664392 ____N () C:\Users\Owner\Downloads\America_censored_Yeah.zip2014-07-03 18:25 - 2014-07-03 18:24 - 03799185 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (14).zip2014-07-01 23:01 - 2014-07-01 23:01 - 00015000 _____ () C:\Users\Owner\Downloads\astigersseries.zip2014-06-30 12:43 - 2014-06-30 12:43 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys2014-06-29 23:09 - 2014-06-29 23:09 - 01734337 ____N () C:\Users\Owner\Downloads\IBC14_0629.zip2014-06-29 22:09 - 2014-07-10 21:27 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-06-29 22:04 - 2014-07-10 21:27 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-06-28 23:44 - 2014-06-28 23:43 - 03752791 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (13).zip2014-06-28 23:44 - 2014-06-28 23:43 - 03752791 _____ () C:\Users\Owner\Downloads\BCMBL-2014 (12).zip2014-06-26 23:12 - 2014-06-26 23:12 - 03716525 ____N () C:\Users\Owner\Downloads\BCMBL-2014 (11).zip2014-06-26 21:19 - 2014-06-26 21:19 - 01709209 ____N () C:\Users\Owner\Downloads\IBC14_0626.zip2014-06-26 19:03 - 2014-06-26 19:03 - 21579918 _____ () C:\Users\Owner\Downloads\VIDEO0016.mp42014-06-25 21:27 - 2014-06-25 20:59 - 00000000 ____D () C:\Users\Owner\Desktop\Lily beginning2014-06-25 21:13 - 2014-06-25 21:04 - 00000000 ____D () C:\Users\Owner\Desktop\erin htc One 2014 ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 21:40 ==================== End Of Log ============================ Link to post Share on other sites
Recommended Posts