Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Optimizer Pro Crash Monitor [Closed]


  • This topic is locked This topic is locked
16 replies to this topic

#1 Realmage13

Realmage13

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 01 October 2014 - 09:10 PM

Hey guys, 

I don't know what I did but I ended up downloading "optimizer pro" somehow. Even though I uninstalled it, and deleted the files from my Program files and disabled them from my "services,"  I am positive there is still a lot of cleaning up left to do. I still get the popup regarding a windows update, how can I clean the remaining malware from my laptop?

 

Thanks in Advance!

 

Windows 8.1 64 bit.

 

 

 

 


    Advertisements

Register to Remove


#2 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 02 October 2014 - 07:48 AM

Hello and welcome, Realmage13. 

 

My name is fbfbfb.  I will gladly assist you with your concerns.

 

While working to resolve the issues with your machine, please follow these guidelines:

  • Please be patient.  Logs are lengthy and can take time to analyze.
  • Read and follow my directions carefully, in the sequence they are posted.
  • If you are unsure about anything, please ask for clarification before continuing.
  • Use only those tools that you have been directed to use.
  • Do not install or uninstall any applications or run any other scans without being directed to do so.
  • Copy and Paste the log files inside your post. Do not send them as attachments unless otherwise instructed.
  • Stay with me until your machine has been deemed all clear.
  • Please reply within 3 days of each posting to avoid closing this topic.  If you need more time to complete tasks, or if you will be away, please let me know in advance.

 

Please run the following scans

 

1.  Farbar Recovery Scan Tool (FRST)

 

Please download Farbar Recovery Scan Tool from HERE, and save it to your desktop.

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system -- that will be the right version.

  • Double click FRST.exe/FRST64.exe to run the program.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click Scan.
  • It will generate a log (FRST.txt.)  Please copy and paste this log to your next reply.
  • The first time the tool is run, it also generates another log (Addition.txt).  Please copy and paste this log to your next reply.

 

2.  aswMBR

 

Please download aswMBR from HERE.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions, please select Yes.
  • Click the Scan button to start the scan.

 

2pn88.png


  • On completion of the scan, click save log, save it to your desktop, and post in your next reply.

 

7Khfh.png

 

 

3.  Security Check

  • Please download Security Check from HERE.
  • Save it to your desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A Notepad document should open automatically called checkup.txt.  This may take a few minutes.  Please copy and paste the contents of that document into your next reply.

 

CHECKLIST : In your next reply, please post the following:

  •     FRST.txt
  •     Addition.txt
  •     aswMBR log
  •     checkup.txt


#3 Realmage13

Realmage13

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 02 October 2014 - 12:48 PM

Thank you for your quick response.

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014 01
Ran by Owner (administrator) on OWNER-PC on 02-10-2014 14:27:48
Running from C:\Users\Owner\Downloads
Loaded Profile: Owner (Available profiles: Owner & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
() C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe
() C:\Users\Owner\AppData\Roaming\TornTV.com\TornTVSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Owner\AppData\Local\Viber\Viber.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\nacl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-31] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3370461647-3336877132-2924935656-1001\...\Run: [TornTv Downloader] => C:\Users\Owner\AppData\Roaming\TornTV.com\Torntv Downloader.exe [296960 2014-08-19] (Cool Mirage)
HKU\S-1-5-21-3370461647-3336877132-2924935656-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
HKU\S-1-5-21-3370461647-3336877132-2924935656-1001\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-29] (Google Inc.)
HKU\S-1-5-21-3370461647-3336877132-2924935656-1001\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
HKU\S-1-5-21-3370461647-3336877132-2924935656-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3370461647-3336877132-2924935656-1001\...\Run: [Viber] => C:\Users\Owner\AppData\Local\Viber\Viber.exe [936656 2014-07-24] ()
HKU\S-1-5-21-3370461647-3336877132-2924935656-1001\...\MountPoints2: {ab53ba1c-30a4-11e4-be6e-6c71d92c06f8} - "G:\SETUP.EXE" 
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Owner\AppData\Roaming\TornTV.com\Torntv Downloader.exe (Cool Mirage)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://astromenda.co...r=746934215&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ca.msn.com/...CA&dcc=CA&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC11EB3B0DDBCCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://astromenda.co...r=746934215&ir=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://astromenda.co...r=746934215&ir=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://www.trovi.com...rchTerms}&SSPV=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-31]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-27]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-27]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-27]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-27]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-27]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-27]
CHR Extension: (Hola Better Internet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-27]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-27]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-27]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-31] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 servervo; C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe [71680 2014-09-29] () [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 trntv; C:\Users\Owner\AppData\Roaming\TornTV.com\TornTVSvc.exe [10240 2014-08-19] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S4 70e6ca8c; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-31] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-02 14:25 - 2014-10-02 14:25 - 01213055 _____ () C:\Users\Owner\Downloads\Unconfirmed 350848.crdownload
2014-10-01 22:42 - 2014-10-01 22:42 - 00050456 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-10-01 22:41 - 2014-10-02 14:28 - 00022036 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-10-01 22:40 - 2014-10-02 14:27 - 00000000 ____D () C:\FRST
2014-10-01 22:40 - 2014-10-01 22:40 - 02108928 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-10-01 22:35 - 2014-10-01 22:35 - 10552296 _____ (Akamai Technologies, Inc.) C:\Users\Owner\Downloads\AsusInstaller (2).exe
2014-10-01 13:53 - 2014-10-01 13:53 - 03766408 _____ (http://yourfiledownloader.net) C:\Users\Owner\Downloads\Iggy_Azalea_Ft_Rita_Ora_-_Black_Widow_(Radio_Edit)_downloader.exe
2014-10-01 13:53 - 2014-10-01 13:53 - 03438728 _____ (New Monte Inc) C:\Users\Owner\Downloads\Iggy_Azalea_Ft_Rita_Ora_-_Black_Widow_downloader.exe
2014-10-01 10:47 - 2014-10-01 10:47 - 00691200 _____ () C:\Users\Owner\Downloads\stat12t_0304.ppt
2014-10-01 10:47 - 2014-10-01 10:47 - 00553984 _____ () C:\Users\Owner\Downloads\stat12t_0302.ppt
2014-10-01 10:47 - 2014-10-01 10:47 - 00386560 _____ () C:\Users\Owner\Downloads\stat12t_0303.ppt
2014-10-01 10:47 - 2014-10-01 10:47 - 00223232 _____ () C:\Users\Owner\Downloads\stat12t_0301.ppt
2014-10-01 10:46 - 2014-06-09 19:23 - 00242488 _____ (ASUSTek Computer Inc.) C:\Users\Owner\Desktop\Setup.exe
2014-10-01 00:19 - 2014-10-01 00:19 - 13105628 _____ () C:\Users\Owner\Desktop\ATKPackage_Win81_64_VER100037.zip
2014-10-01 00:16 - 2014-10-01 00:16 - 10552296 _____ (Akamai Technologies, Inc.) C:\Users\Owner\Downloads\AsusInstaller (1).exe
2014-10-01 00:07 - 2014-10-01 00:07 - 10618134 _____ () C:\Users\Owner\Downloads\ATKPackage_Win7_64_Z100020.zip
2014-09-29 13:54 - 2014-09-29 13:54 - 31766208 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\Windows-KB890830-x64-V5.16.exe
2014-09-29 13:47 - 2014-09-29 13:48 - 122008832 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\msert (2).exe
2014-09-29 13:46 - 2014-09-29 13:46 - 00671408 _____ () C:\Users\Owner\Downloads\msert (1).exe
2014-09-29 13:44 - 2014-09-29 13:44 - 108003328 _____ () C:\Users\Owner\Downloads\msert.exe
2014-09-29 13:42 - 2014-10-01 21:05 - 00001101 _____ () C:\Users\Owner\Desktop\Continue Live Installation.lnk
2014-09-29 12:52 - 2014-10-02 12:52 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2014-09-29 12:52 - 2014-09-29 13:41 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2014-09-29 12:52 - 2014-09-29 13:36 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2014-09-29 12:52 - 2014-09-29 12:52 - 00002928 _____ () C:\Users\Owner\AppData\Roaming\aps.scan.results
2014-09-29 12:52 - 2014-09-29 12:52 - 00002808 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
2014-09-29 12:52 - 2014-09-29 12:52 - 00002806 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
2014-09-29 12:52 - 2014-09-29 12:52 - 00002806 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
2014-09-29 12:52 - 2014-09-29 12:52 - 00001204 _____ () C:\Users\Owner\AppData\Roaming\aps.scan.quick.results
2014-09-29 12:52 - 2014-09-29 12:52 - 00000318 _____ () C:\Users\Owner\AppData\Roaming\aps.uninstall.scan.results
2014-09-29 12:52 - 2014-09-29 12:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2014-09-29 12:50 - 2014-09-29 12:50 - 00627504 _____ (ClickMeIn Limited) C:\Users\Owner\AppData\Local\nsq494C.tmp
2014-09-29 12:50 - 2014-09-29 12:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\WSE_Astromenda
2014-09-29 12:10 - 2014-09-29 12:10 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-09-29 12:09 - 2014-10-02 14:14 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001UA.job
2014-09-29 12:09 - 2014-10-01 12:14 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001Core.job
2014-09-29 12:09 - 2014-09-29 12:09 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001UA
2014-09-29 12:09 - 2014-09-29 12:09 - 00003492 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001Core
2014-09-29 12:08 - 2014-09-29 12:08 - 00895120 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleVoiceAndVideoSetup.exe
2014-09-29 11:45 - 2014-09-29 11:45 - 00001108 _____ () C:\Users\Public\Desktop\PDF Annotator.lnk
2014-09-29 11:45 - 2014-09-29 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Annotator
2014-09-29 11:44 - 2014-09-29 11:45 - 00000000 ____D () C:\Program Files (x86)\PDF Annotator
2014-09-29 11:44 - 2014-09-29 11:44 - 26674688 _____ (GRAHL software design ) C:\Users\Owner\Downloads\PDFAnnotatorSetup (3).exe
2014-09-29 11:40 - 2014-09-29 11:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\VOPackage
2014-09-29 11:40 - 2014-09-29 11:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-09-29 11:39 - 2014-09-29 11:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TornTV.com
2014-09-29 11:39 - 2014-09-29 11:39 - 00443768 _____ () C:\Users\Owner\Downloads\PDF_Annotator_4.0.0.405_including_Serial (2).exe
2014-09-29 11:39 - 2014-09-29 11:39 - 00443768 _____ () C:\Users\Owner\Downloads\PDF_Annotator_4.0.0.405_including_Serial (1).exe
2014-09-29 11:39 - 2014-09-29 11:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2014-09-29 11:38 - 2014-09-29 11:38 - 00443768 _____ () C:\Users\Owner\Downloads\PDF_Annotator_4.0.0.405_including_Serial.exe
2014-09-29 11:36 - 2014-09-29 11:36 - 27844128 _____ (GRAHL software design ) C:\Users\Owner\Downloads\PDFAnnotatorSetup (2).exe
2014-09-29 11:36 - 2014-09-29 11:36 - 27844128 _____ (GRAHL software design ) C:\Users\Owner\Downloads\PDFAnnotatorSetup (1).exe
2014-09-29 11:32 - 2014-09-29 11:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\deskPDF Editor
2014-09-29 11:32 - 2014-09-29 11:32 - 00000961 _____ () C:\WINDOWS\deskinst.log
2014-09-29 11:32 - 2013-08-12 11:29 - 00081608 _____ () C:\WINDOWS\system32\ddcvt4.exe
2014-09-29 11:32 - 2013-08-12 11:28 - 00057032 _____ () C:\WINDOWS\system32\desksc.exe
2014-09-29 11:32 - 2013-06-17 17:40 - 00035944 _____ () C:\WINDOWS\system32\ddmon4-64x.dll
2014-09-29 11:30 - 2014-09-29 11:30 - 00370632 _____ ( ) C:\Users\Owner\Downloads\deskPDFStudio-X-WebInstaller_4002.exe
2014-09-29 11:29 - 2014-09-29 11:30 - 27844128 _____ (GRAHL software design ) C:\Users\Owner\Downloads\PDFAnnotatorSetup.exe
2014-09-28 16:09 - 2014-09-28 16:10 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apple Computer
2014-09-28 16:09 - 2014-09-28 16:09 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-28 16:09 - 2014-09-28 16:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple Computer
2014-09-28 16:09 - 2014-09-28 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-28 16:09 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-09-28 16:08 - 2014-09-28 16:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-28 16:08 - 2014-09-28 16:09 - 00000000 ____D () C:\Program Files\iTunes
2014-09-28 16:08 - 2014-09-28 16:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-28 16:08 - 2014-09-28 16:08 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-28 16:08 - 2014-09-28 16:08 - 00000000 ____D () C:\Program Files\iPod
2014-09-28 15:58 - 2014-09-28 15:58 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-28 15:58 - 2014-09-28 15:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple
2014-09-28 15:57 - 2014-09-28 15:58 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-28 15:57 - 2014-09-28 15:57 - 43118643 _____ () C:\Users\Owner\Downloads\MATH1P98 S4 Written notes 140925 by Nathaniel.rar
2014-09-28 15:57 - 2014-09-28 15:57 - 00000000 ____D () C:\ProgramData\Apple
2014-09-28 15:57 - 2014-09-28 15:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-28 15:57 - 2014-09-28 15:57 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-28 15:57 - 2014-09-28 15:57 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-28 15:54 - 2014-09-28 15:55 - 112794960 _____ (Apple Inc.) C:\Users\Owner\Downloads\iTunes64Setup.exe
2014-09-28 00:45 - 2014-09-28 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-27 21:48 - 2014-09-27 21:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\WinRAR
2014-09-27 21:48 - 2013-06-07 20:41 - 21622005 _____ () C:\Users\Owner\Desktop\Final.rar
2014-09-27 21:47 - 2014-09-27 21:47 - 01922688 _____ () C:\Users\Owner\Downloads\winrar-x64-511.exe
2014-09-27 21:47 - 2014-09-27 21:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-27 21:47 - 2014-09-27 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-27 21:47 - 2014-09-27 21:47 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-27 21:44 - 2014-09-27 21:45 - 21626994 _____ () C:\Users\Owner\Downloads\re_ astr 1p01 test.zip
2014-09-27 18:07 - 2014-09-27 18:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-27 18:07 - 2014-09-27 18:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-27 18:06 - 2014-09-27 18:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Avery
2014-09-27 18:00 - 2014-09-27 18:02 - 113017552 _____ (Avery Dennison Corp.) C:\Users\Owner\Downloads\Avery Wizard 5.0_20140331.exe
2014-09-27 17:58 - 2014-09-27 17:58 - 01035696 _____ (Ask.com) C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_.exe
2014-09-27 17:58 - 2014-09-27 17:58 - 01035696 _____ (Ask.com) C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_ (2).exe
2014-09-27 17:58 - 2014-09-27 17:58 - 01035696 _____ (Ask.com) C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_ (1).exe
2014-09-27 17:51 - 2014-09-27 17:51 - 00358176 _____ (3M Company ) C:\Users\Owner\Downloads\3M_MSO2010_Update.exe
2014-09-27 12:29 - 2013-09-09 14:54 - 00833752 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2014-09-27 12:29 - 2013-09-09 14:54 - 00074456 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2014-09-27 12:27 - 2014-09-27 12:27 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2014-09-27 12:26 - 2014-09-27 12:26 - 00000000 ____D () C:\WINDOWS\Options
2014-09-27 12:26 - 2014-09-27 12:26 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-09-27 12:26 - 2013-08-27 23:42 - 00086035 ____N () C:\WINDOWS\system32\athwbx.cat
2014-09-27 12:26 - 2013-08-15 20:13 - 03859968 ____N (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2014-09-27 12:26 - 2013-08-15 20:13 - 03859968 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
2014-09-27 12:23 - 2014-10-01 22:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\Akamai
2014-09-27 12:23 - 2014-09-27 12:23 - 10552296 _____ (Akamai Technologies, Inc.) C:\Users\Owner\Downloads\AsusInstaller.exe
2014-09-27 12:14 - 2014-09-27 12:14 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Owner\Downloads\setup (2).exe
2014-09-27 12:14 - 2014-09-27 12:14 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Owner\Downloads\setup (1).exe
2014-09-27 12:14 - 2014-09-27 12:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\DriverTuner
2014-09-27 11:57 - 2014-10-02 12:48 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-27 11:57 - 2014-09-27 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-18 00:37 - 2014-10-02 12:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ViberPC
2014-09-18 00:37 - 2014-09-18 00:37 - 00001078 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2014-09-18 00:37 - 2014-09-18 00:37 - 00001070 _____ () C:\Users\Owner\Desktop\Viber.lnk
2014-09-18 00:36 - 2014-10-02 12:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\Viber
2014-09-15 15:36 - 2014-09-29 11:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\PDF Annotator
2014-09-15 15:36 - 2014-09-15 15:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Softland
2014-09-15 13:59 - 2014-09-15 13:59 - 00010621 _____ () C:\Users\Owner\Documents\Book1.xlsx
2014-09-14 21:13 - 2014-08-23 03:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-14 21:13 - 2014-08-23 03:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-14 21:13 - 2014-08-23 00:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-14 21:13 - 2014-08-23 00:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-14 21:13 - 2014-08-23 00:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-14 21:13 - 2014-07-29 21:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-14 21:13 - 2014-07-29 01:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-14 21:12 - 2014-08-23 02:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-14 21:12 - 2014-08-23 01:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-14 21:12 - 2014-08-23 00:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-14 21:12 - 2014-08-23 00:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-14 21:12 - 2014-07-24 11:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-14 21:12 - 2014-07-24 11:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-14 21:12 - 2014-07-24 11:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-14 21:12 - 2014-07-24 11:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-09-14 21:12 - 2014-07-24 11:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-09-14 21:12 - 2014-07-24 11:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-14 21:12 - 2014-07-24 11:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-09-14 21:12 - 2014-07-24 11:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-14 21:12 - 2014-07-24 11:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-14 21:12 - 2014-07-24 11:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-14 21:12 - 2014-07-24 11:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-14 21:12 - 2014-07-24 11:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-09-14 21:12 - 2014-07-24 11:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-09-14 21:12 - 2014-07-24 11:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-14 21:12 - 2014-07-24 11:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-14 21:12 - 2014-07-24 11:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-09-14 21:12 - 2014-07-24 11:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-09-14 21:12 - 2014-07-24 11:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-09-14 21:12 - 2014-07-24 11:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-09-14 21:12 - 2014-07-24 11:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-14 21:12 - 2014-07-24 11:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-14 21:12 - 2014-07-24 11:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-09-14 21:12 - 2014-07-24 11:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-14 21:12 - 2014-07-24 11:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-09-14 21:12 - 2014-07-24 11:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-09-14 21:12 - 2014-07-24 10:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-14 21:12 - 2014-07-24 10:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-09-14 21:12 - 2014-07-24 09:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-14 21:12 - 2014-07-24 09:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-09-14 21:12 - 2014-07-24 09:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-09-14 21:12 - 2014-07-24 09:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-14 21:12 - 2014-07-24 09:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-14 21:12 - 2014-07-24 09:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-14 21:12 - 2014-07-24 09:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-14 21:12 - 2014-07-24 09:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-09-14 21:12 - 2014-07-24 09:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-14 21:12 - 2014-07-24 09:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-09-14 21:12 - 2014-07-24 07:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-09-14 21:12 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-09-14 21:12 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-09-14 21:12 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-09-14 21:12 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-09-14 21:12 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-09-14 21:12 - 2014-07-24 07:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-09-14 21:12 - 2014-07-24 07:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-09-14 21:12 - 2014-07-24 07:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-14 21:12 - 2014-07-24 07:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-14 21:12 - 2014-07-24 07:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-14 21:12 - 2014-07-24 07:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-09-14 21:12 - 2014-07-24 07:42 - 01200640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-09-14 21:12 - 2014-07-24 07:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-14 21:12 - 2014-07-24 07:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-09-14 21:12 - 2014-07-24 07:41 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2014-09-14 21:12 - 2014-07-24 07:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-09-14 21:12 - 2014-07-24 07:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-14 21:12 - 2014-07-24 07:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-14 21:12 - 2014-07-24 07:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2014-09-14 21:12 - 2014-07-24 07:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-09-14 21:12 - 2014-07-24 07:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-09-14 21:12 - 2014-07-24 07:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-14 21:12 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-09-14 21:12 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-09-14 21:12 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-09-14 21:12 - 2014-07-24 06:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-09-14 21:12 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-09-14 21:12 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-09-14 21:12 - 2014-07-24 06:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-09-14 21:12 - 2014-07-24 06:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-09-14 21:12 - 2014-07-24 06:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-14 21:12 - 2014-07-24 06:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-09-14 21:12 - 2014-07-24 06:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-09-14 21:12 - 2014-07-24 06:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-09-14 21:12 - 2014-07-24 06:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-09-14 21:12 - 2014-07-24 06:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-14 21:12 - 2014-07-24 06:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-14 21:12 - 2014-07-24 06:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-14 21:12 - 2014-07-24 06:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-09-14 21:12 - 2014-07-24 06:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-14 21:12 - 2014-07-24 06:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-09-14 21:12 - 2014-07-24 06:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-14 21:12 - 2014-07-24 05:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2014-09-14 21:12 - 2014-07-24 05:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-09-14 21:12 - 2014-07-24 05:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-14 21:12 - 2014-07-24 05:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-09-14 21:12 - 2014-07-24 05:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-09-14 21:12 - 2014-07-24 05:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-14 21:12 - 2014-07-24 05:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-09-14 21:12 - 2014-07-24 05:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-09-14 21:12 - 2014-07-24 05:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-14 21:12 - 2014-07-24 05:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-14 21:12 - 2014-07-24 05:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-09-14 21:12 - 2014-07-24 05:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-14 21:12 - 2014-07-24 05:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-09-14 21:12 - 2014-07-24 05:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-09-14 21:12 - 2014-07-24 05:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-09-14 21:12 - 2014-07-24 05:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-14 21:12 - 2014-07-24 05:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-14 21:12 - 2014-07-24 05:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-09-14 21:12 - 2014-07-24 05:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-09-14 21:12 - 2014-07-24 05:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-09-14 21:12 - 2014-07-24 05:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-09-14 21:12 - 2014-07-24 05:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-09-14 21:12 - 2014-07-24 05:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-14 21:12 - 2014-07-24 05:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-09-14 21:12 - 2014-07-24 05:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-09-14 21:12 - 2014-07-24 05:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-14 21:12 - 2014-07-24 05:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-14 21:12 - 2014-07-24 04:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-09-14 21:12 - 2014-07-24 04:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-14 21:12 - 2014-07-24 04:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-14 21:12 - 2014-07-24 04:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-09-14 21:12 - 2014-07-24 04:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-14 21:12 - 2014-07-24 04:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-14 21:12 - 2014-07-24 04:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-14 21:12 - 2014-07-24 04:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-09-14 21:12 - 2014-07-24 04:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-09-14 21:12 - 2014-07-24 04:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-09-14 21:12 - 2014-07-24 04:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-09-14 21:12 - 2014-07-24 04:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-14 21:12 - 2014-07-24 04:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-09-14 21:12 - 2014-07-24 04:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-14 21:12 - 2014-07-24 04:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-14 21:12 - 2014-07-24 04:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-14 21:12 - 2014-07-24 04:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-09-14 21:12 - 2014-07-24 04:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-14 21:12 - 2014-07-24 04:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 21:12 - 2014-07-24 04:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-09-14 21:12 - 2014-07-24 04:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-14 21:12 - 2014-07-24 04:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-14 21:12 - 2014-07-24 04:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-14 21:12 - 2014-07-24 04:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2014-09-14 21:12 - 2014-07-24 04:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-14 21:12 - 2014-07-24 04:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-09-14 21:12 - 2014-07-24 04:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-09-14 21:12 - 2014-07-24 04:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-14 21:12 - 2014-07-24 04:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-09-14 21:12 - 2014-07-24 04:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-09-14 21:12 - 2014-07-24 04:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-14 21:12 - 2014-07-24 04:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-09-14 21:12 - 2014-07-24 04:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-09-14 21:12 - 2014-07-24 04:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-09-14 21:12 - 2014-07-24 04:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 21:12 - 2014-07-24 04:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-14 21:12 - 2014-07-24 04:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-14 21:12 - 2014-07-24 04:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-14 21:12 - 2014-07-24 04:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-14 21:12 - 2014-07-24 04:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-09-14 21:12 - 2014-07-24 04:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-09-14 21:12 - 2014-07-24 04:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-14 21:12 - 2014-07-24 04:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-14 21:12 - 2014-07-24 04:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-09-14 21:12 - 2014-07-24 04:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-14 21:12 - 2014-07-24 04:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-14 21:12 - 2014-07-24 04:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-14 21:12 - 2014-07-24 04:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-09-14 21:12 - 2014-07-24 04:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-14 21:12 - 2014-07-24 04:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-14 21:12 - 2014-07-24 03:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-09-14 21:12 - 2014-07-24 03:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-09-14 21:12 - 2014-07-24 03:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-09-14 21:12 - 2014-07-24 03:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-09-14 21:12 - 2014-07-24 03:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-14 21:12 - 2014-07-24 03:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2014-09-14 21:12 - 2014-07-24 03:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-09-14 21:12 - 2014-07-24 03:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-14 21:12 - 2014-07-24 03:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-09-14 21:12 - 2014-07-24 03:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-14 21:12 - 2014-07-24 03:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-14 21:12 - 2014-07-24 03:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-09-14 21:12 - 2014-07-24 03:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-09-14 21:12 - 2014-07-24 03:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-14 21:12 - 2014-07-24 03:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-14 21:12 - 2014-07-24 03:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-14 21:12 - 2014-07-24 03:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-14 21:12 - 2014-07-24 03:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-14 21:12 - 2014-07-24 03:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-14 21:12 - 2014-07-24 00:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-09-14 21:12 - 2014-07-24 00:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-09-14 21:12 - 2014-07-12 01:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-09-14 21:12 - 2014-07-12 01:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-14 21:12 - 2014-07-12 00:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-09-14 21:12 - 2014-07-12 00:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-14 21:12 - 2014-07-12 00:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-14 21:12 - 2014-07-09 19:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-14 21:12 - 2014-07-04 08:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-09-14 21:12 - 2014-07-04 06:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-09-14 21:12 - 2014-07-04 06:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-14 21:12 - 2014-07-04 06:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-09-14 21:12 - 2014-07-04 06:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-14 21:12 - 2014-07-04 05:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-09-14 21:12 - 2014-07-04 05:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-09-14 21:12 - 2014-06-27 02:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-14 21:12 - 2014-06-25 20:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-14 21:12 - 2014-06-25 20:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-09-14 21:12 - 2014-06-19 19:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-14 21:12 - 2014-06-18 22:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-14 21:12 - 2014-06-14 02:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-09-14 21:12 - 2014-06-14 01:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-09-14 21:12 - 2014-06-07 08:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-14 21:12 - 2014-06-07 06:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-14 21:12 - 2014-06-05 10:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-09-14 21:12 - 2014-06-05 06:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-14 21:12 - 2014-06-05 05:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-14 21:12 - 2014-05-31 01:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-09-14 21:12 - 2014-05-31 00:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-09-14 21:12 - 2014-05-29 02:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-14 21:12 - 2014-05-29 01:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-14 21:12 - 2014-05-29 01:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-09-14 21:12 - 2014-05-29 00:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-09-14 21:12 - 2014-05-26 03:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-09-14 21:12 - 2014-05-10 06:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-09-14 21:12 - 2014-05-10 04:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-09-14 21:12 - 2014-05-06 00:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-14 21:12 - 2014-05-05 20:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-14 21:12 - 2014-03-24 22:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-09-14 21:12 - 2014-03-24 22:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-09-14 21:12 - 2014-03-24 21:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-09-14 21:12 - 2014-03-24 21:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-09-14 21:06 - 2014-08-14 20:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-14 14:16 - 2014-09-14 14:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2014-09-14 14:16 - 2014-09-14 14:16 - 00000000 ____D () C:\ProgramData\Samsung
2014-09-14 14:16 - 2014-09-14 14:16 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-09-14 14:16 - 2014-05-22 09:22 - 02738496 ____N () C:\WINDOWS\TotalUninstaller.exe
2014-09-14 14:12 - 2014-07-03 00:07 - 00000357 _____ () C:\WINDOWS\system32\usp01l.smt
2014-09-14 14:12 - 2014-04-16 04:22 - 00029184 _____ () C:\WINDOWS\system32\usp01l.dll
2014-09-14 14:12 - 2013-05-10 05:48 - 00162136 _____ () C:\WINDOWS\system32\usp01ci.exe
2014-09-14 14:12 - 2010-10-20 04:46 - 00089600 _____ (SS) C:\WINDOWS\system32\usp01ci.dll
2014-09-14 02:17 - 2014-09-14 02:17 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-09-14 02:17 - 2014-09-14 02:17 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-09-12 21:17 - 2014-09-12 21:17 - 00001917 _____ () C:\Users\Public\Desktop\XLSTAT 2014.lnk
2014-09-12 21:17 - 2014-09-12 21:17 - 00000000 __HDC () C:\ProgramData\{AFFFFE8C-B56A-4E3C-A174-4FBD3E4DA650}
2014-09-12 21:17 - 2014-09-12 21:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ADDINSOFT
2014-09-12 21:17 - 2014-09-12 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Addinsoft
2014-09-12 21:17 - 2014-09-12 21:17 - 00000000 ____D () C:\Program Files\Addinsoft
2014-09-12 11:46 - 2014-08-15 22:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-12 11:46 - 2014-08-15 22:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-12 11:46 - 2014-08-15 22:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-12 11:46 - 2014-08-15 22:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-12 11:46 - 2014-08-15 21:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-12 11:46 - 2014-08-15 21:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-12 11:46 - 2014-08-15 21:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-12 11:46 - 2014-08-15 21:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-12 11:46 - 2014-08-15 21:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-12 11:46 - 2014-08-15 21:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-12 11:46 - 2014-08-15 21:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-12 11:46 - 2014-08-15 21:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-12 11:46 - 2014-08-15 21:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-12 11:46 - 2014-08-15 21:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-12 11:46 - 2014-08-15 21:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-12 11:46 - 2014-08-15 21:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-12 11:46 - 2014-08-15 21:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-12 11:46 - 2014-08-15 21:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-12 11:46 - 2014-08-15 21:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-12 11:46 - 2014-08-15 21:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-12 11:46 - 2014-08-15 21:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-12 11:46 - 2014-08-15 20:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 11:46 - 2014-08-15 20:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-12 11:46 - 2014-08-15 20:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-12 11:46 - 2014-08-15 20:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-12 11:46 - 2014-08-15 20:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-12 11:46 - 2014-08-15 20:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-12 11:46 - 2014-08-15 20:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-12 11:46 - 2014-08-15 20:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-12 11:46 - 2014-08-15 20:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-12 11:46 - 2014-08-15 20:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-12 11:46 - 2014-08-15 20:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-12 11:46 - 2014-08-15 20:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-12 11:46 - 2014-08-15 20:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-12 11:46 - 2014-08-15 20:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-12 11:46 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-12 11:46 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-12 01:12 - 2014-09-12 01:12 - 00000000 ____D () C:\0b955d72feda568d4b0d28c1
2014-09-11 23:11 - 2014-08-01 20:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-11 23:10 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-11 23:10 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-11 08:16 - 2014-09-11 08:16 - 00000295 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Homegroup.lnk
2014-09-10 04:19 - 2014-09-10 04:19 - 00013459 _____ () C:\Users\Owner\Documents\Stats pg 87, #15.xlsx
2014-09-09 01:27 - 2014-09-28 10:43 - 00000000 ___RD () C:\Users\Owner\Google Drive
2014-09-09 01:27 - 2014-09-09 01:27 - 00001697 _____ () C:\Users\Owner\Desktop\Google Drive.lnk
2014-09-09 01:22 - 2014-09-09 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-09-08 02:32 - 2014-09-27 13:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2014-09-03 06:07 - 2014-09-13 16:39 - 00000000 ____D () C:\Users\Owner\Desktop\Fall 2014
2014-09-03 05:46 - 2014-10-02 12:57 - 00004958 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Owner-PC-Owner Owner-PC
2014-09-03 05:46 - 2014-10-02 12:47 - 00000000 __RDO () C:\Users\Owner\OneDrive
2014-09-02 09:59 - 2014-09-02 09:59 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-09-02 09:59 - 2014-09-02 09:59 - 00000000 ____D () C:\Program Files\Realtek
2014-09-02 09:58 - 2014-09-02 10:00 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-09-02 09:58 - 2012-07-18 00:26 - 04094608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2014-09-02 09:58 - 2012-07-16 22:23 - 00109200 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2014-09-02 09:58 - 2012-07-16 20:09 - 00317061 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2014-09-02 09:58 - 2012-07-16 17:16 - 03643024 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2014-09-02 09:58 - 2012-07-16 17:11 - 05821952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2014-09-02 09:58 - 2012-07-03 20:14 - 02692752 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2014-09-02 09:58 - 2012-07-02 18:39 - 01264272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2014-09-02 09:58 - 2012-06-27 17:38 - 07860600 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek.dll
2014-09-02 09:58 - 2012-06-27 17:37 - 02603896 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib.dll
2014-09-02 09:58 - 2012-06-21 14:00 - 00583808 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2014-09-02 09:58 - 2012-06-20 20:26 - 00110592 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2014-09-02 09:58 - 2012-06-15 14:20 - 07163784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2014-09-02 09:58 - 2012-06-15 14:20 - 00433544 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2014-09-02 09:58 - 2012-06-15 14:20 - 00141192 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2014-09-02 09:58 - 2012-06-15 14:20 - 00123784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2014-09-02 09:58 - 2012-06-15 14:20 - 00074632 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2014-09-02 09:58 - 2012-06-06 13:44 - 00869520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2014-09-02 09:58 - 2012-05-25 21:06 - 01706640 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2014-09-02 09:58 - 2012-04-10 17:40 - 02533952 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2014-09-02 09:58 - 2012-04-03 21:42 - 01345368 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek264.dll
2014-09-02 09:58 - 2012-04-03 21:42 - 01015640 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2014-09-02 09:58 - 2012-03-08 14:47 - 00202336 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2014-09-02 09:58 - 2012-03-08 14:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2014-09-02 09:58 - 2012-02-17 18:54 - 00396632 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2014-09-02 09:58 - 2012-01-30 14:43 - 00836544 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2014-09-02 09:58 - 2012-01-24 01:30 - 00537456 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2014-09-02 09:58 - 2012-01-24 01:30 - 00524656 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2014-09-02 09:58 - 2012-01-24 01:30 - 00449392 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2014-09-02 09:58 - 2012-01-10 13:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2014-09-02 09:58 - 2011-12-20 18:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2014-09-02 09:58 - 2011-12-18 20:58 - 02131288 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ.dll
2014-09-02 09:58 - 2011-12-13 19:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2014-09-02 09:58 - 2011-11-22 19:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2014-09-02 09:58 - 2011-09-02 17:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2014-09-02 09:58 - 2011-09-02 17:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2014-09-02 09:58 - 2011-09-02 17:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2014-09-02 09:58 - 2011-08-23 20:00 - 00603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2014-09-02 09:58 - 2011-05-31 12:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2014-09-02 09:58 - 2011-05-31 12:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2014-09-02 09:58 - 2011-05-31 12:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2014-09-02 09:58 - 2011-05-31 12:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2014-09-02 09:58 - 2011-05-31 12:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2014-09-02 09:58 - 2011-05-31 12:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2014-09-02 09:58 - 2011-05-31 12:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2014-09-02 09:58 - 2011-05-31 12:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2014-09-02 09:58 - 2011-05-31 12:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2014-09-02 09:58 - 2011-05-31 12:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2014-09-02 09:58 - 2011-05-31 12:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2014-09-02 09:58 - 2011-05-31 12:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2014-09-02 09:58 - 2011-03-17 15:17 - 01361336 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2014-09-02 09:58 - 2011-03-07 20:11 - 00148416 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2014-09-02 09:58 - 2010-11-08 10:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2014-09-02 09:58 - 2010-11-08 10:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2014-09-02 09:58 - 2010-11-08 10:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2014-09-02 09:58 - 2010-11-08 10:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2014-09-02 09:58 - 2010-11-08 10:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2014-09-02 09:58 - 2010-11-08 10:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2014-09-02 09:58 - 2010-11-03 21:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2014-09-02 09:58 - 2010-10-03 16:46 - 00341336 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2014-09-02 09:58 - 2010-09-27 12:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2014-09-02 09:58 - 2010-07-22 19:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2014-09-02 09:58 - 2009-11-24 12:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2014-09-02 09:58 - 2009-11-24 12:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2014-09-02 09:58 - 2009-11-24 12:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2014-09-02 09:58 - 2009-11-24 12:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2014-09-02 09:53 - 2014-09-02 09:55 - 105864142 _____ () C:\Users\Owner\Downloads\Audio_Realtek_Win8_64_Z6016685.zip
2014-09-02 09:50 - 2014-09-02 09:50 - 02822656 _____ (LionSea SoftWare ) C:\Users\Owner\Downloads\setup.exe
2014-09-02 09:31 - 2014-09-02 09:31 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-09-02 09:31 - 2014-09-02 09:31 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-09-02 09:31 - 2014-09-02 09:31 - 00000000 ____D () C:\ProgramData\Sun
2014-09-02 09:31 - 2014-09-02 09:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-02 09:31 - 2014-09-02 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-02 09:30 - 2014-09-02 09:30 - 00918440 _____ (Oracle Corporation) C:\Users\Owner\Downloads\chromeinstall-7u67.exe
2014-09-02 03:40 - 2014-09-19 23:49 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Skype
2014-09-02 03:40 - 2014-09-02 03:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Skype
2014-09-02 03:24 - 2014-09-02 03:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVAST Software
2014-09-02 03:23 - 2014-09-16 13:38 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-09-02 03:23 - 2014-09-16 11:29 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-09-02 03:23 - 2014-09-16 11:29 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-02 03:23 - 2014-09-02 03:23 - 00001444 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-02 03:23 - 2014-09-02 03:23 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-09-02 03:23 - 2014-09-02 03:23 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-09-02 03:23 - 2014-09-02 03:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\Packages
2014-09-02 03:23 - 2014-09-02 03:23 - 00000000 ____D () C:\Users\Guest
2014-09-02 03:23 - 2014-09-01 00:51 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-09-02 03:23 - 2014-08-26 01:13 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-02 03:23 - 2014-08-26 01:13 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-02 03:23 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-09-02 03:23 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-09-02 03:23 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-02 03:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-02 14:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-02 13:13 - 2014-08-20 21:17 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3370461647-3336877132-2924935656-1001
2014-10-02 13:07 - 2014-08-20 21:09 - 01049004 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-02 12:53 - 2014-08-22 23:48 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-02 12:47 - 2014-08-22 23:48 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-02 02:17 - 2014-08-24 01:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-10-01 22:43 - 2014-08-20 21:12 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-01 20:34 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-01 20:34 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-01 12:48 - 2014-08-20 20:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-10-01 01:14 - 2014-08-20 21:04 - 00000000 ____D () C:\Users\Owner
2014-09-30 00:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-29 21:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-29 13:41 - 2014-08-20 21:01 - 00037310 _____ () C:\WINDOWS\PFRO.log
2014-09-29 12:10 - 2014-08-22 23:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-28 00:46 - 2014-08-24 01:07 - 00000000 ____D () C:\ProgramData\Skype
2014-09-28 00:45 - 2014-08-24 01:07 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-28 00:45 - 2014-08-24 01:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-27 17:33 - 2014-08-31 19:12 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-09-27 16:23 - 2014-08-31 18:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
2014-09-27 12:29 - 2014-08-20 21:45 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-27 11:57 - 2014-08-22 23:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-24 14:26 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-23 18:34 - 2013-08-22 10:44 - 00481832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-23 17:26 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-21 16:15 - 2013-08-22 10:46 - 00292986 _____ () C:\WINDOWS\setupact.log
2014-09-16 20:58 - 2013-08-22 15:11 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-09-16 20:58 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-15 18:18 - 2014-08-30 20:06 - 00000000 ____D () C:\Users\Owner\Desktop\Important Docs
2014-09-15 14:15 - 2014-08-31 18:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 14:14 - 2014-08-31 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-14 14:28 - 2014-08-27 04:08 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-09-12 21:17 - 2013-08-22 09:25 - 00000204 _____ () C:\WINDOWS\win.ini
2014-09-12 11:47 - 2014-08-22 23:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-12 11:47 - 2014-08-22 23:34 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-12 11:47 - 2014-08-22 23:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-12 11:46 - 2014-08-22 23:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-12 11:46 - 2014-08-22 23:34 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-12 11:46 - 2014-08-22 23:34 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-12 11:46 - 2014-08-22 23:34 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-12 11:46 - 2014-08-22 23:34 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-12 11:46 - 2014-08-22 23:34 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-12 11:46 - 2014-08-22 23:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-12 11:46 - 2014-08-22 23:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-12 11:46 - 2014-08-22 23:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-12 11:46 - 2014-08-22 23:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-12 11:46 - 2014-08-22 23:34 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-12 01:15 - 2014-08-30 12:51 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-09-12 01:12 - 2014-08-23 21:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 04:56 - 2014-08-20 20:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-09-09 01:18 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-09-04 10:52 - 2014-08-30 20:14 - 00003096 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3370461647-3336877132-2924935656-1001
2014-09-03 05:46 - 2014-08-30 20:14 - 00000000 ___RD () C:\Users\Owner\OneDrive.old
2014-09-02 18:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-02 18:49 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-02 16:06 - 2014-08-24 16:15 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 16:06 - 2014-08-24 16:15 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-02 09:31 - 2014-08-20 23:52 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-09-02 09:31 - 2014-08-20 23:52 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-09-02 09:31 - 2014-08-20 23:52 - 00000000 ____D () C:\Program Files (x86)\Java
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\bitool.dll
C:\Users\Owner\AppData\Local\Temp\dlLogic.exe
C:\Users\Owner\AppData\Local\Temp\dltr.exe
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpen8r58.dll
C:\Users\Owner\AppData\Local\Temp\GCVerifier.dll
C:\Users\Owner\AppData\Local\Temp\optprosetup.exe
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\s2pc.exe
C:\Users\Owner\AppData\Local\Temp\s2rk.exe
C:\Users\Owner\AppData\Local\Temp\s5pg.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\verifier.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-28 11:50
 
==================== End Of Log ============================
 
 
Addition.txt :
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-10-2014 01
Ran by Owner at 2014-10-02 14:28:34
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3M Products Update version 2012-05 for Microsoft Office 2010 (HKLM-x32\...\{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1) (Version:  - 3M Company)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.9 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Avery Wizard 5.0 (HKLM\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9719DFA1-7CB0-422E-98AE-C77FD3426BE8}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nalpeiron Service Update to 7.3.5 (HKLM-x32\...\Nalpeiron Service Update to 7.3.5) (Version: 7.3.5 - Nalpeiron)
Nalpeiron Service Update to 7.3.5 (x32 Version: 7.3.5 - Nalpeiron) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Annotator 4.0.0.414 (HKLM-x32\...\PDFAnnotator_is1) (Version: 4.0.0.414 - GRAHL software design)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C675FC43-E413-49A7-B3DC-44967B4FE22D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3BE27413-9FFE-4AB1-9013-344E111E718F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Viber (HKCU\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XLSTAT 2014 (HKLM-x32\...\{68B36FA5-E276-4C03-A56C-EC25717E1668}) (Version: 16.4.09. - Addinsoft)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Avery\Avery Wizard 5.0\AvWizRes.dll (Avery Products Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
15-09-2014 18:12:43 Windows Update
23-09-2014 21:25:04 Windows Update
27-09-2014 16:29:17 Installed Realtek Ethernet Controller Driver
28-09-2014 19:58:01 Installed iTunes
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {025B148B-333D-4024-80A7-C83BE77F20D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {19E30186-4F2E-4A4D-84FD-8474C0F96D74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1F153926-24ED-4EE1-9814-41F543E3E3B4} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {3527C509-FE5B-44F1-81CC-9FAF72E5D277} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4013FF64-3ADC-44C8-9CEE-6B8178619E19} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {437FB8B6-D99F-4BA9-AB8C-2A4E003D9977} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4CA9D706-2C80-4D86-BF93-1C2DA372E58E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {67FD6561-11AB-4747-A52F-51FE50446573} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Owner-PC-Owner Owner-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7D5EAE1E-C44D-4F41-B9ED-9E8F8B094CDE} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {7EB402B3-8F3B-41AE-8949-D2DCBFDE4C46} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9063DDD1-9A74-451C-A2F3-B3FF06D0155C} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A36E4749-D916-4CF8-B870-439AE9C86A96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-22] (Google Inc.)
Task: {AC0CF65E-33AA-4FC3-8641-F7B5D2CDFB3C} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {ACF7D1F0-76C2-4058-877D-6D02D6084B8A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {B32486F2-B17D-4B19-8F21-F407E0E48EA0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B67CF202-5870-444D-9273-7F5AD860B19A} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {B7F3342D-4217-4138-A92D-0DD67AA5A3A5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-31] (AVAST Software)
Task: {CD77CBCB-0BB1-42C4-A03B-B1B147859721} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3370461647-3336877132-2924935656-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E5ACD06D-337D-42D8-A4F3-F07B94B704C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-22] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F4A7C1BF-FC7E-4866-9D04-2E6FE41A2F59} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-29 11:32 - 2013-06-17 17:40 - 00035944 _____ () C:\WINDOWS\system32\ddmon4-64x.dll
2009-08-03 07:48 - 2009-08-03 07:48 - 00027648 _____ () C:\WINDOWS\System32\sso1ml6.dll
2014-09-14 14:12 - 2014-04-16 04:22 - 00029184 _____ () C:\WINDOWS\System32\usp01l.dll
2014-09-29 11:40 - 2014-09-29 11:40 - 00071680 _____ () C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe
2014-08-19 06:50 - 2014-08-19 06:50 - 00010240 _____ () C:\Users\Owner\AppData\Roaming\TornTV.com\TornTVSvc.exe
2014-07-27 14:41 - 2014-07-27 14:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-01 16:02 - 2013-10-01 16:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-18 00:37 - 2014-07-24 13:40 - 00936656 _____ () C:\Users\Owner\AppData\Local\Viber\Viber.exe
2014-08-31 19:11 - 2014-08-31 19:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-01 14:43 - 2014-10-01 14:43 - 02867712 _____ () C:\Program Files\AVAST Software\Avast\defs\14100101\algo.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-21 00:13 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 43532288 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\libViber.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00770048 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\libGLESv2.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00098304 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\qfacebook.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00172032 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\libexif.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00049152 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\libEGL.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00876544 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\platforms\qwindows.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00024576 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qgif.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00024576 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qico.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00204800 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qjpeg.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00221184 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qmng.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00016384 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qsvg.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00016384 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qtga.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00311296 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qtiff.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00016384 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qwbmp.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00638976 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\sqldrivers\qsqlite.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00032768 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\iconengines\qsvgicon.dll
2014-08-31 19:11 - 2014-08-31 19:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-27 11:57 - 2014-09-23 00:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-27 11:57 - 2014-09-23 00:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-27 11:57 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-27 11:57 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-27 11:57 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Owner\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKCU\...\StartupApproved\StartupFolder: => "TornTvDownloader.lnk"
HKCU\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKCU\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKCU\...\StartupApproved\Run: => "TornTv Downloader"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3370461647-3336877132-2924935656-500 - Administrator - Disabled)
Guest (S-1-5-21-3370461647-3336877132-2924935656-501 - Limited - Enabled) => C:\Users\Guest
Owner (S-1-5-21-3370461647-3336877132-2924935656-1001 - Administrator - Enabled) => C:\Users\Owner
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/02/2014 01:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1062
 
Error: (10/02/2014 01:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1062
 
Error: (10/02/2014 01:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/02/2014 01:13:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109
 
Error: (10/02/2014 01:13:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109
 
Error: (10/02/2014 01:13:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/02/2014 00:55:38 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
 
Error: (10/01/2014 10:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2698844
 
Error: (10/01/2014 10:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2698844
 
Error: (10/01/2014 10:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (09/29/2014 03:50:46 PM) (Source: DCOM) (EventID: 10016) (User: OWNER-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Owner-PCOwnerS-1-5-21-3370461647-3336877132-2924935656-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2014 03:50:46 PM) (Source: DCOM) (EventID: 10016) (User: OWNER-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Owner-PCOwnerS-1-5-21-3370461647-3336877132-2924935656-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2014 03:50:46 PM) (Source: DCOM) (EventID: 10016) (User: OWNER-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Owner-PCOwnerS-1-5-21-3370461647-3336877132-2924935656-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2014 03:50:46 PM) (Source: DCOM) (EventID: 10016) (User: OWNER-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Owner-PCOwnerS-1-5-21-3370461647-3336877132-2924935656-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2014 03:50:46 PM) (Source: DCOM) (EventID: 10016) (User: OWNER-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Owner-PCOwnerS-1-5-21-3370461647-3336877132-2924935656-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2014 03:50:45 PM) (Source: DCOM) (EventID: 10016) (User: OWNER-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Owner-PCOwnerS-1-5-21-3370461647-3336877132-2924935656-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2014 03:50:45 PM) (Source: DCOM) (EventID: 10016) (User: OWNER-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Owner-PCOwnerS-1-5-21-3370461647-3336877132-2924935656-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2014 03:50:45 PM) (Source: DCOM) (EventID: 10016) (User: OWNER-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Owner-PCOwnerS-1-5-21-3370461647-3336877132-2924935656-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2014 03:50:45 PM) (Source: DCOM) (EventID: 10016) (User: OWNER-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Owner-PCOwnerS-1-5-21-3370461647-3336877132-2924935656-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/29/2014 03:50:45 PM) (Source: DCOM) (EventID: 10016) (User: OWNER-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Owner-PCOwnerS-1-5-21-3370461647-3336877132-2924935656-1001LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (10/02/2014 01:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1062
 
Error: (10/02/2014 01:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1062
 
Error: (10/02/2014 01:38:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/02/2014 01:13:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109
 
Error: (10/02/2014 01:13:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109
 
Error: (10/02/2014 01:13:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/02/2014 00:55:38 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
 
Error: (10/01/2014 10:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2698844
 
Error: (10/01/2014 10:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2698844
 
Error: (10/01/2014 10:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-31 19:11:05.611
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.545
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.474
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.340
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.275
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.210
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.146
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.077
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:00.106
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 23%
Total physical RAM: 8077.53 MB
Available physical RAM: 6203.88 MB
Total Pagefile: 9357.53 MB
Available Pagefile: 7079.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:687.03 GB) (Free:644.61 GB) NTFS
Drive e: (DATA) (Fixed) (Total:244.14 GB) (Free:235.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 98629B49)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=687 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-02 14:30:37
-----------------------------
14:30:37.290    OS Version: Windows x64 6.2.9200 
14:30:37.290    Number of processors: 8 586 0x3A09
14:30:37.291    ComputerName: OWNER-PC  UserName: Owner
14:30:39.052    Initialize success
14:30:39.052    VM: initialized successfully
14:30:39.083    VM: Intel CPU supported virtualized 
14:30:47.865    VM: supported disk I/O storport.sys
14:30:51.500    AVAST engine defs: 14100101
14:31:03.586    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000033
14:31:03.588    Disk 0 Vendor: HGST_HTS541010A9E680 JA0OA560 Size: 953869MB BusType: 11
14:31:03.709    VM: Disk 0 MBR read successfully
14:31:03.712    Disk 0 MBR scan
14:31:03.721    Disk 0 Windows 7 default MBR code
14:31:03.729    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          350 MB offset 2048
14:31:03.743    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       703517 MB offset 718848
14:31:03.769    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       249999 MB offset 1441521664
14:31:03.863    Disk 0 scanning C:\WINDOWS\system32\drivers
14:31:13.067    Service scanning
14:31:49.623    Modules scanning
14:31:49.624    Disk 0 trace - called modules:
14:31:49.674    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys storahci.sys hal.dll 
14:31:49.676    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0008b7e65a0]
14:31:49.676    3 CLASSPNP.SYS[fffff8001cfa127b] -> nt!IofCallDriver -> [0xffffe0008a5aaa90]
14:31:49.676    5 ACPI.sys[fffff8001ca207aa] -> nt!IofCallDriver -> \Device\00000033[0xffffe0008a5a9060]
14:31:51.540    AVAST engine scan C:\WINDOWS
14:31:54.784    AVAST engine scan C:\WINDOWS\system32
14:34:09.425    AVAST engine scan C:\WINDOWS\system32\drivers
14:34:22.758    AVAST engine scan C:\Users\Owner
14:35:23.282    File: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000  **INFECTED** Win32:Dropper-gen [Drp]
14:36:22.011    File: C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCache\IE\7SL6HI2U\Setup[2].exe  **INFECTED** Win32:Malware-gen
14:37:57.299    File: C:\Users\Owner\AppData\Local\Temp\ICReinstall_nslBB73.tmp  **INFECTED** Win32:Malware-gen
14:37:57.524    File: C:\Users\Owner\AppData\Local\Temp\is45637729\152320912_stp\Generic_vo.exe  **INFECTED** Win32:Dropper-gen [Drp]
14:37:57.699    File: C:\Users\Owner\AppData\Local\Temp\is45637729\155922284_stp\Generic_vo.exe  **INFECTED** Win32:Dropper-gen [Drp]
14:37:58.358    File: C:\Users\Owner\AppData\Local\Temp\is45637729\259670_stp\Generic_vo.exe  **INFECTED** Win32:Dropper-gen [Drp]
14:37:59.296    File: C:\Users\Owner\AppData\Local\Temp\nslBB73.tmp  **INFECTED** Win32:Malware-gen
14:42:12.585    File: C:\Users\Owner\Downloads\PDF_Annotator_4.0.0.405_including_Serial (1).exe  **INFECTED** Win32:Dropper-gen [Drp]
14:42:12.619    File: C:\Users\Owner\Downloads\PDF_Annotator_4.0.0.405_including_Serial (2).exe  **INFECTED** Win32:Dropper-gen [Drp]
14:42:12.646    File: C:\Users\Owner\Downloads\PDF_Annotator_4.0.0.405_including_Serial.exe  **INFECTED** Win32:Dropper-gen [Drp]
14:42:25.069    AVAST engine scan C:\ProgramData
14:43:06.016    Scan finished successfully
14:43:18.454    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\Virus Clearing\MBR.dat"
14:43:18.458    The log file has been saved successfully to "C:\Users\Owner\Desktop\Virus Clearing\aswMBR.txt"
 
 
Checkup.txt
 
 

 Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java™ 6 Update 17  
 Adobe Reader XI  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#4 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 03 October 2014 - 07:07 AM

Hello, ReaImage 13.

 

Thank you for your logs.  There are several items that need attention.  Let's begin eliminating the junk.

 

Please run the following scans

 

1.  AdwCleaner

 

Please download AdwCleaner from HERE.

  • Double click on adwcleaner.exe.  Note:  Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

2.  Junkware Removal Tool

 

Please download Junkware Removal Tool from HERE and save it to your desktop.

  • Shutdown your antivirus to avoid any potential conflicts.
  • Right-mouse click JRT.exe and select Run as Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.

Post the contents of JRT.txt into your next reply.

 

3.  Malwarebytes Anti-Malware

 

Please download Malwarebytes from HERE.

 

MBAMDashboard_zpsddef9b5f.gif

 

  • On the Dashboard click on Update Now.
  • Go to the Setting Tab.
  • Click Settings > Click Detection and Protection.
  • Under Non-Malware Protection, make sure that both PUP and PUM are set to show Treat detections as malware.
  • Click Advanced Settings > Check mark Automatically Quarantine Detected Items.
  • On the Dashboard, click Scan.
  • Select Threat Scan > Click Scan Now.
  • When the scan is finished and the log pops up...select Copy to Clipboard.
  • Please paste the log back into this thread for review.
  • Exit Malwarebytes.

 

Checklist:  In your next reply, please post the following:

  • AdwCleaner [R0].txt
  • JRT.txt
  • Malwarebytes log

 



#5 Realmage13

Realmage13

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 03 October 2014 - 07:52 AM

Hello :)

 

Just as a clarification, I haven't clicked "clean" after the scan on any of the scans!

 

# AdwCleaner v3.311 - Report created 03/10/2014 at 09:22:08
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : 70e6ca8c
Service Found : servervo
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Owner\AppData\Roaming\aps.scan.quick.results
File Found : C:\Users\Owner\AppData\Roaming\aps.scan.results
File Found : C:\Users\Owner\AppData\Roaming\aps.uninstall.scan.results
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Folder Found : C:\Users\Owner\AppData\Roaming\ap_logs
Folder Found : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Folder Found : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Found : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Found : C:\Users\Owner\AppData\Roaming\TornTV.com
Folder Found : C:\Users\Owner\AppData\Roaming\VOPackage
Folder Found : C:\Users\Owner\AppData\Roaming\wse_astromenda
 
***** [ Scheduled Tasks ] *****
 
Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Torntv Downloader]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17278
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://astromenda.com/?f=1&a=ast_cmi_14_40_ch&cd=2XzuyEtN2Y1L1QzuyC0CyBtC0DzytB0CtDyC0FzytByD0FzztN0D0Tzu0StCtDtDtAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzyzzyE0DtC0A0CtGtA0AtAtCtGzz0Bzy0BtGtCtCtBtDtGtAyEtA0A0B0AyBtByCzy0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCtCtDzyzytDtAtGyEyEyDyBtGyEyB0FyCtGzytA0E0BtGyC0B0F0E0FtC0DyBzyyE0F0D2Q&cr=746934215&ir=
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4778 octets] - [03/10/2014 09:22:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4838 octets] ##########
 
 
jrt.txt
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.7 (10.03.2014:1)
OS: Windows 8.1 x64
Ran by Owner on Fri 10/03/2014 at  9:26:46.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] 70e6ca8c 
Successfully deleted: [Service] 70e6ca8c 
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\optimizer pro
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\Users\Owner\AppData\Roaming\torntv.com"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\microsoft\windows\start menu\programs\torntv.com"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/03/2014 at  9:29:14.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes Log
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/3/2014
Scan Time: 9:33:49 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.03.03
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354576
Time Elapsed: 11 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.VOPackage.A, C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe, 2032, , [fe5120f0aad2d26407dfb171ea19fa06]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 9
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, , [6ee11bf52359cd696ab2345ff80a847c], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, , [6ee11bf52359cd696ab2345ff80a847c], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, , [6ee11bf52359cd696ab2345ff80a847c], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, , [6ee11bf52359cd696ab2345ff80a847c], 
PUP.Optional.VOPackage.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\servervo, , [fe5120f0aad2d26407dfb171ea19fa06], 
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, , [1639ea26ceae78be0c3b94eafa0ad62a], 
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3370461647-3336877132-2924935656-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [f15e7f912f4deb4bd63ae2782adabc44], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3370461647-3336877132-2924935656-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [361927e9fc80c67092d2c181818240c0], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3370461647-3336877132-2924935656-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [75da0b051f5d41f5754bfa5ed232ec14], 
 
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3370461647-3336877132-2924935656-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2Y1E2Z1G1J1T1M, , [75da0b051f5d41f5754bfa5ed232ec14]
 
Registry Data: 1
 
Folders: 3
PUP.Optional.VOPackage, C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage, , [b59ac947b8c49e984a18140641c2956b], 
PUP.Optional.Astromenda.A, C:\Users\Owner\AppData\Roaming\WSE_Astromenda, , [a4abbb55621a2511ed60f3118d765da3], 
PUP.Optional.Astromenda.A, C:\Users\Owner\AppData\Roaming\WSE_Astromenda\icons_3.2.1.5, , [a4abbb55621a2511ed60f3118d765da3], 
 
Files: 20
PUP.Optional.Multiplug, C:\Users\Owner\AppData\Local\Temp\s5pg.exe, , [6ee11bf52359cd696ab2345ff80a847c], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\verifier.exe, , [cb840808304cd36323c387bb916f06fa], 
PUP.Optional.Multiplug, C:\Users\Owner\AppData\Local\Temp\s2pc.exe, , [e768cc442f4dd95d4d34aa106f9214ec], 
PUP.Optional.Multiplug, C:\Users\Owner\AppData\Local\Temp\s2rk.exe, , [a0af3ed2adcff4425829dddd6998c040], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\GCVerifier.dll, , [58f79b7536469b9bd41086bc867a8977], 
PUP.Optional.Somoto, C:\Users\Owner\AppData\Local\Temp\bitool.dll, , [3f10a868d9a37cbab6a3fc6857abb64a], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\dlLogic.exe, , [7cd3df317606f244a441bd85986813ed], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\dltr.exe, , [0748c14fb5c778be1cca142e8e728779], 
PUP.Optional.Somoto, C:\Users\Owner\AppData\Local\Temp\nsfC529.tmp, , [6ce314fcfd7fe94db13e5d4f41c042be], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\nsu8414.tmp\embededstub.exe, , [fb548b85403c51e50ed73e04bf41e020], 
PUP.Optional.OpenCandy, C:\Users\Owner\Downloads\DTLite4491-0356.exe, , [75da040cfc802511add682b52cd9a25e], 
PUP.Optional.Downloader, C:\Users\Owner\Downloads\Iggy_Azalea_Ft_Rita_Ora_-_Black_Widow_downloader.exe, , [3d129080f6868caaaa0d2d290df3ab55], 
PUP.Optional.OneClickDownloader.A, C:\Users\Owner\Downloads\PDF_Annotator_4.0.0.405_including_Serial (1).exe, , [b09f98788bf13df9bdccef359170c040], 
PUP.Optional.OneClickDownloader.A, C:\Users\Owner\Downloads\PDF_Annotator_4.0.0.405_including_Serial (2).exe, , [9bb42be54d2f2a0cec9d7fa533ce847c], 
PUP.Optional.OneClickDownloader.A, C:\Users\Owner\Downloads\PDF_Annotator_4.0.0.405_including_Serial.exe, , [a7a8ea26423aa591c3c660c4f20f9f61], 
PUP.Optional.TornTV.A, C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk, , [91be4bc57dfffe38223ae826649f32ce], 
PUP.Optional.VOPackage, C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk, , [b59ac947b8c49e984a18140641c2956b], 
PUP.Optional.VOPackage.A, C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe, , [fe5120f0aad2d26407dfb171ea19fa06], 
PUP.Optional.VOPackage.A, C:\Users\Owner\AppData\Roaming\VOPackage\VOPackage.exe, , [db74b25e7dff62d44a5a6fbcec179d63], 
PUP.Optional.Astromenda.A, C:\Users\Owner\AppData\Roaming\WSE_Astromenda\icons_3.2.1.5\ctr.ico, , [a4abbb55621a2511ed60f3118d765da3], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#6 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 03 October 2014 - 11:14 AM

Hello, ReaImage13.  Thank you for your log reports. 

 

Please rerun the following scan

 

AdwCleaner

 

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • This time, after the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleanerto restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

Checklist:  In your next reply, please post the following:

  • AdwCleaner[S0].txt
  • Let me know how your computer is running at this stage.

 



#7 Realmage13

Realmage13

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 03 October 2014 - 02:18 PM

# AdwCleaner v3.311 - Report created 03/10/2014 at 15:41:14
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : servervo
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Owner\AppData\Roaming\ap_logs
Folder Deleted : C:\Users\Owner\AppData\Roaming\TornTV.com
Folder Deleted : C:\Users\Owner\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Owner\AppData\Roaming\wse_astromenda
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
File Deleted : C:\Users\Owner\AppData\Roaming\aps.scan.quick.results
File Deleted : C:\Users\Owner\AppData\Roaming\aps.scan.results
File Deleted : C:\Users\Owner\AppData\Roaming\aps.uninstall.scan.results
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Torntv Downloader]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17278
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://websearch.searchinweb.info/?l=1&q={searchTerms}&pid=1909&r=2014/02/03&hid=5125412146862677693&lg=EN&cc=CA&unqvl=47
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3329908&octid=EB_ORIGINAL_CTID&ISID=MCC0EFDF2-3F25-4B27-9A8B-141A3DE103E2&SearchSource=58&CUI=&UM=2&UP=SP73859256-BA0B-470C-A5AF-9E67C7B8C9FF&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_cmi_14_40_ch&cd=2XzuyEtN2Y1L1QzuyC0CyBtC0DzytB0CtDyC0FzytByD0FzztN0D0Tzu0StCtDtDtAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzyzzyE0DtC0A0CtGtA0AtAtCtGzz0Bzy0BtGtCtCtBtDtGtAyEtA0A0B0AyBtByCzy0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCtCtDzyzytDtAtGyEyEyDyBtGyEyB0FyCtGzytA0E0BtGyC0B0F0E0FtC0DyBzyyE0F0D2Q&cr=746934215&ir=
 
*************************
 
AdwCleaner[R0].txt - [4954 octets] - [03/10/2014 09:22:08]
AdwCleaner[R1].txt - [4090 octets] - [03/10/2014 15:39:26]
AdwCleaner[S0].txt - [4315 octets] - [03/10/2014 15:41:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4375 octets] ##########
 
 
 
 
and THANK YOU. My laptop is not lagging anymore and the start up time is back to normal 2-5 rather than like 30 seconds it was taking with the malware!


#8 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 04 October 2014 - 06:12 AM

Hello, ReaImage 13.

 

Thank you for the log. Many problem items have been deleted, and I am glad to hear your computer is running much better.  We need to work through a few more issues in order to secure your system.

 

P2P Program

 

I see you have P2P software (uTorrent)  installed on your machine.  We are not here to pass judgment on file-sharing as a concept.  However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections.  It likely contributed to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe.  You will be sharing files from uncertified sources, and these are often infected.  The bad guys use P2P filesharing as a major conduit to spread their wares.  Please see this topic for more information:  Perils of P2P File Sharing.

 

I would strongly recommend that you uninstall this now. You can do so via Control Panel > Programs and Features.

 

Please rerun the following scan

 

Farbar Recovery Scan Tool (FRST)

 

When complete, please copy and paste the following logs into your next reply.  Be sure to check Additions in order to generate the Addition.txt log.

  •     FRST.txt
  •     Addition.txt


 



#9 Realmage13

Realmage13

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 04 October 2014 - 06:56 PM

Hey, I just noticed that malware bytes also poped up and showed there's still more malware. I'll attach that log here as well! Also, I checked my programs and features and noticed utorrent is not there. I think I might have uninstalled it after the viruses. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01
Ran by Owner (administrator) on OWNER-PC on 04-10-2014 20:50:16
Running from C:\Users\Owner\Downloads
Loaded Profile: Owner (Available profiles: Owner & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Owner\AppData\Local\Viber\Viber.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\nacl64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-31] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3370461647-3336877132-2924935656-1001\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-29] (Google Inc.)
HKU\S-1-5-21-3370461647-3336877132-2924935656-1001\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
HKU\S-1-5-21-3370461647-3336877132-2924935656-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3370461647-3336877132-2924935656-1001\...\Run: [Viber] => C:\Users\Owner\AppData\Local\Viber\Viber.exe [936656 2014-07-24] ()
HKU\S-1-5-21-3370461647-3336877132-2924935656-1001\...\MountPoints2: {ab53ba1c-30a4-11e4-be6e-6c71d92c06f8} - "G:\SETUP.EXE" 
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Owner\AppData\Roaming\TornTV.com\Torntv Downloader.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ca.msn.com/...CA&dcc=CA&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC11EB3B0DDBCCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-31]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-27]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-27]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-27]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-27]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-27]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-27]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-27]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-27]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-31] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 trntv; C:\Users\Owner\AppData\Roaming\TornTV.com\TornTVSvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-31] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 20:50 - 2014-10-04 20:50 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion
2014-10-04 20:44 - 2014-10-04 20:44 - 00002765 _____ () C:\Users\Owner\Desktop\malwareNew.txt
2014-10-03 13:15 - 2014-10-03 13:15 - 00456301 _____ () C:\Users\Owner\Downloads\ECON 1P91 Tuorial 21.zip
2014-10-03 09:50 - 2014-10-03 09:50 - 00006434 _____ () C:\Users\Owner\Desktop\malware.txt
2014-10-03 09:31 - 2014-10-04 00:11 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 09:30 - 2014-10-03 09:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-03 09:30 - 2014-10-03 09:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-03 09:30 - 2014-10-03 09:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-03 09:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-03 09:30 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-03 09:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-03 09:29 - 2014-10-03 09:29 - 00001885 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-10-03 09:26 - 2014-10-03 09:26 - 01702068 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-10-03 09:26 - 2014-10-03 09:26 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-03 09:25 - 2014-10-03 09:25 - 00004954 _____ () C:\Users\Owner\Desktop\AdwCleaner[R0].txt
2014-10-03 09:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-10-03 09:22 - 2014-10-03 15:41 - 00000000 ____D () C:\AdwCleaner
2014-10-03 09:21 - 2014-10-03 09:21 - 01375089 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-10-02 22:12 - 2014-10-02 22:12 - 01293312 _____ () C:\Users\Owner\Downloads\Ch01-9e-lecture.ppt
2014-10-02 19:18 - 2014-10-02 19:18 - 01135948 _____ () C:\Users\Owner\Downloads\ch01_ppt_busn2ce.pptx
2014-10-02 19:16 - 2014-10-02 19:17 - 38157960 _____ (Amazon.com) C:\Users\Owner\Downloads\KindleForPC-installer.exe
2014-10-02 17:46 - 2014-10-02 17:46 - 00316416 _____ () C:\Users\Owner\Downloads\lectur8.ppt
2014-10-02 14:30 - 2014-10-02 14:30 - 05185536 _____ (AVAST Software) C:\Users\Owner\Downloads\aswMBR.exe
2014-10-02 14:30 - 2014-10-02 14:30 - 00854417 _____ () C:\Users\Owner\Downloads\SecurityCheck.exe
2014-10-02 14:29 - 2014-10-02 14:45 - 00000000 ____D () C:\Users\Owner\Desktop\Virus Clearing
2014-10-01 22:42 - 2014-10-02 14:29 - 00048953 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-10-01 22:41 - 2014-10-04 20:50 - 00020473 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-10-01 22:40 - 2014-10-04 20:50 - 02109440 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-10-01 22:40 - 2014-10-04 20:50 - 00000000 ____D () C:\FRST
2014-10-01 22:35 - 2014-10-01 22:35 - 10552296 _____ (Akamai Technologies, Inc.) C:\Users\Owner\Downloads\AsusInstaller (2).exe
2014-10-01 13:53 - 2014-10-01 13:53 - 03766408 _____ (http://yourfiledownloader.net) C:\Users\Owner\Downloads\Iggy_Azalea_Ft_Rita_Ora_-_Black_Widow_(Radio_Edit)_downloader.exe
2014-10-01 10:47 - 2014-10-01 10:47 - 00691200 _____ () C:\Users\Owner\Downloads\stat12t_0304.ppt
2014-10-01 10:47 - 2014-10-01 10:47 - 00553984 _____ () C:\Users\Owner\Downloads\stat12t_0302.ppt
2014-10-01 10:47 - 2014-10-01 10:47 - 00386560 _____ () C:\Users\Owner\Downloads\stat12t_0303.ppt
2014-10-01 10:47 - 2014-10-01 10:47 - 00223232 _____ () C:\Users\Owner\Downloads\stat12t_0301.ppt
2014-10-01 00:16 - 2014-10-01 00:16 - 10552296 _____ (Akamai Technologies, Inc.) C:\Users\Owner\Downloads\AsusInstaller (1).exe
2014-10-01 00:07 - 2014-10-01 00:07 - 10618134 _____ () C:\Users\Owner\Downloads\ATKPackage_Win7_64_Z100020.zip
2014-09-29 13:54 - 2014-09-29 13:54 - 31766208 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\Windows-KB890830-x64-V5.16.exe
2014-09-29 13:47 - 2014-09-29 13:48 - 122008832 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\msert (2).exe
2014-09-29 13:46 - 2014-09-29 13:46 - 00671408 _____ () C:\Users\Owner\Downloads\msert (1).exe
2014-09-29 13:44 - 2014-09-29 13:44 - 108003328 _____ () C:\Users\Owner\Downloads\msert.exe
2014-09-29 12:50 - 2014-09-29 12:50 - 00627504 _____ (ClickMeIn Limited) C:\Users\Owner\AppData\Local\nsq494C.tmp
2014-09-29 12:10 - 2014-09-29 12:10 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-09-29 12:09 - 2014-10-04 00:14 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001UA.job
2014-09-29 12:09 - 2014-10-03 12:14 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001Core.job
2014-09-29 12:09 - 2014-09-29 12:09 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001UA
2014-09-29 12:09 - 2014-09-29 12:09 - 00003492 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001Core
2014-09-29 12:08 - 2014-09-29 12:08 - 00895120 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleVoiceAndVideoSetup.exe
2014-09-29 11:45 - 2014-09-29 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Annotator
2014-09-29 11:44 - 2014-09-29 11:45 - 00000000 ____D () C:\Program Files (x86)\PDF Annotator
2014-09-29 11:44 - 2014-09-29 11:44 - 26674688 _____ (GRAHL software design ) C:\Users\Owner\Downloads\PDFAnnotatorSetup (3).exe
2014-09-29 11:36 - 2014-09-29 11:36 - 27844128 _____ (GRAHL software design ) C:\Users\Owner\Downloads\PDFAnnotatorSetup (2).exe
2014-09-29 11:36 - 2014-09-29 11:36 - 27844128 _____ (GRAHL software design ) C:\Users\Owner\Downloads\PDFAnnotatorSetup (1).exe
2014-09-29 11:32 - 2014-09-29 11:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\deskPDF Editor
2014-09-29 11:32 - 2014-09-29 11:32 - 00000961 _____ () C:\WINDOWS\deskinst.log
2014-09-29 11:32 - 2013-08-12 11:29 - 00081608 _____ () C:\WINDOWS\system32\ddcvt4.exe
2014-09-29 11:32 - 2013-08-12 11:28 - 00057032 _____ () C:\WINDOWS\system32\desksc.exe
2014-09-29 11:32 - 2013-06-17 17:40 - 00035944 _____ () C:\WINDOWS\system32\ddmon4-64x.dll
2014-09-29 11:30 - 2014-09-29 11:30 - 00370632 _____ ( ) C:\Users\Owner\Downloads\deskPDFStudio-X-WebInstaller_4002.exe
2014-09-29 11:29 - 2014-09-29 11:30 - 27844128 _____ (GRAHL software design ) C:\Users\Owner\Downloads\PDFAnnotatorSetup.exe
2014-09-28 16:09 - 2014-09-28 16:10 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apple Computer
2014-09-28 16:09 - 2014-09-28 16:09 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-28 16:09 - 2014-09-28 16:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple Computer
2014-09-28 16:09 - 2014-09-28 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-28 16:09 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-09-28 16:08 - 2014-09-28 16:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-28 16:08 - 2014-09-28 16:09 - 00000000 ____D () C:\Program Files\iTunes
2014-09-28 16:08 - 2014-09-28 16:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-28 16:08 - 2014-09-28 16:08 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-28 16:08 - 2014-09-28 16:08 - 00000000 ____D () C:\Program Files\iPod
2014-09-28 15:58 - 2014-09-28 15:58 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-28 15:58 - 2014-09-28 15:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple
2014-09-28 15:57 - 2014-09-28 15:58 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-28 15:57 - 2014-09-28 15:57 - 43118643 _____ () C:\Users\Owner\Downloads\MATH1P98 S4 Written notes 140925 by Nathaniel.rar
2014-09-28 15:57 - 2014-09-28 15:57 - 00000000 ____D () C:\ProgramData\Apple
2014-09-28 15:57 - 2014-09-28 15:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-28 15:57 - 2014-09-28 15:57 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-28 15:57 - 2014-09-28 15:57 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-28 15:54 - 2014-09-28 15:55 - 112794960 _____ (Apple Inc.) C:\Users\Owner\Downloads\iTunes64Setup.exe
2014-09-28 00:45 - 2014-09-28 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-27 21:48 - 2014-09-27 21:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\WinRAR
2014-09-27 21:48 - 2013-06-07 20:41 - 21622005 _____ () C:\Users\Owner\Desktop\Final.rar
2014-09-27 21:47 - 2014-09-27 21:47 - 01922688 _____ () C:\Users\Owner\Downloads\winrar-x64-511.exe
2014-09-27 21:47 - 2014-09-27 21:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-27 21:47 - 2014-09-27 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-27 21:47 - 2014-09-27 21:47 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-27 21:44 - 2014-09-27 21:45 - 21626994 _____ () C:\Users\Owner\Downloads\re_ astr 1p01 test.zip
2014-09-27 18:07 - 2014-10-02 17:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-09-27 18:07 - 2014-09-27 18:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-09-27 18:06 - 2014-09-27 18:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Avery
2014-09-27 18:00 - 2014-09-27 18:02 - 113017552 _____ (Avery Dennison Corp.) C:\Users\Owner\Downloads\Avery Wizard 5.0_20140331.exe
2014-09-27 17:58 - 2014-09-27 17:58 - 01035696 _____ (Ask.com) C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_.exe
2014-09-27 17:58 - 2014-09-27 17:58 - 01035696 _____ (Ask.com) C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_ (2).exe
2014-09-27 17:58 - 2014-09-27 17:58 - 01035696 _____ (Ask.com) C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_ (1).exe
2014-09-27 17:51 - 2014-09-27 17:51 - 00358176 _____ (3M Company ) C:\Users\Owner\Downloads\3M_MSO2010_Update.exe
2014-09-27 12:29 - 2013-09-09 14:54 - 00833752 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2014-09-27 12:29 - 2013-09-09 14:54 - 00074456 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2014-09-27 12:27 - 2014-09-27 12:27 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2014-09-27 12:26 - 2014-09-27 12:26 - 00000000 ____D () C:\WINDOWS\Options
2014-09-27 12:26 - 2014-09-27 12:26 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-09-27 12:26 - 2013-08-27 23:42 - 00086035 ____N () C:\WINDOWS\system32\athwbx.cat
2014-09-27 12:26 - 2013-08-15 20:13 - 03859968 ____N (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2014-09-27 12:26 - 2013-08-15 20:13 - 03859968 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
2014-09-27 12:23 - 2014-10-01 22:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\Akamai
2014-09-27 12:23 - 2014-09-27 12:23 - 10552296 _____ (Akamai Technologies, Inc.) C:\Users\Owner\Downloads\AsusInstaller.exe
2014-09-27 12:14 - 2014-09-27 12:14 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Owner\Downloads\setup (2).exe
2014-09-27 12:14 - 2014-09-27 12:14 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Owner\Downloads\setup (1).exe
2014-09-27 12:14 - 2014-09-27 12:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\DriverTuner
2014-09-27 11:57 - 2014-10-03 16:15 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-27 11:57 - 2014-09-27 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-18 00:37 - 2014-10-03 16:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ViberPC
2014-09-18 00:37 - 2014-09-18 00:37 - 00001078 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2014-09-18 00:37 - 2014-09-18 00:37 - 00001070 _____ () C:\Users\Owner\Desktop\Viber.lnk
2014-09-18 00:36 - 2014-10-03 16:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\Viber
2014-09-15 15:36 - 2014-09-29 11:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\PDF Annotator
2014-09-15 15:36 - 2014-09-15 15:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Softland
2014-09-15 13:59 - 2014-09-15 13:59 - 00010621 _____ () C:\Users\Owner\Documents\Book1.xlsx
2014-09-14 21:13 - 2014-08-23 03:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-14 21:13 - 2014-08-23 03:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-14 21:13 - 2014-08-23 00:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-14 21:13 - 2014-08-23 00:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-14 21:13 - 2014-08-23 00:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-14 21:13 - 2014-07-29 21:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-14 21:13 - 2014-07-29 01:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-14 21:12 - 2014-08-23 02:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-14 21:12 - 2014-08-23 01:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-14 21:12 - 2014-08-23 00:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-14 21:12 - 2014-08-23 00:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-14 21:12 - 2014-07-24 11:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-14 21:12 - 2014-07-24 11:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-14 21:12 - 2014-07-24 11:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-14 21:12 - 2014-07-24 11:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-09-14 21:12 - 2014-07-24 11:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-09-14 21:12 - 2014-07-24 11:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-14 21:12 - 2014-07-24 11:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-09-14 21:12 - 2014-07-24 11:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-14 21:12 - 2014-07-24 11:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-14 21:12 - 2014-07-24 11:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-14 21:12 - 2014-07-24 11:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-14 21:12 - 2014-07-24 11:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-09-14 21:12 - 2014-07-24 11:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-09-14 21:12 - 2014-07-24 11:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-14 21:12 - 2014-07-24 11:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-14 21:12 - 2014-07-24 11:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-09-14 21:12 - 2014-07-24 11:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-09-14 21:12 - 2014-07-24 11:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-09-14 21:12 - 2014-07-24 11:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-09-14 21:12 - 2014-07-24 11:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-14 21:12 - 2014-07-24 11:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-14 21:12 - 2014-07-24 11:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-09-14 21:12 - 2014-07-24 11:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-14 21:12 - 2014-07-24 11:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-09-14 21:12 - 2014-07-24 11:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-09-14 21:12 - 2014-07-24 10:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-14 21:12 - 2014-07-24 10:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-09-14 21:12 - 2014-07-24 09:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-14 21:12 - 2014-07-24 09:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-09-14 21:12 - 2014-07-24 09:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-09-14 21:12 - 2014-07-24 09:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-14 21:12 - 2014-07-24 09:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-14 21:12 - 2014-07-24 09:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-14 21:12 - 2014-07-24 09:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-14 21:12 - 2014-07-24 09:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-09-14 21:12 - 2014-07-24 09:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-14 21:12 - 2014-07-24 09:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-09-14 21:12 - 2014-07-24 07:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-09-14 21:12 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-09-14 21:12 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-09-14 21:12 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-09-14 21:12 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-09-14 21:12 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-09-14 21:12 - 2014-07-24 07:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-09-14 21:12 - 2014-07-24 07:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-09-14 21:12 - 2014-07-24 07:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-14 21:12 - 2014-07-24 07:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-14 21:12 - 2014-07-24 07:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-14 21:12 - 2014-07-24 07:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-09-14 21:12 - 2014-07-24 07:42 - 01200640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-09-14 21:12 - 2014-07-24 07:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-14 21:12 - 2014-07-24 07:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-09-14 21:12 - 2014-07-24 07:41 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2014-09-14 21:12 - 2014-07-24 07:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-09-14 21:12 - 2014-07-24 07:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-14 21:12 - 2014-07-24 07:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-14 21:12 - 2014-07-24 07:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2014-09-14 21:12 - 2014-07-24 07:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-09-14 21:12 - 2014-07-24 07:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-09-14 21:12 - 2014-07-24 07:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-14 21:12 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-09-14 21:12 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-09-14 21:12 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-09-14 21:12 - 2014-07-24 06:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-09-14 21:12 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-09-14 21:12 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-09-14 21:12 - 2014-07-24 06:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-09-14 21:12 - 2014-07-24 06:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-09-14 21:12 - 2014-07-24 06:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-14 21:12 - 2014-07-24 06:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-09-14 21:12 - 2014-07-24 06:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-09-14 21:12 - 2014-07-24 06:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-09-14 21:12 - 2014-07-24 06:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-09-14 21:12 - 2014-07-24 06:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-14 21:12 - 2014-07-24 06:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-14 21:12 - 2014-07-24 06:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-14 21:12 - 2014-07-24 06:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-09-14 21:12 - 2014-07-24 06:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-14 21:12 - 2014-07-24 06:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-09-14 21:12 - 2014-07-24 06:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-14 21:12 - 2014-07-24 05:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2014-09-14 21:12 - 2014-07-24 05:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-09-14 21:12 - 2014-07-24 05:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-14 21:12 - 2014-07-24 05:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-09-14 21:12 - 2014-07-24 05:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-09-14 21:12 - 2014-07-24 05:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-14 21:12 - 2014-07-24 05:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-09-14 21:12 - 2014-07-24 05:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-09-14 21:12 - 2014-07-24 05:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-14 21:12 - 2014-07-24 05:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-14 21:12 - 2014-07-24 05:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-09-14 21:12 - 2014-07-24 05:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-14 21:12 - 2014-07-24 05:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-09-14 21:12 - 2014-07-24 05:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-09-14 21:12 - 2014-07-24 05:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-09-14 21:12 - 2014-07-24 05:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-14 21:12 - 2014-07-24 05:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-14 21:12 - 2014-07-24 05:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-09-14 21:12 - 2014-07-24 05:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-09-14 21:12 - 2014-07-24 05:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-09-14 21:12 - 2014-07-24 05:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-09-14 21:12 - 2014-07-24 05:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-09-14 21:12 - 2014-07-24 05:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-14 21:12 - 2014-07-24 05:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-09-14 21:12 - 2014-07-24 05:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-09-14 21:12 - 2014-07-24 05:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-14 21:12 - 2014-07-24 05:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-14 21:12 - 2014-07-24 04:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-09-14 21:12 - 2014-07-24 04:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-14 21:12 - 2014-07-24 04:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-14 21:12 - 2014-07-24 04:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-09-14 21:12 - 2014-07-24 04:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-14 21:12 - 2014-07-24 04:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-14 21:12 - 2014-07-24 04:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-14 21:12 - 2014-07-24 04:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-09-14 21:12 - 2014-07-24 04:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-09-14 21:12 - 2014-07-24 04:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-09-14 21:12 - 2014-07-24 04:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-09-14 21:12 - 2014-07-24 04:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-14 21:12 - 2014-07-24 04:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-09-14 21:12 - 2014-07-24 04:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-14 21:12 - 2014-07-24 04:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-14 21:12 - 2014-07-24 04:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-14 21:12 - 2014-07-24 04:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-09-14 21:12 - 2014-07-24 04:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-14 21:12 - 2014-07-24 04:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 21:12 - 2014-07-24 04:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-09-14 21:12 - 2014-07-24 04:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-14 21:12 - 2014-07-24 04:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-14 21:12 - 2014-07-24 04:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-14 21:12 - 2014-07-24 04:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2014-09-14 21:12 - 2014-07-24 04:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-14 21:12 - 2014-07-24 04:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-09-14 21:12 - 2014-07-24 04:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-09-14 21:12 - 2014-07-24 04:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-14 21:12 - 2014-07-24 04:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-09-14 21:12 - 2014-07-24 04:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-09-14 21:12 - 2014-07-24 04:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-14 21:12 - 2014-07-24 04:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-09-14 21:12 - 2014-07-24 04:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-09-14 21:12 - 2014-07-24 04:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-09-14 21:12 - 2014-07-24 04:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 21:12 - 2014-07-24 04:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-14 21:12 - 2014-07-24 04:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-14 21:12 - 2014-07-24 04:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-14 21:12 - 2014-07-24 04:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-14 21:12 - 2014-07-24 04:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-09-14 21:12 - 2014-07-24 04:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-09-14 21:12 - 2014-07-24 04:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-14 21:12 - 2014-07-24 04:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-14 21:12 - 2014-07-24 04:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-09-14 21:12 - 2014-07-24 04:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-14 21:12 - 2014-07-24 04:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-14 21:12 - 2014-07-24 04:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-14 21:12 - 2014-07-24 04:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-09-14 21:12 - 2014-07-24 04:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-14 21:12 - 2014-07-24 04:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-14 21:12 - 2014-07-24 03:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-09-14 21:12 - 2014-07-24 03:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-09-14 21:12 - 2014-07-24 03:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-09-14 21:12 - 2014-07-24 03:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-09-14 21:12 - 2014-07-24 03:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-14 21:12 - 2014-07-24 03:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2014-09-14 21:12 - 2014-07-24 03:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-09-14 21:12 - 2014-07-24 03:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-14 21:12 - 2014-07-24 03:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-09-14 21:12 - 2014-07-24 03:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-14 21:12 - 2014-07-24 03:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-14 21:12 - 2014-07-24 03:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-09-14 21:12 - 2014-07-24 03:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-09-14 21:12 - 2014-07-24 03:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-14 21:12 - 2014-07-24 03:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-14 21:12 - 2014-07-24 03:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-14 21:12 - 2014-07-24 03:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-14 21:12 - 2014-07-24 03:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-14 21:12 - 2014-07-24 03:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-14 21:12 - 2014-07-24 00:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-09-14 21:12 - 2014-07-24 00:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-09-14 21:12 - 2014-07-12 01:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-09-14 21:12 - 2014-07-12 01:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-14 21:12 - 2014-07-12 00:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-09-14 21:12 - 2014-07-12 00:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-14 21:12 - 2014-07-12 00:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-14 21:12 - 2014-07-09 19:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-14 21:12 - 2014-07-04 08:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-09-14 21:12 - 2014-07-04 06:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-09-14 21:12 - 2014-07-04 06:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-14 21:12 - 2014-07-04 06:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-09-14 21:12 - 2014-07-04 06:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-14 21:12 - 2014-07-04 05:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-09-14 21:12 - 2014-07-04 05:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-09-14 21:12 - 2014-06-27 02:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-14 21:12 - 2014-06-25 20:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-14 21:12 - 2014-06-25 20:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-09-14 21:12 - 2014-06-19 19:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-14 21:12 - 2014-06-18 22:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-14 21:12 - 2014-06-14 02:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-09-14 21:12 - 2014-06-14 01:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-09-14 21:12 - 2014-06-07 08:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-14 21:12 - 2014-06-07 06:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-14 21:12 - 2014-06-05 10:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-09-14 21:12 - 2014-06-05 06:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-14 21:12 - 2014-06-05 05:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-14 21:12 - 2014-05-31 01:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-09-14 21:12 - 2014-05-31 00:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-09-14 21:12 - 2014-05-29 02:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-14 21:12 - 2014-05-29 01:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-14 21:12 - 2014-05-29 01:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-09-14 21:12 - 2014-05-29 00:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-09-14 21:12 - 2014-05-26 03:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-09-14 21:12 - 2014-05-10 06:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-09-14 21:12 - 2014-05-10 04:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-09-14 21:12 - 2014-05-06 00:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-14 21:12 - 2014-05-05 20:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-14 21:12 - 2014-03-24 22:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-09-14 21:12 - 2014-03-24 22:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-09-14 21:12 - 2014-03-24 21:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-09-14 21:12 - 2014-03-24 21:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-09-14 21:06 - 2014-08-14 20:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-14 14:16 - 2014-09-14 14:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2014-09-14 14:16 - 2014-09-14 14:16 - 00000000 ____D () C:\ProgramData\Samsung
2014-09-14 14:16 - 2014-09-14 14:16 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-09-14 14:16 - 2014-05-22 09:22 - 02738496 ____N () C:\WINDOWS\TotalUninstaller.exe
2014-09-14 14:12 - 2014-07-03 00:07 - 00000357 _____ () C:\WINDOWS\system32\usp01l.smt
2014-09-14 14:12 - 2014-04-16 04:22 - 00029184 _____ () C:\WINDOWS\system32\usp01l.dll
2014-09-14 14:12 - 2013-05-10 05:48 - 00162136 _____ () C:\WINDOWS\system32\usp01ci.exe
2014-09-14 14:12 - 2010-10-20 04:46 - 00089600 _____ (SS) C:\WINDOWS\system32\usp01ci.dll
2014-09-14 02:17 - 2014-09-14 02:17 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-09-14 02:17 - 2014-09-14 02:17 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-09-12 21:17 - 2014-09-12 21:17 - 00001917 _____ () C:\Users\Public\Desktop\XLSTAT 2014.lnk
2014-09-12 21:17 - 2014-09-12 21:17 - 00000000 __HDC () C:\ProgramData\{AFFFFE8C-B56A-4E3C-A174-4FBD3E4DA650}
2014-09-12 21:17 - 2014-09-12 21:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ADDINSOFT
2014-09-12 21:17 - 2014-09-12 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Addinsoft
2014-09-12 21:17 - 2014-09-12 21:17 - 00000000 ____D () C:\Program Files\Addinsoft
2014-09-12 11:46 - 2014-08-15 22:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-12 11:46 - 2014-08-15 22:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-12 11:46 - 2014-08-15 22:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-12 11:46 - 2014-08-15 22:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-12 11:46 - 2014-08-15 21:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-12 11:46 - 2014-08-15 21:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-12 11:46 - 2014-08-15 21:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-12 11:46 - 2014-08-15 21:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-12 11:46 - 2014-08-15 21:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-12 11:46 - 2014-08-15 21:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-12 11:46 - 2014-08-15 21:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-12 11:46 - 2014-08-15 21:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-12 11:46 - 2014-08-15 21:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-12 11:46 - 2014-08-15 21:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-12 11:46 - 2014-08-15 21:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-12 11:46 - 2014-08-15 21:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-12 11:46 - 2014-08-15 21:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-12 11:46 - 2014-08-15 21:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-12 11:46 - 2014-08-15 21:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-12 11:46 - 2014-08-15 21:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-12 11:46 - 2014-08-15 21:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-12 11:46 - 2014-08-15 20:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 11:46 - 2014-08-15 20:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-12 11:46 - 2014-08-15 20:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-12 11:46 - 2014-08-15 20:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-12 11:46 - 2014-08-15 20:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-12 11:46 - 2014-08-15 20:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-12 11:46 - 2014-08-15 20:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-12 11:46 - 2014-08-15 20:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-12 11:46 - 2014-08-15 20:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-12 11:46 - 2014-08-15 20:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-12 11:46 - 2014-08-15 20:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-12 11:46 - 2014-08-15 20:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-12 11:46 - 2014-08-15 20:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-12 11:46 - 2014-08-15 20:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-12 11:46 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-12 11:46 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-12 01:12 - 2014-09-12 01:12 - 00000000 ____D () C:\0b955d72feda568d4b0d28c1
2014-09-11 23:11 - 2014-08-01 20:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-11 23:10 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-11 23:10 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-11 08:16 - 2014-09-11 08:16 - 00000295 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Homegroup.lnk
2014-09-10 04:19 - 2014-09-10 04:19 - 00013459 _____ () C:\Users\Owner\Documents\Stats pg 87, #15.xlsx
2014-09-09 01:27 - 2014-09-28 10:43 - 00000000 ___RD () C:\Users\Owner\Google Drive
2014-09-09 01:27 - 2014-09-09 01:27 - 00001697 _____ () C:\Users\Owner\Desktop\Google Drive.lnk
2014-09-09 01:22 - 2014-09-09 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-09-08 02:32 - 2014-09-27 13:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 20:31 - 2014-08-20 21:09 - 01292803 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-04 20:31 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-03 23:53 - 2014-08-22 23:48 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 16:48 - 2014-08-20 21:17 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3370461647-3336877132-2924935656-1001
2014-10-03 16:15 - 2014-09-03 05:46 - 00000000 __RDO () C:\Users\Owner\OneDrive
2014-10-03 16:15 - 2014-08-22 23:48 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 15:42 - 2014-08-20 21:01 - 00037624 _____ () C:\WINDOWS\PFRO.log
2014-10-03 15:42 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-03 15:42 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-03 15:24 - 2014-09-03 05:46 - 00004956 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Owner-PC-Owner Owner-PC
2014-10-03 09:59 - 2014-08-20 21:12 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-03 09:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-02 20:39 - 2014-08-20 20:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-10-02 02:17 - 2014-08-24 01:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-10-01 01:14 - 2014-08-20 21:04 - 00000000 ____D () C:\Users\Owner
2014-09-29 21:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-29 12:10 - 2014-08-22 23:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-28 00:46 - 2014-08-24 01:07 - 00000000 ____D () C:\ProgramData\Skype
2014-09-28 00:45 - 2014-08-24 01:07 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-28 00:45 - 2014-08-24 01:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-27 17:33 - 2014-08-31 19:12 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-09-27 16:23 - 2014-08-31 18:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
2014-09-27 12:29 - 2014-08-20 21:45 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-27 11:57 - 2014-08-22 23:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-24 14:26 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-23 18:34 - 2013-08-22 10:44 - 00481832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-23 17:26 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-21 16:15 - 2013-08-22 10:46 - 00292986 _____ () C:\WINDOWS\setupact.log
2014-09-19 23:49 - 2014-09-02 03:40 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Skype
2014-09-16 20:58 - 2013-08-22 15:11 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-09-16 20:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-09-16 20:58 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-16 13:38 - 2014-09-02 03:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-09-16 11:29 - 2014-09-02 03:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-09-16 11:29 - 2014-09-02 03:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-15 18:18 - 2014-08-30 20:06 - 00000000 ____D () C:\Users\Owner\Desktop\Important Docs
2014-09-15 14:15 - 2014-08-31 18:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 14:14 - 2014-08-31 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-14 14:28 - 2014-08-27 04:08 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-09-13 16:39 - 2014-09-03 06:07 - 00000000 ____D () C:\Users\Owner\Desktop\Fall 2014
2014-09-12 21:17 - 2013-08-22 09:25 - 00000204 _____ () C:\WINDOWS\win.ini
2014-09-12 11:47 - 2014-08-22 23:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-12 11:47 - 2014-08-22 23:34 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-12 11:47 - 2014-08-22 23:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-12 11:46 - 2014-08-22 23:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-12 11:46 - 2014-08-22 23:34 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-12 11:46 - 2014-08-22 23:34 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-12 11:46 - 2014-08-22 23:34 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-12 11:46 - 2014-08-22 23:34 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-12 11:46 - 2014-08-22 23:34 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-12 11:46 - 2014-08-22 23:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-12 11:46 - 2014-08-22 23:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-12 11:46 - 2014-08-22 23:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-12 11:46 - 2014-08-22 23:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-12 11:46 - 2014-08-22 23:34 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-12 01:15 - 2014-08-30 12:51 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-09-12 01:12 - 2014-08-23 21:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 04:56 - 2014-08-20 20:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-09-09 01:18 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-09-04 10:52 - 2014-08-30 20:14 - 00003096 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3370461647-3336877132-2924935656-1001
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\bitool.dll
C:\Users\Owner\AppData\Local\Temp\dlLogic.exe
C:\Users\Owner\AppData\Local\Temp\dltr.exe
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpen8r58.dll
C:\Users\Owner\AppData\Local\Temp\GCVerifier.dll
C:\Users\Owner\AppData\Local\Temp\optprosetup.exe
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\s2pc.exe
C:\Users\Owner\AppData\Local\Temp\s2rk.exe
C:\Users\Owner\AppData\Local\Temp\s5pg.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\verifier.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-28 11:50
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014 01
Ran by Owner at 2014-10-04 20:54:35
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3M Products Update version 2012-05 for Microsoft Office 2010 (HKLM-x32\...\{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1) (Version:  - 3M Company)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.9 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Avery Wizard 5.0 (HKLM\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9719DFA1-7CB0-422E-98AE-C77FD3426BE8}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nalpeiron Service Update to 7.3.5 (HKLM-x32\...\Nalpeiron Service Update to 7.3.5) (Version: 7.3.5 - Nalpeiron)
Nalpeiron Service Update to 7.3.5 (x32 Version: 7.3.5 - Nalpeiron) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Annotator 4.0.0.414 (HKLM-x32\...\PDFAnnotator_is1) (Version: 4.0.0.414 - GRAHL software design)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C675FC43-E413-49A7-B3DC-44967B4FE22D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3BE27413-9FFE-4AB1-9013-344E111E718F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Viber (HKCU\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XLSTAT 2014 (HKLM-x32\...\{68B36FA5-E276-4C03-A56C-EC25717E1668}) (Version: 16.4.09. - Addinsoft)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Avery\Avery Wizard 5.0\AvWizRes.dll (Avery Products Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3370461647-3336877132-2924935656-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
15-09-2014 18:12:43 Windows Update
23-09-2014 21:25:04 Windows Update
27-09-2014 16:29:17 Installed Realtek Ethernet Controller Driver
28-09-2014 19:58:01 Installed iTunes
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {025B148B-333D-4024-80A7-C83BE77F20D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {19E30186-4F2E-4A4D-84FD-8474C0F96D74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1F153926-24ED-4EE1-9814-41F543E3E3B4} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {3527C509-FE5B-44F1-81CC-9FAF72E5D277} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4013FF64-3ADC-44C8-9CEE-6B8178619E19} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {437FB8B6-D99F-4BA9-AB8C-2A4E003D9977} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4CA9D706-2C80-4D86-BF93-1C2DA372E58E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {67FD6561-11AB-4747-A52F-51FE50446573} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Owner-PC-Owner Owner-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7EB402B3-8F3B-41AE-8949-D2DCBFDE4C46} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A36E4749-D916-4CF8-B870-439AE9C86A96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-22] (Google Inc.)
Task: {AC0CF65E-33AA-4FC3-8641-F7B5D2CDFB3C} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {ACF7D1F0-76C2-4058-877D-6D02D6084B8A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {B67CF202-5870-444D-9273-7F5AD860B19A} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {B7F3342D-4217-4138-A92D-0DD67AA5A3A5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-31] (AVAST Software)
Task: {CD77CBCB-0BB1-42C4-A03B-B1B147859721} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3370461647-3336877132-2924935656-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E5ACD06D-337D-42D8-A4F3-F07B94B704C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-22] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F4A7C1BF-FC7E-4866-9D04-2E6FE41A2F59} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3370461647-3336877132-2924935656-1001UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-29 11:32 - 2013-06-17 17:40 - 00035944 _____ () C:\WINDOWS\system32\ddmon4-64x.dll
2009-08-03 07:48 - 2009-08-03 07:48 - 00027648 _____ () C:\WINDOWS\System32\sso1ml6.dll
2014-09-14 14:12 - 2014-04-16 04:22 - 00029184 _____ () C:\WINDOWS\System32\usp01l.dll
2014-07-27 14:41 - 2014-07-27 14:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-01 16:02 - 2013-10-01 16:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-18 00:37 - 2014-07-24 13:40 - 00936656 _____ () C:\Users\Owner\AppData\Local\Viber\Viber.exe
2014-08-31 19:11 - 2014-08-31 19:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-03 09:54 - 2014-10-03 09:54 - 02858496 _____ () C:\Program Files\AVAST Software\Avast\defs\14100300\algo.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-21 00:13 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-07-27 14:41 - 2014-07-27 14:41 - 08892576 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 43532288 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\libViber.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00770048 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\libGLESv2.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00098304 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\qfacebook.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00172032 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\libexif.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00049152 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\libEGL.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00876544 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\platforms\qwindows.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00024576 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qgif.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00024576 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qico.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00204800 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qjpeg.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00221184 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qmng.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00016384 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qsvg.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00016384 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qtga.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00311296 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qtiff.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00016384 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\imageformats\qwbmp.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00638976 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\sqldrivers\qsqlite.dll
2014-09-18 00:39 - 2014-09-18 00:39 - 00032768 _____ () C:\Users\Owner\AppData\Local\Viber\4.3.0.1453\iconengines\qsvgicon.dll
2014-09-27 11:57 - 2014-09-23 00:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-27 11:57 - 2014-09-23 00:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-27 11:57 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-27 11:57 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-27 11:57 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-08-31 19:11 - 2014-08-31 19:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-27 11:57 - 2014-09-23 00:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Owner\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKCU\...\StartupApproved\StartupFolder: => "TornTvDownloader.lnk"
HKCU\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKCU\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKCU\...\StartupApproved\Run: => "TornTv Downloader"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3370461647-3336877132-2924935656-500 - Administrator - Disabled)
Guest (S-1-5-21-3370461647-3336877132-2924935656-501 - Limited - Enabled) => C:\Users\Guest
Owner (S-1-5-21-3370461647-3336877132-2924935656-1001 - Administrator - Enabled) => C:\Users\Owner
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/04/2014 08:41:52 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
 
Error: (10/04/2014 00:25:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1062
 
Error: (10/04/2014 00:25:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1062
 
Error: (10/04/2014 00:25:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 11:25:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 35047
 
Error: (10/03/2014 11:25:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 35047
 
Error: (10/03/2014 11:25:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 11:24:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8141
 
Error: (10/03/2014 11:24:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8141
 
Error: (10/03/2014 11:24:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (10/03/2014 03:42:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Torntv Downloader service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (10/04/2014 08:41:52 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
 
Error: (10/04/2014 00:25:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1062
 
Error: (10/04/2014 00:25:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1062
 
Error: (10/04/2014 00:25:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 11:25:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 35047
 
Error: (10/03/2014 11:25:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 35047
 
Error: (10/03/2014 11:25:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 11:24:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8141
 
Error: (10/03/2014 11:24:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8141
 
Error: (10/03/2014 11:24:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-31 19:11:05.611
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.545
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.474
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.340
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.275
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.210
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.146
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:05.077
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-08-31 19:11:00.106
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 28%
Total physical RAM: 8077.53 MB
Available physical RAM: 5783.29 MB
Total Pagefile: 9357.53 MB
Available Pagefile: 6378.8 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:687.03 GB) (Free:644.21 GB) NTFS
Drive e: (DATA) (Fixed) (Total:244.14 GB) (Free:235.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 98629B49)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=687 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Malwarebytes
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/4/2014
Scan Time: 8:31:51 PM
Logfile: malwareNew.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.04.04
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354839
Time Elapsed: 11 min, 35 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, , [8034c54b621ae84e6f19296a778b33cd], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, , [8034c54b621ae84e6f19296a778b33cd], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 13
PUP.Optional.Multiplug, C:\Users\Owner\AppData\Local\Temp\s5pg.exe, , [8034c54b621ae84e6f19296a778b33cd], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\verifier.exe, , [b8fc21ef84f847ef24c2a79b936d8878], 
PUP.Optional.Multiplug, C:\Users\Owner\AppData\Local\Temp\s2pc.exe, , [8c28010f730961d5e1ae9228956cd52b], 
PUP.Optional.Multiplug, C:\Users\Owner\AppData\Local\Temp\s2rk.exe, , [caea8c841963ee48e8a7932705fc0cf4], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\GCVerifier.dll, , [981c38d8a0dc55e1cf15024048b8f709], 
PUP.Optional.Somoto, C:\Users\Owner\AppData\Local\Temp\bitool.dll, , [cce81bf579037eb8a90cc4a00bf7da26], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\dlLogic.exe, , [3b796ca493e9b3830dd8093920e0c63a], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\dltr.exe, , [f3c1967a601c1e180dd989b9fc041be5], 
PUP.Optional.Somoto, C:\Users\Owner\AppData\Local\Temp\nsfC529.tmp, , [10a4c44c9be1f145ea13802caf52e31d], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\nsu8414.tmp\embededstub.exe, , [e5cf34dccab24ee8f5f0043ea65ac63a], 
PUP.Optional.OpenCandy, C:\Users\Owner\Downloads\DTLite4491-0356.exe, , [e5cf060ac5b72c0a1a0240f82bdaa65a], 
Trojan.Agent.ED, C:\Users\Owner\Downloads\ATKPackage_Win7_64_Z100020.zip, , [d2e2040cafcd15219ef522a817ea16ea], 
PUP.Optional.TornTV.A, C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk, , [9b195eb2dd9f7abc29bbd836e91ac838], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 05 October 2014 - 06:46 PM

Hello, ReaImage 13.  Thank you for your logs.
 
Please run the following Fix
 
Please open Notepad:  Press the Windows key + r (Win Key + r) > Type Notepad > Click OK.

  • Copy and paste the entire contents of the code box below:  To do this, highlight the contents of the box, right click on it, and select Copy > Right-click in the open Notepad and select Paste.
  • Save this to the same directory you saved FRST / FRST64 > Save it as fixlist.txt.

Note:  In order for the fix to work, fixlist.txt must be placed next to FRST / FRST64.  You can use your mouse to drag it in place.
 

Start
CloseProcesses:

Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Owner\AppData\Roaming\TornTV.com\Torntv Downloader.exe (No File)
HKCU\...\StartupApproved\Run: => "TornTv Downloader"
2014-09-27 17:58 - 2014-09-27 17:58 - 01035696 _____ (Ask.com) C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_.exe
2014-09-27 17:58 - 2014-09-27 17:58 - 01035696 _____ (Ask.com) C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_ (2).exe
2014-09-27 17:58 - 2014-09-27 17:58 - 01035696 _____ (Ask.com) C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_ (1).exe
2014-09-08 02:32 - 2014-09-27 13:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent

Hosts:
EmptyTemp:
end

 
NOTICE: This script was written specifically for this user, for use on that particular machine.  Running this on another machine may cause damage to your operating system.

  • Run FRST / FRST64, press the Fix button once and wait.
  • When finished, the tool will generate a log on the Desktop (Fixlog.txt).  Please post it to your next reply.

    Advertisements

Register to Remove


#11 Realmage13

Realmage13

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 05 October 2014 - 08:02 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-10-2014 01
Ran by Owner at 2014-10-05 21:57:43 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CloseProcesses:
 
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Owner\AppData\Roaming\TornTV.com\Torntv Downloader.exe (No File)
HKCU\...\StartupApproved\Run: => "TornTv Downloader"
2014-09-27 17:58 - 2014-09-27 17:58 - 01035696 _____ (Ask.com) C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_.exe
2014-09-27 17:58 - 2014-09-27 17:58 - 01035696 _____ (Ask.com) C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_ (2).exe
2014-09-27 17:58 - 2014-09-27 17:58 - 01035696 _____ (Ask.com) C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_ (1).exe
2014-09-08 02:32 - 2014-09-27 13:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
 
Hosts:
EmptyTemp:
end
*****************
 
Processes closed successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk not found.
C:\Users\Owner\AppData\Roaming\TornTV.com\Torntv Downloader.exe not found.
HKCU\...\StartupApproved\Run: => "TornTv Downloader" => Error: No automatic fix found for this entry.
C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_.exe => Moved successfully.
C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_ (2).exe => Moved successfully.
C:\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_ (1).exe => Moved successfully.
C:\Users\Owner\AppData\Roaming\uTorrent => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 793.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#12 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 06 October 2014 - 11:31 AM

Hello, reaImage 13.  Thank you for the fixlog.  I would like you to check a few areas to ensure TornTV is not lingering anywhere. 
 
Please perform the following tasks
 
1.  Uninstall Unwanted Programs
 
To uninstall TornTV program(s):
Please open the Control Panel:  Press the Windows key + r (Win Key + r) > Type Control Panel > Click OK.

  • When the Control Panel window opens, click on Programs > Programs and Features.
  • Look through the list of programs for the one that you would like to uninstall, and then left-click on it once to highlight it.
  • Click on the Uninstall button.
  • When asked if you are sure you want to uninstall, click Yes.
  • The program will uninstall, and when completed you will be back at the list of programs installed on your computer.
  • Uninstall any other program(s) that you are no longer using.
  • When finished, close the Programs and Features screen.

2.  Remove Add-ons/Extensions from Browsers
 
If TornTV appears in any of your browsers, continue as follows:
 
For Internet Explorer:

  • Open Internet Explorer.
  • Click Tools > Manage Add-ons.
  • In the Manage Add-ons window, under Add-on Types (found on left side) highlight Toolbars and Extensions.
  • Under the Show: drop-down menu (found on left side) make sure All add-ons is selected.
  • Highlight the extension (TornTV ) you wish to remove, and select Disable.
  • The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
  • Click Close to exit the Manage Add-ons window.

For Firefox:

  • Open Firefox.
  • Click the menu button (3 bars icon) > Add-ons.
  • In the Add-ons window, select Extensions.
  • Click to highlight the extension (TornTV) you wish to remove and select Disable.  If you want to delete an extension entirely, click Remove.
  • The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
  • Exit the Add-ons Manager window, and restart Firefox to complete the process.

For Google Chrome

  • Open Google Chrome.
  • Click the menu button (3 bars icon).
  • Click Tools > Select Extensions to open the Options tab.
  • Uncheck Enabled to disable an extension, or click the trash can icon to remove the extension (TornTV)  completely. > Click Remove.

Please run the following scan
 
ESET Online Scanner


Note:

  • Disable any antivirus program and antispyware programs to avoid conflicts.
  • Run Eset with Internet Explorer, but if using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install.
  • Please do not surf the internet while your security programs are disabled.
  • Let the scan run uninterrupted to avoid a stall.
  • Remember to enable your security programs when the scan has finished.

Run ESET Online Scanner from HERE.

  •   Click the blue Run ESET Online Scanner button.
  •   Read the End User License Agreement and check the box YES, I accept the Terms of Use.
  •   Click on the Start button next to it.
  •   If prompted, allow the Add-On/Active X to install.

Under Computer scan settings:

  •   Do not check Remove found threats.
  •   Check Scan Archives.
  •   Click Advanced settings and select the following:
    •   Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    •  Enable Anti-Stealth technology
  •   Click Start. ESET will download updates, install itself, and begin scanning your computer. Please be patient  as this scan could take up to a few hours to complete.
  •   Wait for the scan to finish. When the scan completes, click List of found threats.
  •   Click Export and save the file to your desktop using a unique name, such as ESETScan.
  •   Copy and paste the contents of this report in your next reply.
  •   Click the Back button.
  •   Click the Finish button.

Checklist:  In your next reply, please post the following:

  • ESET log
  • Let me know how your computer is running now.

 



#13 Realmage13

Realmage13

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 07 October 2014 - 07:58 PM

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\VOPackage\runasu.exe.vir a variant of Win32/VOPackage.V potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe.vir a variant of Win32/VOPackage.W potentially unwanted application deleted - quarantined
C:\Users\Owner\AppData\Local\nsq494C.tmp Win32/AnyProtect.F potentially unwanted application deleted - quarantined
 
 
Logs ^^
 
And the computer is running fine now. No complaints
Thank you SO much for your assitance :clap:  :banana:  :banana:


#14 Realmage13

Realmage13

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 07 October 2014 - 08:48 PM

I just realized the I forgot to check the advanced settings for the "do not remove"

... Whoops?

 

This is what the second scan showed.

 

C:\FRST\Quarantine\C\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_ (1).exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\FRST\Quarantine\C\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_ (2).exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\FRST\Quarantine\C\Users\Owner\Downloads\OffercastInstaller_AVR_l-1757-us0-addrs-lbl-10psht_.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Owner\Downloads\Avery Wizard 5.0_20140331.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
E:\Microsoft Office ProPlus 2013 VL EN\LaNanov11.zip a variant of MSIL/HackTool.IdleKMS.A potentially unsafe application
E:\Microsoft Office ProPlus 2013 VL EN\LaNanov11\KMSnano.exe a variant of MSIL/HackTool.IdleKMS.A potentially unsafe application


#15 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 08 October 2014 - 07:13 AM

Hello, ReaImage 13. 

 

Thank you for your ESET logs.  We have a few more entries to delete.

 

Please run the following Fix

 

Please open Notepad:  Press the Windows key + r (Win Key + r) > Type Notepad > Click OK.

  • Copy and paste the entire contents of the code box below:  To do this, highlight the contents of the box, right click on it, and select Copy > Right-click in the open Notepad and select Paste.
  • Save this to the same directory you saved FRST / FRST64 > Save it as fixlist.txt.

Note:  In order for the fix to work, fixlist.txt must be placed next to FRST / FRST64.  You can use your mouse to drag it in place.

start
CloseProcesses: 

C:\Users\Owner\Downloads\Avery Wizard 5.0_20140331.exe
E:\Microsoft Office ProPlus 2013 VL EN\LaNanov11.zip
E:\Microsoft Office ProPlus 2013 VL EN\LaNanov11\KMSnano.exe

DeleteQuarantine:
Hosts:
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.  Running this on another machine may cause damage to your operating system.

  • Run FRST / FRST64, press the Fix button once and wait.
  • When finished, the tool will generate a log on the Desktop (Fixlog.txt).  Please post it to your next reply.

 

 


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users