1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please help me remove Platypus

Discussion in 'Virus & Other Malware Removal' started by Savysarah, Nov 15, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. Savysarah

    Savysarah Thread Starter

    Joined:
    Nov 15, 2014
    Messages:
    20
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz, Intel64 Family 6 Model 42 Stepping 7
    Processor Count: 2
    RAM: 4043 Mb
    Graphics Card: Intel(R) HD Graphics Family, 1797 Mb
    Hard Drives: C: Total - 289746 MB, Free - 215322 MB;
    Motherboard: TOSHIBA, Portable PC
    Antivirus: Microsoft Security Essentials, Updated and Enabled

    Hi, I removed a lot of malware from my laptop. I'm having trouble getting rid of something called Playtopus. Could you please help me remove this and any other risky items on my laptop?
    Thank you,
    SS
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    Hi SavySarah,
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    If any problems with the instructions, please let me know.

    askey127
     
  3. Savysarah

    Savysarah Thread Starter

    Joined:
    Nov 15, 2014
    Messages:
    20
    Askey 127,

    Thank you for response. At the moment I'm not able to download and run. I'm being redirected to update other things along with a message saying these other things are a "phishing scam". Running Malwarebytes as we speak to see if some kind of malware is causing the issue. If you have another idea, please let me know!
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    Savysarah,
    Try downloading any of the following programs and running it (they are all the same with different names)
    Running Rkill may enable you to download FRST64 as we want.
    ------------------------------------------------
    Download and Run Rkill
    Please download and run the tool named Rkill, which may help in allowing other programs to run.
    There are different versions with different names. If one of them won't run ,then download and try to run one of the other ones.
    After the download, Vista and Win7 users will need to right click the icon and choose Run as Administrator. XP Users can just double-click.
    You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools. Either ignore the warnings or shutdown your antivirus.
    Please download Rkill from one of the following links (note the different names) and save to your Desktop:
    iExplore.exe
    Rkill.exe
    eXplorer.exe
    RKill.com
    RKill.scr
    Rkill.pif
    uSeRiNiT.exe
    • Double-click on the iExplore, Rkill, eXplorer, or uSeRiNiT desktop icon to run the tool.(If using Vista or Windows 7 right-click on it and choose Run As Administrator).
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If you get a Warning Message when you try to run it, run it again while the Warning Message is still displayed.
    • If it doesn't run on the first try, please try to run it another two or three times.
    • If it still does not run, delete the desktop entry. Then download and use the one provided in the next link.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided after trying each a few times, please let me know.

    -----------------------------------------------------------
    If Rkill ran successfully, you may be able to download FRST64 now.
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  5. Savysarah

    Savysarah Thread Starter

    Joined:
    Nov 15, 2014
    Messages:
    20
    I keep getting popups which are preventing me from downloading anything. Ex.: the page at b1.yaqcpx.com says: warning!!! Your Java Version is Outdated, Have Security Risks, Please updat now. And also: the page at www.webstered.com says: Microsoft Detected Security Error due to suspicious Activity found on your computer. Contact Microsoft certified professionals live at 1-855-403-6030.
    These messages prevent me from doing anything, as they either pop up or change the webpage.
     
  6. Savysarah

    Savysarah Thread Starter

    Joined:
    Nov 15, 2014
    Messages:
    20
    I was able to download frst64 in safe mode. Couldn't open to desktop but pinned to start menu? I'm scanning now.
     
  7. Savysarah

    Savysarah Thread Starter

    Joined:
    Nov 15, 2014
    Messages:
    20
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014
    Ran by Owner (administrator) on OWNER-PC on 19-11-2014 13:41:42
    Running from C:\Users\Owner\Downloads
    Loaded Profile: Owner (Available profiles: Owner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
    HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\Run: [Facebook Update] => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-09] (Facebook Inc.)
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [35239488 2013-06-20] (ooVoo LLC)
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\MountPoints2: {cbee90d5-4e59-11e2-88cb-00266c0259fb} - E:\ToolLauncher-Bootstrap.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    ProxyServer: [S-1-5-21-3864113847-1275663227-2447566729-1000] => http=127.0.0.1:51178;https=127.0.0.1:51178
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
    SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
    SearchScopes: HKU\S-1-5-21-3864113847-1275663227-2447566729-1000 -> {80CF0A7F-779F-47D5-BA16-21A6FEE8B5EF} URL = http://search.yahoo.com/search?p={s...e=W3i_DS,136,0_0,Search,20130729,19890,0,25,0
    SearchScopes: HKU\S-1-5-21-3864113847-1275663227-2447566729-1000 -> {DDCF7E72-19B1-45F7-8D78-1042C22893DF} URL = http://start.mysearchdial.com/resul...tGyEzzyCyBtAyDtAtB0CyCtCtA2Q&cr=1368404805&ir=
    SearchScopes: HKU\S-1-5-21-3864113847-1275663227-2447566729-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-3864113847-1275663227-2447566729-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-3864113847-1275663227-2447566729-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    Winsock: Catalog9 01 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
    Winsock: Catalog9 02 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
    Winsock: Catalog9 03 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
    Winsock: Catalog9 04 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
    Winsock: Catalog9 15 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
    Winsock: Catalog9-x64 01 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
    Winsock: Catalog9-x64 02 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
    Winsock: Catalog9-x64 03 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
    Winsock: Catalog9-x64 04 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
    Winsock: Catalog9-x64 15 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
    FF Plugin HKU\S-1-5-21-3864113847-1275663227-2447566729-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
    CHR Extension: (WowCoupon) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfbefhckglpbigjbdakndihnigilmfoo [2014-11-13]
    CHR HKLM-x32\...\Chrome\Extension: [aaaainelhcgoinheohbeolppeofibjlh] - C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7\CRX\ToolbarCR.crx [2013-06-14]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [169632 2013-06-14] () [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-11-19 13:41 - 2014-11-19 13:42 - 00015976 _____ () C:\Users\Owner\Downloads\FRST.txt
    2014-11-19 13:37 - 2014-11-19 13:41 - 00000000 ____D () C:\FRST
    2014-11-19 13:37 - 2014-11-19 13:37 - 02117120 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2014-11-19 13:32 - 2014-11-19 13:32 - 00384888 _____ (Premium Installer ) C:\Users\Owner\Downloads\setup (4).exe
    2014-11-19 13:32 - 2014-11-19 13:32 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieBrowserModeList
    2014-11-19 12:45 - 2014-11-19 12:45 - 00384888 _____ (Premium Installer ) C:\Users\Owner\Downloads\setup (3).exe
    2014-11-19 12:43 - 2014-11-19 12:43 - 00384888 _____ (Premium Installer ) C:\Users\Owner\Downloads\setup (2).exe
    2014-11-19 12:29 - 2014-11-19 12:30 - 00384888 _____ (Premium Installer ) C:\Users\Owner\Downloads\setup (1).exe
    2014-11-19 12:25 - 2014-11-19 12:25 - 00384888 _____ (Premium Installer ) C:\Users\Owner\Downloads\setup.exe
    2014-11-15 11:14 - 2014-11-15 11:14 - 00509440 _____ (Tech Support Guy System) C:\Users\Owner\Downloads\SysInfo (3).exe
    2014-11-15 11:10 - 2014-11-15 11:10 - 00509440 _____ (Tech Support Guy System) C:\Users\Owner\Downloads\SysInfo (2).exe
    2014-11-15 01:41 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
    2014-11-15 01:41 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
    2014-11-14 16:46 - 2014-11-14 16:47 - 00000000 ___DC () C:\Users\Owner\AppData\Local\MigWiz
    2014-11-14 16:26 - 2014-11-14 16:26 - 00509440 _____ (Tech Support Guy System) C:\Users\Owner\Downloads\SysInfo.exe
    2014-11-14 16:26 - 2014-11-14 16:26 - 00509440 _____ (Tech Support Guy System) C:\Users\Owner\Downloads\SysInfo (1).exe
    2014-11-14 15:17 - 2014-11-14 15:17 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\sh-remover.exe
    2014-11-14 13:56 - 2014-11-14 13:56 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2014-11-14 13:56 - 2014-11-14 13:56 - 00001945 _____ () C:\windows\epplauncher.mif
    2014-11-14 13:56 - 2014-11-14 13:56 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-11-14 13:56 - 2014-11-14 13:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2014-11-14 13:48 - 2014-11-14 13:49 - 14087848 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall (1).exe
    2014-11-14 13:34 - 2014-11-14 13:34 - 14087848 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
    2014-11-14 13:31 - 2014-11-14 13:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
    2014-11-14 13:30 - 2014-11-14 13:30 - 00000000 ____D () C:\ProgramData\Oracle
    2014-11-14 13:29 - 2014-11-14 13:29 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
    2014-11-14 13:29 - 2014-11-14 13:29 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-11-14 13:29 - 2014-11-14 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-11-14 12:14 - 2014-11-14 12:14 - 00000004 _____ () C:\Users\Owner\AppData\Roaming\appdataFr2.bin
    2014-11-14 11:42 - 2014-11-14 11:42 - 00001068 _____ () C:\malware bites.txt
    2014-11-14 11:18 - 2014-11-18 15:17 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-14 11:18 - 2014-11-14 11:18 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-14 11:18 - 2014-11-14 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-14 11:18 - 2014-11-14 11:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-14 11:18 - 2014-11-14 11:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-14 11:18 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-11-14 11:18 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-11-14 11:18 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-11-14 11:14 - 2014-11-14 11:15 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.3.1025.exe
    2014-11-14 09:55 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-11-14 09:55 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-11-14 09:55 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-11-14 09:55 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-11-14 09:55 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-11-14 09:55 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-11-14 09:55 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-11-14 09:55 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-11-14 09:55 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-11-14 09:55 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-11-14 09:55 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-11-14 09:55 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-11-14 09:55 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-11-14 09:55 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-11-14 09:55 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-11-14 09:55 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-11-14 09:55 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-11-14 09:55 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-11-14 09:55 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-14 09:55 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-11-14 09:55 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-11-14 09:55 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-11-14 09:55 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-11-14 09:55 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-11-14 09:55 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-11-14 09:55 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-14 09:55 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-11-14 09:55 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-11-14 09:55 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-11-14 09:55 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-11-14 09:55 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-11-14 09:55 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-11-14 09:55 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-11-14 09:55 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-11-14 09:55 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-11-14 09:55 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-11-14 09:55 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-14 09:55 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-11-14 09:55 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-11-14 09:55 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-11-14 09:55 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-11-14 09:55 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-11-14 09:55 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-11-14 09:55 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-11-14 09:55 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-11-14 09:55 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-11-14 09:55 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-11-14 09:55 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-11-14 09:55 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-11-14 09:55 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-11-14 09:55 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-11-14 09:55 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-11-14 09:55 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-11-14 09:55 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-11-14 09:55 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-11-14 09:55 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-11-14 09:55 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-11-14 09:55 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-11-14 09:55 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-11-13 08:42 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-11-13 08:42 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
    2014-11-13 08:42 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-11-13 08:42 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2014-11-13 08:42 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2014-11-13 08:42 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2014-11-13 08:42 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2014-11-13 08:42 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2014-11-13 08:42 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2014-11-13 08:32 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-11-13 08:32 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-11-13 08:32 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2014-11-13 08:32 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2014-11-13 08:32 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2014-11-13 08:32 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2014-11-13 08:32 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2014-11-13 08:32 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-11-13 08:32 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
    2014-11-13 08:32 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-11-13 08:32 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2014-11-13 08:32 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
    2014-11-13 08:32 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
    2014-11-13 08:32 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
    2014-11-13 08:32 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-11-13 08:32 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
    2014-11-13 08:32 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-11-13 08:32 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
    2014-11-13 08:32 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
    2014-11-13 08:32 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
    2014-11-13 08:31 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-11-13 08:31 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
    2014-11-13 08:31 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-11-13 08:31 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-11-13 08:31 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-11-13 08:31 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-11-13 08:31 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-11-13 08:31 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-11-13 08:31 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-11-13 08:31 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-11-13 08:31 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2014-11-13 08:31 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2014-11-13 08:31 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2014-11-13 08:30 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2014-11-13 08:30 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2014-11-13 08:30 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
    2014-11-13 08:30 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
    2014-11-13 08:29 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
    2014-11-13 08:29 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
    2014-11-13 08:28 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
    2014-11-13 08:28 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
    2014-11-13 08:28 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
    2014-11-13 08:28 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
    2014-11-13 08:28 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
    2014-11-13 08:28 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
    2014-11-13 08:27 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
    2014-11-13 08:27 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
    2014-11-13 08:27 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
    2014-11-13 08:27 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
    2014-11-13 08:27 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
    2014-11-13 08:27 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
    2014-11-13 08:27 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
    2014-11-13 08:27 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
    2014-11-13 08:27 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
    2014-11-13 08:27 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
    2014-11-13 08:27 - 2014-07-08 16:38 - 00419992 _____ () C:\windows\system32\locale.nls
    2014-11-13 08:27 - 2014-07-08 16:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
    2014-11-13 08:27 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
    2014-11-13 08:27 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
    2014-11-13 08:26 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
    2014-11-13 08:26 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
    2014-11-13 08:26 - 2014-09-09 16:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
    2014-11-13 08:26 - 2014-09-09 15:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
    2014-11-13 08:18 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
    2014-11-13 08:18 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
    2014-11-13 08:18 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
    2014-11-13 08:18 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
    2014-11-13 08:18 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
    2014-11-13 08:18 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
    2014-11-13 08:18 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
    2014-11-13 08:18 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
    2014-11-13 08:18 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
    2014-11-13 08:18 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
    2014-11-13 08:18 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
    2014-11-07 23:28 - 2014-11-07 23:28 - 00613012 _____ (CMI Limited) C:\Users\Owner\AppData\Local\nsyAC28.tmp
    2014-11-07 23:28 - 2014-11-07 23:28 - 00000000 __SHD () C:\Users\Owner\AppData\Roaming\AnyProtectEx
    2014-11-07 23:17 - 2014-11-14 12:06 - 00000000 ____D () C:\ProgramData\b6e31346-5839-4cca-ab24-0578c508b4f4
    2014-10-28 21:46 - 2014-10-28 21:46 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-11-19 13:27 - 2012-12-04 09:22 - 01228471 _____ () C:\windows\WindowsUpdate.log
    2014-11-19 13:25 - 2012-12-04 09:55 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-19 13:12 - 2013-03-25 21:13 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-11-19 13:04 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-19 13:04 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-19 12:58 - 2012-12-04 09:55 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-19 12:53 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-11-19 12:53 - 2009-07-13 22:51 - 00046056 _____ () C:\windows\setupact.log
    2014-11-19 12:24 - 2009-07-13 23:13 - 00783464 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-11-19 12:21 - 2013-05-09 19:52 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3864113847-1275663227-2447566729-1000UA.job
    2014-11-18 22:20 - 2013-05-09 19:51 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3864113847-1275663227-2447566729-1000Core.job
    2014-11-18 15:13 - 2012-12-25 20:10 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
    2014-11-15 11:21 - 2012-12-04 10:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-11-15 10:22 - 2012-12-04 10:17 - 00086160 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-15 10:20 - 2009-07-13 22:45 - 00342328 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-11-15 10:19 - 2010-11-20 21:47 - 00904910 _____ () C:\windows\PFRO.log
    2014-11-15 10:17 - 2014-07-03 14:58 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-11-15 10:08 - 2013-04-07 19:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-11-15 09:38 - 2013-01-02 16:20 - 00776078 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2014-11-15 09:33 - 2013-08-28 19:14 - 00000000 ____D () C:\windows\system32\MRT
    2014-11-14 15:16 - 2014-08-30 06:06 - 00000000 ____D () C:\Program Files (x86)\Web Protect
    2014-11-14 14:26 - 2012-12-04 10:01 - 00000000 ____D () C:\ProgramData\Norton
    2014-11-14 14:24 - 2013-06-02 09:51 - 00000000 ____D () C:\ProgramData\Symantec
    2014-11-14 13:32 - 2011-10-30 20:29 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-11-14 13:29 - 2011-10-30 20:29 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
    2014-11-14 13:29 - 2011-10-30 20:29 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
    2014-11-14 12:50 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
    2014-11-14 11:43 - 2009-07-13 20:34 - 00000505 _____ () C:\windows\win.ini
    2014-11-14 11:42 - 2014-09-07 17:53 - 00000000 ____D () C:\ProgramData\SaaleuseMagnet
    2014-11-14 11:42 - 2014-08-04 21:12 - 00000000 ____D () C:\ProgramData\QueiEnuCoupOun
    2014-11-14 11:42 - 2014-05-23 22:57 - 00000000 ____D () C:\ProgramData\PrinccECoupon
    2014-11-14 11:42 - 2014-04-02 14:51 - 00000000 ____D () C:\ProgramData\ClicekoFiorSalae
    2014-11-14 11:42 - 2014-03-30 16:57 - 00000000 ____D () C:\ProgramData\FFlexiblESShoppper
    2014-11-14 11:42 - 2014-03-05 14:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\FlvPlayer
    2014-11-14 09:49 - 2014-09-16 18:37 - 00000380 _____ () C:\windows\Tasks\APSnotifierPP3.job
    2014-11-14 09:49 - 2014-09-16 18:37 - 00000380 _____ () C:\windows\Tasks\APSnotifierPP2.job
    2014-11-14 09:49 - 2014-09-16 18:37 - 00000380 _____ () C:\windows\Tasks\APSnotifierPP1.job
    2014-11-14 09:29 - 2014-03-05 14:06 - 00000144 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
    2014-11-13 08:38 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
    2014-11-13 08:25 - 2014-03-30 16:57 - 00000000 ____D () C:\ProgramData\a3fe5dd15e7d5c67
    2014-11-13 08:13 - 2013-03-25 21:13 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-13 08:12 - 2014-10-17 22:19 - 17926832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
    2014-11-13 08:12 - 2013-03-25 21:13 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-13 08:12 - 2011-10-30 20:34 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-12 18:30 - 2014-03-07 17:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
    2014-11-07 23:29 - 2014-09-16 18:37 - 00002830 _____ () C:\windows\System32\Tasks\APSnotifierPP3
    2014-11-07 23:29 - 2014-09-16 18:37 - 00002830 _____ () C:\windows\System32\Tasks\APSnotifierPP2
    2014-11-07 23:29 - 2014-09-16 18:37 - 00002830 _____ () C:\windows\System32\Tasks\APSnotifierPP1
    2014-11-07 23:27 - 2013-05-14 15:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
    2014-11-07 23:24 - 2014-09-16 18:37 - 00001072 _____ () C:\Users\Owner\AppData\Roaming\aps.scan.quick.results
    2014-11-07 23:24 - 2014-09-16 18:37 - 00000314 _____ () C:\Users\Owner\AppData\Roaming\aps.uninstall.scan.results
    2014-11-07 23:24 - 2014-09-16 18:37 - 00000000 _____ () C:\Users\Owner\AppData\Roaming\aps.scan.results
    2014-10-31 23:26 - 2012-12-04 11:57 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-10-30 05:25 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-10-28 21:41 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\PolicyDefinitions
    Some content of TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\DefaultAssets.exe
    C:\Users\Owner\AppData\Local\Temp\DefaultOfflineContent.exe
    C:\Users\Owner\AppData\Local\Temp\highjlh0.dll
    C:\Users\Owner\AppData\Local\Temp\IEHistory.exe
    C:\Users\Owner\AppData\Local\Temp\InstalledPrograms.exe
    C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Owner\AppData\Local\Temp\NLStubInstallerResources.dll
    C:\Users\Owner\AppData\Local\Temp\offercast.exe
    C:\Users\Owner\AppData\Local\Temp\PCCU_Installer.exe
    C:\Users\Owner\AppData\Local\Temp\post1.exe
    C:\Users\Owner\AppData\Local\Temp\post2.dll
    C:\Users\Owner\AppData\Local\Temp\post2.exe
    C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Owner\AppData\Local\Temp\SpOrder.dll
    C:\Users\Owner\AppData\Local\Temp\Sqlite3.dll
    C:\Users\Owner\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_17067.exe

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-11-13 08:06
    ==================== End Of Log ============================
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014
    Ran by Owner (administrator) on OWNER-PC on 19-11-2014 13:41:42
    Running from C:\Users\Owner\Downloads
    Loaded Profile: Owner (Available profiles: Owner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
    HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\Run: [Facebook Update] => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-09] (Facebook Inc.)
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [35239488 2013-06-20] (ooVoo LLC)
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\MountPoints2: {cbee90d5-4e59-11e2-88cb-00266c0259fb} - E:\ToolLauncher-Bootstrap.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    ProxyServer: [S-1-5-21-3864113847-1275663227-2447566729-1000] => http=127.0.0.1:51178;https=127.0.0.1:51178
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
    SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
    SearchScopes: HKU\S-1-5-21-3864113847-1275663227-2447566729-1000 -> {80CF0A7F-779F-47D5-BA16-21A6FEE8B5EF} URL = http://search.yahoo.com/search?p={s...e=W3i_DS,136,0_0,Search,20130729,19890,0,25,0
    SearchScopes: HKU\S-1-5-21-3864113847-1275663227-2447566729-1000 -> {DDCF7E72-19B1-45F7-8D78-1042C22893DF} URL = http://start.mysearchdial.com/resul...tGyEzzyCyBtAyDtAtB0CyCtCtA2Q&cr=1368404805&ir=
    SearchScopes: HKU\S-1-5-21-3864113847-1275663227-2447566729-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-3864113847-1275663227-2447566729-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-3864113847-1275663227-2447566729-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    Winsock: Catalog9 01 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
    Winsock: Catalog9 02 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
    Winsock: Catalog9 03 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
    Winsock: Catalog9 04 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
    Winsock: Catalog9 15 C:\windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)
    Winsock: Catalog9-x64 01 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
    Winsock: Catalog9-x64 02 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
    Winsock: Catalog9-x64 03 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
    Winsock: Catalog9-x64 04 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
    Winsock: Catalog9-x64 15 C:\windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
    FF Plugin HKU\S-1-5-21-3864113847-1275663227-2447566729-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
    CHR Extension: (WowCoupon) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfbefhckglpbigjbdakndihnigilmfoo [2014-11-13]
    CHR HKLM-x32\...\Chrome\Extension: [aaaainelhcgoinheohbeolppeofibjlh] - C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7\CRX\ToolbarCR.crx [2013-06-14]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [169632 2013-06-14] () [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-11-19 13:41 - 2014-11-19 13:42 - 00015976 _____ () C:\Users\Owner\Downloads\FRST.txt
    2014-11-19 13:37 - 2014-11-19 13:41 - 00000000 ____D () C:\FRST
    2014-11-19 13:37 - 2014-11-19 13:37 - 02117120 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2014-11-19 13:32 - 2014-11-19 13:32 - 00384888 _____ (Premium Installer ) C:\Users\Owner\Downloads\setup (4).exe
    2014-11-19 13:32 - 2014-11-19 13:32 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieBrowserModeList
    2014-11-19 12:45 - 2014-11-19 12:45 - 00384888 _____ (Premium Installer ) C:\Users\Owner\Downloads\setup (3).exe
    2014-11-19 12:43 - 2014-11-19 12:43 - 00384888 _____ (Premium Installer ) C:\Users\Owner\Downloads\setup (2).exe
    2014-11-19 12:29 - 2014-11-19 12:30 - 00384888 _____ (Premium Installer ) C:\Users\Owner\Downloads\setup (1).exe
    2014-11-19 12:25 - 2014-11-19 12:25 - 00384888 _____ (Premium Installer ) C:\Users\Owner\Downloads\setup.exe
    2014-11-15 11:14 - 2014-11-15 11:14 - 00509440 _____ (Tech Support Guy System) C:\Users\Owner\Downloads\SysInfo (3).exe
    2014-11-15 11:10 - 2014-11-15 11:10 - 00509440 _____ (Tech Support Guy System) C:\Users\Owner\Downloads\SysInfo (2).exe
    2014-11-15 01:41 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
    2014-11-15 01:41 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
    2014-11-14 16:46 - 2014-11-14 16:47 - 00000000 ___DC () C:\Users\Owner\AppData\Local\MigWiz
    2014-11-14 16:26 - 2014-11-14 16:26 - 00509440 _____ (Tech Support Guy System) C:\Users\Owner\Downloads\SysInfo.exe
    2014-11-14 16:26 - 2014-11-14 16:26 - 00509440 _____ (Tech Support Guy System) C:\Users\Owner\Downloads\SysInfo (1).exe
    2014-11-14 15:17 - 2014-11-14 15:17 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\sh-remover.exe
    2014-11-14 13:56 - 2014-11-14 13:56 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2014-11-14 13:56 - 2014-11-14 13:56 - 00001945 _____ () C:\windows\epplauncher.mif
    2014-11-14 13:56 - 2014-11-14 13:56 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-11-14 13:56 - 2014-11-14 13:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2014-11-14 13:48 - 2014-11-14 13:49 - 14087848 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall (1).exe
    2014-11-14 13:34 - 2014-11-14 13:34 - 14087848 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
    2014-11-14 13:31 - 2014-11-14 13:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
    2014-11-14 13:30 - 2014-11-14 13:30 - 00000000 ____D () C:\ProgramData\Oracle
    2014-11-14 13:29 - 2014-11-14 13:29 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
    2014-11-14 13:29 - 2014-11-14 13:29 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-11-14 13:29 - 2014-11-14 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-11-14 12:14 - 2014-11-14 12:14 - 00000004 _____ () C:\Users\Owner\AppData\Roaming\appdataFr2.bin
    2014-11-14 11:42 - 2014-11-14 11:42 - 00001068 _____ () C:\malware bites.txt
    2014-11-14 11:18 - 2014-11-18 15:17 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-14 11:18 - 2014-11-14 11:18 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-14 11:18 - 2014-11-14 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-14 11:18 - 2014-11-14 11:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-14 11:18 - 2014-11-14 11:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-14 11:18 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-11-14 11:18 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-11-14 11:18 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-11-14 11:14 - 2014-11-14 11:15 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.3.1025.exe
    2014-11-14 09:55 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-11-14 09:55 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-11-14 09:55 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-11-14 09:55 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-11-14 09:55 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-11-14 09:55 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-11-14 09:55 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-11-14 09:55 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-11-14 09:55 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-11-14 09:55 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-11-14 09:55 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-11-14 09:55 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-11-14 09:55 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-11-14 09:55 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-11-14 09:55 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-11-14 09:55 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-11-14 09:55 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-11-14 09:55 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-11-14 09:55 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-14 09:55 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-11-14 09:55 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-11-14 09:55 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-11-14 09:55 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-11-14 09:55 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-11-14 09:55 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-11-14 09:55 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-14 09:55 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-11-14 09:55 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-11-14 09:55 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-11-14 09:55 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-11-14 09:55 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-11-14 09:55 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-11-14 09:55 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-11-14 09:55 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-11-14 09:55 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-11-14 09:55 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-11-14 09:55 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-14 09:55 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-11-14 09:55 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-11-14 09:55 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-11-14 09:55 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-11-14 09:55 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-11-14 09:55 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-11-14 09:55 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-11-14 09:55 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-11-14 09:55 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-11-14 09:55 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-11-14 09:55 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-11-14 09:55 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-11-14 09:55 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-11-14 09:55 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-11-14 09:55 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-11-14 09:55 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-11-14 09:55 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-11-14 09:55 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-11-14 09:55 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-11-14 09:55 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-11-14 09:55 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-11-14 09:55 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-11-13 08:42 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-11-13 08:42 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
    2014-11-13 08:42 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-11-13 08:42 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2014-11-13 08:42 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2014-11-13 08:42 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2014-11-13 08:42 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2014-11-13 08:42 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2014-11-13 08:42 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2014-11-13 08:32 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-11-13 08:32 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-11-13 08:32 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2014-11-13 08:32 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2014-11-13 08:32 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2014-11-13 08:32 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2014-11-13 08:32 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2014-11-13 08:32 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-11-13 08:32 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
    2014-11-13 08:32 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-11-13 08:32 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2014-11-13 08:32 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
    2014-11-13 08:32 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
    2014-11-13 08:32 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
    2014-11-13 08:32 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-11-13 08:32 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
    2014-11-13 08:32 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-11-13 08:32 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
    2014-11-13 08:32 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
    2014-11-13 08:32 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
    2014-11-13 08:31 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-11-13 08:31 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
    2014-11-13 08:31 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-11-13 08:31 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-11-13 08:31 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-11-13 08:31 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-11-13 08:31 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-11-13 08:31 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-11-13 08:31 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-11-13 08:31 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-11-13 08:31 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2014-11-13 08:31 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2014-11-13 08:31 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2014-11-13 08:30 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2014-11-13 08:30 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2014-11-13 08:30 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
    2014-11-13 08:30 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
    2014-11-13 08:29 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
    2014-11-13 08:29 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
    2014-11-13 08:28 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
    2014-11-13 08:28 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
    2014-11-13 08:28 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
    2014-11-13 08:28 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
    2014-11-13 08:28 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
    2014-11-13 08:28 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
    2014-11-13 08:27 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
    2014-11-13 08:27 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
    2014-11-13 08:27 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
    2014-11-13 08:27 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
    2014-11-13 08:27 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
    2014-11-13 08:27 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
    2014-11-13 08:27 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
    2014-11-13 08:27 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
    2014-11-13 08:27 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
    2014-11-13 08:27 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
    2014-11-13 08:27 - 2014-07-08 16:38 - 00419992 _____ () C:\windows\system32\locale.nls
    2014-11-13 08:27 - 2014-07-08 16:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
    2014-11-13 08:27 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
    2014-11-13 08:27 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
    2014-11-13 08:26 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
    2014-11-13 08:26 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
    2014-11-13 08:26 - 2014-09-09 16:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
    2014-11-13 08:26 - 2014-09-09 15:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
    2014-11-13 08:18 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
    2014-11-13 08:18 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
    2014-11-13 08:18 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
    2014-11-13 08:18 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
    2014-11-13 08:18 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
    2014-11-13 08:18 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
    2014-11-13 08:18 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
    2014-11-13 08:18 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
    2014-11-13 08:18 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
    2014-11-13 08:18 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
    2014-11-13 08:18 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
    2014-11-07 23:28 - 2014-11-07 23:28 - 00613012 _____ (CMI Limited) C:\Users\Owner\AppData\Local\nsyAC28.tmp
    2014-11-07 23:28 - 2014-11-07 23:28 - 00000000 __SHD () C:\Users\Owner\AppData\Roaming\AnyProtectEx
    2014-11-07 23:17 - 2014-11-14 12:06 - 00000000 ____D () C:\ProgramData\b6e31346-5839-4cca-ab24-0578c508b4f4
    2014-10-28 21:46 - 2014-10-28 21:46 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-11-19 13:27 - 2012-12-04 09:22 - 01228471 _____ () C:\windows\WindowsUpdate.log
    2014-11-19 13:25 - 2012-12-04 09:55 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-19 13:12 - 2013-03-25 21:13 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-11-19 13:04 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-19 13:04 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-19 12:58 - 2012-12-04 09:55 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-19 12:53 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-11-19 12:53 - 2009-07-13 22:51 - 00046056 _____ () C:\windows\setupact.log
    2014-11-19 12:24 - 2009-07-13 23:13 - 00783464 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-11-19 12:21 - 2013-05-09 19:52 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3864113847-1275663227-2447566729-1000UA.job
    2014-11-18 22:20 - 2013-05-09 19:51 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3864113847-1275663227-2447566729-1000Core.job
    2014-11-18 15:13 - 2012-12-25 20:10 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
    2014-11-15 11:21 - 2012-12-04 10:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-11-15 10:22 - 2012-12-04 10:17 - 00086160 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-15 10:20 - 2009-07-13 22:45 - 00342328 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-11-15 10:19 - 2010-11-20 21:47 - 00904910 _____ () C:\windows\PFRO.log
    2014-11-15 10:17 - 2014-07-03 14:58 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-11-15 10:08 - 2013-04-07 19:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-11-15 09:38 - 2013-01-02 16:20 - 00776078 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2014-11-15 09:33 - 2013-08-28 19:14 - 00000000 ____D () C:\windows\system32\MRT
    2014-11-14 15:16 - 2014-08-30 06:06 - 00000000 ____D () C:\Program Files (x86)\Web Protect
    2014-11-14 14:26 - 2012-12-04 10:01 - 00000000 ____D () C:\ProgramData\Norton
    2014-11-14 14:24 - 2013-06-02 09:51 - 00000000 ____D () C:\ProgramData\Symantec
    2014-11-14 13:32 - 2011-10-30 20:29 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-11-14 13:29 - 2011-10-30 20:29 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
    2014-11-14 13:29 - 2011-10-30 20:29 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
    2014-11-14 12:50 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
    2014-11-14 11:43 - 2009-07-13 20:34 - 00000505 _____ () C:\windows\win.ini
    2014-11-14 11:42 - 2014-09-07 17:53 - 00000000 ____D () C:\ProgramData\SaaleuseMagnet
    2014-11-14 11:42 - 2014-08-04 21:12 - 00000000 ____D () C:\ProgramData\QueiEnuCoupOun
    2014-11-14 11:42 - 2014-05-23 22:57 - 00000000 ____D () C:\ProgramData\PrinccECoupon
    2014-11-14 11:42 - 2014-04-02 14:51 - 00000000 ____D () C:\ProgramData\ClicekoFiorSalae
    2014-11-14 11:42 - 2014-03-30 16:57 - 00000000 ____D () C:\ProgramData\FFlexiblESShoppper
    2014-11-14 11:42 - 2014-03-05 14:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\FlvPlayer
    2014-11-14 09:49 - 2014-09-16 18:37 - 00000380 _____ () C:\windows\Tasks\APSnotifierPP3.job
    2014-11-14 09:49 - 2014-09-16 18:37 - 00000380 _____ () C:\windows\Tasks\APSnotifierPP2.job
    2014-11-14 09:49 - 2014-09-16 18:37 - 00000380 _____ () C:\windows\Tasks\APSnotifierPP1.job
    2014-11-14 09:29 - 2014-03-05 14:06 - 00000144 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
    2014-11-13 08:38 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
    2014-11-13 08:25 - 2014-03-30 16:57 - 00000000 ____D () C:\ProgramData\a3fe5dd15e7d5c67
    2014-11-13 08:13 - 2013-03-25 21:13 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-13 08:12 - 2014-10-17 22:19 - 17926832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
    2014-11-13 08:12 - 2013-03-25 21:13 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-13 08:12 - 2011-10-30 20:34 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-12 18:30 - 2014-03-07 17:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
    2014-11-07 23:29 - 2014-09-16 18:37 - 00002830 _____ () C:\windows\System32\Tasks\APSnotifierPP3
    2014-11-07 23:29 - 2014-09-16 18:37 - 00002830 _____ () C:\windows\System32\Tasks\APSnotifierPP2
    2014-11-07 23:29 - 2014-09-16 18:37 - 00002830 _____ () C:\windows\System32\Tasks\APSnotifierPP1
    2014-11-07 23:27 - 2013-05-14 15:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
    2014-11-07 23:24 - 2014-09-16 18:37 - 00001072 _____ () C:\Users\Owner\AppData\Roaming\aps.scan.quick.results
    2014-11-07 23:24 - 2014-09-16 18:37 - 00000314 _____ () C:\Users\Owner\AppData\Roaming\aps.uninstall.scan.results
    2014-11-07 23:24 - 2014-09-16 18:37 - 00000000 _____ () C:\Users\Owner\AppData\Roaming\aps.scan.results
    2014-10-31 23:26 - 2012-12-04 11:57 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-10-30 05:25 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-10-28 21:41 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\PolicyDefinitions
    Some content of TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\DefaultAssets.exe
    C:\Users\Owner\AppData\Local\Temp\DefaultOfflineContent.exe
    C:\Users\Owner\AppData\Local\Temp\highjlh0.dll
    C:\Users\Owner\AppData\Local\Temp\IEHistory.exe
    C:\Users\Owner\AppData\Local\Temp\InstalledPrograms.exe
    C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Owner\AppData\Local\Temp\NLStubInstallerResources.dll
    C:\Users\Owner\AppData\Local\Temp\offercast.exe
    C:\Users\Owner\AppData\Local\Temp\PCCU_Installer.exe
    C:\Users\Owner\AppData\Local\Temp\post1.exe
    C:\Users\Owner\AppData\Local\Temp\post2.dll
    C:\Users\Owner\AppData\Local\Temp\post2.exe
    C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Owner\AppData\Local\Temp\SpOrder.dll
    C:\Users\Owner\AppData\Local\Temp\Sqlite3.dll
    C:\Users\Owner\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_17067.exe

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-11-13 08:06
    ==================== End Of Log ============================
     
  8. Savysarah

    Savysarah Thread Starter

    Joined:
    Nov 15, 2014
    Messages:
    20
    by the way, I could not download this in safe mode in google chrome, but I was able to in Internet explorer.
     
  9. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    Savysarah,
    Glad you got it to run.
    Please Go here:
    C:\Users\Owner\Downloads
    That's where you have saved FRST64.exe
    You posted FRST.txt twice.
    I need to see the contents of addition.txt which is in the same folder.
    Then we can remove some unwanted stuff.
    (By the way, you have an experimental, non-standard version of Chrome).
    We will do something about it next round.
    Thanks.
    askey127
     
  10. Savysarah

    Savysarah Thread Starter

    Joined:
    Nov 15, 2014
    Messages:
    20
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2014
    Ran by Owner at 2014-11-19 13:43:01
    Running from C:\Users\Owner\Downloads
    Boot Mode: Safe Mode (with Networking)
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.53 - Conexant)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FlvPlayer (HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\FlvPlayer) (Version: ${VERSION} - ) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
    iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    [email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
    Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Nuance PDF Reader (HKLM-x32\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
    ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9041 - ooVoo LLC.)
    Oovoo Toolbar (HKLM-x32\...\{4F564F32-5637-006A-76A7-A758B70C0100}) (Version: 12.1.0.313 - Ask Partner Network)
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Playtopus (HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\Playtopus) (Version: - Playtopus)
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
    RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
    Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
    Skype&#8482; 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
    Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
    TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
    Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.3 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
    Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
    TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.2 - TOSHIBA Corporation)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.7 - TOSHIBA)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points =========================
    18-11-2014 21:33:37 Windows Update
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {11A30E72-3F06-4494-BBC2-09C2344BF55A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3864113847-1275663227-2447566729-1000UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-09] (Facebook Inc.)
    Task: {1C2236AF-9882-4403-AA9D-E21F255F72B7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3864113847-1275663227-2447566729-1000Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-09] (Facebook Inc.)
    Task: {7D38943D-29A4-4188-B13F-AE6E990037D9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-13] (Adobe Systems Incorporated)
    Task: {A15D27F2-4E3C-4195-8B01-074A7B2C2A45} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {A7927C57-6F18-4A85-8048-DBCDA75FFB68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04] (Google Inc.)
    Task: {AB1B5CA1-9AE1-45F8-9C1B-588948567EFD} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {AEF65493-A90C-40FD-B036-FA9BE32F5EBD} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {B5A1B633-BA44-49E8-A900-FF68FCB23DFB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {CF675938-730B-4906-94B5-DCDFBE61561A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04] (Google Inc.)
    Task: {DFB93C51-119E-474C-BEE0-AB601BB3FF91} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3864113847-1275663227-2447566729-1000Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3864113847-1275663227-2447566729-1000UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (whitelisted) =============

    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
    ==================== EXE Association (whitelisted) =============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========
    (Currently there is no automatic fix for this section.)

    ========================= Accounts: ==========================
    Administrator (S-1-5-21-3864113847-1275663227-2447566729-500 - Administrator - Disabled)
    Guest (S-1-5-21-3864113847-1275663227-2447566729-501 - Limited - Disabled)
    Owner (S-1-5-21-3864113847-1275663227-2447566729-1000 - Administrator - Enabled) => C:\Users\Owner
    ==================== Faulty Device Manager Devices =============
    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (11/19/2014 01:29:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/19/2014 01:25:44 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)
    Error: (11/19/2014 00:54:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/19/2014 00:23:34 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)
    Error: (11/18/2014 03:16:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: fc4
    Start Time: 01d00374d8bcf125
    Termination Time: 10
    Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    Report Id: 23c44869-6f68-11e4-bc7a-00266c0259fb
    Error: (11/15/2014 10:22:42 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)
    Error: (11/15/2014 10:21:44 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Data.OracleClient, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=x86". The error returned was Error: The specified assembly is not installed.
    .
    Error: (11/15/2014 10:21:43 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Messaging, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
    .
    Error: (11/15/2014 10:21:43 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Utilities, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
    .
    Error: (11/15/2014 10:21:43 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Runtime.Serialization.Formatters.Soap, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
    .

    System errors:
    =============
    Error: (11/19/2014 01:28:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068
    Error: (11/19/2014 01:28:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068
    Error: (11/19/2014 01:28:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1068
    Error: (11/19/2014 01:28:22 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
    Error: (11/19/2014 01:28:22 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    Error: (11/19/2014 01:28:19 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
    Error: (11/19/2014 01:28:14 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
    Error: (11/19/2014 01:28:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    discache
    MpFilter
    spldr
    Wanarpv6
    Error: (11/19/2014 01:28:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
    %%1068
    Error: (11/19/2014 01:27:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:
    %%31

    Microsoft Office Sessions:
    =========================
    Error: (11/19/2014 01:29:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/19/2014 01:25:44 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)
    Error: (11/19/2014 00:54:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/19/2014 00:23:34 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)
    Error: (11/18/2014 03:16:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: mbam.exe1.0.1.711fc401d00374d8bcf12510C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe23c44869-6f68-11e4-bc7a-00266c0259fb
    Error: (11/15/2014 10:22:42 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)
    Error: (11/15/2014 10:21:44 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Data.OracleClient, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=x86". The error returned was Error: The specified assembly is not installed.
    .
    Error: (11/15/2014 10:21:43 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Messaging, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
    .
    Error: (11/15/2014 10:21:43 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Utilities, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
    .
    Error: (11/15/2014 10:21:43 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Runtime.Serialization.Formatters.Soap, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
    .

    CodeIntegrity Errors:
    ===================================
    Date: 2014-11-18 15:55:21.444
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-18 15:55:21.263
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-18 15:51:40.938
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-18 15:19:52.253
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-18 15:19:52.073
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-18 15:19:51.893
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-15 09:29:30.464
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-15 09:29:30.246
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-15 09:29:30.043
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-14 15:29:50.956
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================
    Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
    Percentage of memory in use: 17%
    Total physical RAM: 4043.86 MB
    Available physical RAM: 3340.6 MB
    Total Pagefile: 8085.9 MB
    Available Pagefile: 7410.71 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
    ==================== Drives ================================
    Drive c: (TI106321W0B) (Fixed) (Total:282.96 GB) (Free:217.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: F6D08253)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)
    ==================== End Of Log ============================
     
  11. Savysarah

    Savysarah Thread Starter

    Joined:
    Nov 15, 2014
    Messages:
    20
    Hope that last one was the correct one.
     
  12. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    Savysarah,
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    FlvPlayer
    Java 7 Update 71
    ooVoo
    Oovoo Toolbar
    Yahoo! Toolbar
    Playtopus

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine

    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Download Folder, same place as FRST64.
    NOTE. It's important that both the program FRST64.exe, and Fixlist.txt be in the same location, or the fix will not work.

    Run FRST64 and press the Fix button just once and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
    When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    There does appear to be a problem with a driver file on your system.
    It could be part of the problem. We will get at it.

    askey127
     

    Attached Files:

  13. Savysarah

    Savysarah Thread Starter

    Joined:
    Nov 15, 2014
    Messages:
    20
    Uninstalled Flvplayer And Yahoo toolbar. The others gave me this message:
    The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly Installed. Contact your support personnel for assistance.

    I then did a restart (out of safe mode)

    When I ran a Fix with FRXT, I went to look for it and got this message:
    No fix list.txt found.
    The fix list.txt should be in the same folder/directory the tool is located.

    But I can't find it.
     
  14. Savysarah

    Savysarah Thread Starter

    Joined:
    Nov 15, 2014
    Messages:
    20
    Ah ha!! I'm just now seeing the fix list download!! On your post. I opologize- I'm working with my Iphone and did not see the download. :-0
     
  15. Savysarah

    Savysarah Thread Starter

    Joined:
    Nov 15, 2014
    Messages:
    20
    im confused as I only created a shortcut to desktop for the FRST64 tool. anyway, I downloaded the fixlist.txt and ran the FRST64 from the download folder. here is the fixlog it created in download folder:


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-11-2014
    Ran by Owner at 2014-11-19 22:25:46 Run:1
    Running from C:\Users\Owner\Downloads
    Loaded Profile: Owner (Available profiles: Owner)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    Task: {AB1B5CA1-9AE1-45F8-9C1B-588948567EFD} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {AEF65493-A90C-40FD-B036-FA9BE32F5EBD} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    C:\Program Files (x86)\AnyProtectEx
    Task: {DFB93C51-119E-474C-BEE0-AB601BB3FF91} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [35239488 2013-06-20] (ooVoo LLC)
    C:\Program Files (x86)\ooVoo
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-3864113847-1275663227-2447566729-1000 -> {80CF0A7F-779F-47D5-BA16-21A6FEE8B5EF} URL = http://search.yahoo.com/search?p={se...9,19890,0,25,0
    SearchScopes: HKU\S-1-5-21-3864113847-1275663227-2447566729-1000 -> {DDCF7E72-19B1-45F7-8D78-1042C22893DF} URL = http://start.mysearchdial.com/result...=1368404805&ir=
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    CHR dev: Chrome dev build detected! <======= ATTENTION
    2014-11-07 23:28 - 2014-11-07 23:28 - 00000000 __SHD () C:\Users\Owner\AppData\Roaming\AnyProtectEx
    2014-11-14 11:42 - 2014-03-05 14:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\FlvPlayer
    2014-11-07 23:24 - 2014-09-16 18:37 - 00001072 _____ () C:\Users\Owner\AppData\Roaming\aps.scan.quick.results
    2014-11-07 23:24 - 2014-09-16 18:37 - 00000314 _____ () C:\Users\Owner\AppData\Roaming\aps.uninstall.scan.results
    2014-11-07 23:24 - 2014-09-16 18:37 - 00000000 _____ () C:\Users\Owner\AppData\Roaming\aps.scan.results
    *****************
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB1B5CA1-9AE1-45F8-9C1B-588948567EFD}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB1B5CA1-9AE1-45F8-9C1B-588948567EFD}" => Key deleted successfully.
    C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEF65493-A90C-40FD-B036-FA9BE32F5EBD}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEF65493-A90C-40FD-B036-FA9BE32F5EBD}" => Key deleted successfully.
    C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully.
    "C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFB93C51-119E-474C-BEE0-AB601BB3FF91}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB93C51-119E-474C-BEE0-AB601BB3FF91}" => Key deleted successfully.
    C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully.
    C:\windows\Tasks\APSnotifierPP1.job => Moved successfully.
    C:\windows\Tasks\APSnotifierPP2.job => Moved successfully.
    C:\windows\Tasks\APSnotifierPP3.job => Moved successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ooVoo.exe => value deleted successfully.
    C:\Program Files (x86)\ooVoo => Moved successfully.
    C:\windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80CF0A7F-779F-47D5-BA16-21A6FEE8B5EF}" => Key deleted successfully.
    "HKCR\CLSID\{80CF0A7F-779F-47D5-BA16-21A6FEE8B5EF}" => Key not found.
    "HKU\S-1-5-21-3864113847-1275663227-2447566729-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DDCF7E72-19B1-45F7-8D78-1042C22893DF}" => Key deleted successfully.
    "HKCR\CLSID\{DDCF7E72-19B1-45F7-8D78-1042C22893DF}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
    "HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value not found.
    "HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.
    CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
    C:\Users\Owner\AppData\Roaming\AnyProtectEx => Moved successfully.
    "C:\Users\Owner\AppData\Roaming\FlvPlayer" => File/Directory not found.
    C:\Users\Owner\AppData\Roaming\aps.scan.quick.results => Moved successfully.
    C:\Users\Owner\AppData\Roaming\aps.uninstall.scan.results => Moved successfully.
    C:\Users\Owner\AppData\Roaming\aps.scan.results => Moved successfully.

    The system needed a reboot.
    ==== End of Fixlog ====
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1137415

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice