Jump to content

astromenda virus


ElaineP

Recommended Posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-09-2014
Ran by Elaine at 2014-09-04 18:59:44
Running from C:\Users\Elaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SCVJFT7
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.0.16600 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.0.16600 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Astromenda (HKCU\...\Astromenda) (Version: 31.0.1650.23 - Astromenda)
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CouponXplorer Internet Explorer Toolbar (HKLM\...\CouponXplorer_5zbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FreeSoftToday 025.235 (HKLM\...\fst_us_235_is1) (Version:  - FREESOFTTODAY) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java Auto Updater (Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java 6 Update 14 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java 7 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Knctr (HKLM\...\Itibiti_is1) (Version:  - Itibiti Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 7.0 (HKLM\...\{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}) (Version: 7.0.260.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2014
Ran by Elaine (administrator) on ELAINE-PC on 04-09-2014 19:01:19
Running from C:\Users\Elaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SCVJFT7
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Users\Elaine\AppData\Local\fst_us_235\upfst_us_235.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Fried Cookie Ltd.) C:\Users\Elaine\AppData\Local\Astromenda\Application\astromenda.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Fried Cookie Ltd.) C:\Users\Elaine\AppData\Local\Astromenda\Application\astromenda.exe
(Fried Cookie Ltd.) C:\Users\Elaine\AppData\Local\Astromenda\Application\astromenda.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1324384 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [intelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1468296 2009-05-26] (Microsoft Corporation)
HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe                    -,Äb Ä€û                                                         
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKLM\...\Run: [fst_us_235] => "C:\Program Files\fst_us_235\fst_us_235.exe"
HKLM\...\Run: [AnyProtect Scanner] => "C:\Program Files\AnyProtectEx\AnyProtect.exe"
HKLM\...\RunOnce: [upfst_us_235.exe] => C:\Users\Elaine\AppData\Local\fst_us_235\upfst_us_235.exe [3339256 2014-08-27] ()
HKU\S-1-5-21-779674808-260475982-4367784-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-03] (Google Inc.)
HKU\S-1-5-21-779674808-260475982-4367784-1001\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-779674808-260475982-4367784-1001\...\Run: [GoogleChromeAutoLaunch_D032621EE3F97F302FCACE89EABFEDD5] => C:\Users\Elaine\AppData\Local\Astromenda\Application\astromenda.exe [750080 2014-07-23] (Fried Cookie Ltd.)
HKU\S-1-5-21-779674808-260475982-4367784-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-779674808-260475982-4367784-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-779674808-260475982-4367784-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-779674808-260475982-4367784-1001\...\MountPoints2: {9d985463-cc65-11e0-8d67-00266c3443a4} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-779674808-260475982-4367784-1001\...\MountPoints2: {cef66d92-69aa-11e0-b619-00266c3443a4} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-779674808-260475982-4367784-1001\...\MountPoints2: {cf770905-7c88-11e0-a538-00266c3443a4} - E:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-779674808-260475982-4367784-1001\...\MountPoints2: {fccf986b-f7b4-11e3-88bb-00266c3443a4} - E:\VZW_Software_upgrade_assistant.exe
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM - (No Name) - {2c1e21b5-5666-4cd5-8152-96b690b7216e} -  No File
URLSearchHook: HKCU - (No Name) - {2c1e21b5-5666-4cd5-8152-96b690b7216e} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {19666DE9-B572-4A98-96D4-77D2EE047A38} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2394708
SearchScopes: HKCU - {1FECBD67-99BF-4BD0-9316-ED5E05668BAB} URL = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.yahoo.com/search?ei=ISO-8859-1&fr=chr-vmn&type=egames3_1yach&q={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=82695&iwk=322&lng=en
SearchScopes: HKCU - {E08A9998-D98F-476f-8F5C-37C80FE0A4DA} URL = http://search.yahoo.com/search?fr=chr-ober&type=pogo&p={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {2C1E21B5-5666-4CD5-8152-96B690B7216E} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {2D922B81-34C7-4AAB-9C5D-433E79FC9445} -  No File
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ut246z8e.default
FF DefaultSearchEngine: Mysearchdial
FF NetworkProxy: "no_proxies_on", "localho,t,127.0.0.1,*.local"
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Elaine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF user.js: detected! => C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ut246z8e.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ut246z8e.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ut246z8e.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ut246z8e.default\searchplugins\my-homepage.xml
FF SearchPlugin: C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ut246z8e.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ut246z8e.default\searchplugins\SearchTheWeb.xml
FF Extension: My Scrap Nook - C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ut246z8e.default\Extensions\12ffxtbr@MyScrapNook_12.com [2012-10-12]
FF Extension: CouponXplorer - C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ut246z8e.default\Extensions\5zffxtbr@CouponXplorer_5z.com [2013-12-11]
FF Extension: Shop to Win 26 - C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ut246z8e.default\Extensions\{0a934dfe-a784-dab4-6183-34ef94090411} [2012-01-25]
FF Extension: No Name - C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ut246z8e.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2013-12-30]
FF Extension: MySearchDial NewTab - C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ut246z8e.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-01-01]
FF Extension: IMinent Toolbar - C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ut246z8e.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012-01-26]
FF Extension: Boost - C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ut246z8e.default\Extensions\boost@boost.net.xpi [2014-09-01]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com [2012-01-26]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-12-04]
FF HKCU\...\Firefox\Extensions: [{5b6d4488-b907-46a5-b794-0910b199d629}] - C:\Program Files\ViewPassword\136.xpi
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www-search.net/?s=E91zadku2,52876dca-dc48-4780-860b-6aabf9702f24,
CHR StartupUrls: Default -> "hxxp://www-search.net/?s=E91zadku2,52876dca-dc48-4780-860b-6aabf9702f24,"
CHR DefaultSearchKeyword: Default -> www-search.net
CHR DefaultSearchProvider: Default -> Search
CHR CustomProfile: C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-26]
CHR Extension: (Google Drive) - C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-27]
CHR Extension: (YouTube) - C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-26]
CHR Extension: (Google Search) - C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-26]
CHR Extension: (Skype Click to Call) - C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-01]
CHR Extension: (Google Wallet) - C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR Extension: (Gmail) - C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-26]
CHR HKLM\...\Chrome\Extension: [gdajbhgjikacgjmhlaelpmljbelkmbdg] - C:\Users\Elaine\AppData\Local\CRE\gdajbhgjikacgjmhlaelpmljbelkmbdg.crx []
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [oahepomnpijmejhllnialnkhnadmcjdp] - C:\Users\Elaine\AppData\Local\CRE\oahepomnpijmejhllnialnkhnadmcjdp.crx [2012-01-17]
CHR HKCU\...\Chrome\Extension: [gdajbhgjikacgjmhlaelpmljbelkmbdg] - C:\Users\Elaine\AppData\Local\CRE\gdajbhgjikacgjmhlaelpmljbelkmbdg.crx [2012-01-17]
CHR HKCU\...\Chrome\Extension: [oahepomnpijmejhllnialnkhnadmcjdp] - C:\Users\Elaine\AppData\Local\CRE\oahepomnpijmejhllnialnkhnadmcjdp.crx [2012-01-17]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S2 MSSQL$XACTWARE; c:\Program Files\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S4 SQLAgent$XACTWARE; c:\Program Files\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-11] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-17] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
S3 SWDUMon; C:\windows\System32\DRIVERS\SWDUMon.sys [13464 2014-08-05] ()
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
R1 {e6ca9971-30ed-444a-9489-82fca50b2062}w; C:\windows\System32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}w.sys [52360 2014-08-30] (StdLib)
R1 {fe651286-52a1-461b-a17a-f258b4b81968}w; C:\windows\System32\drivers\{fe651286-52a1-461b-a17a-f258b4b81968}w.sys [52416 2014-08-29] (StdLib)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 18:58 - 2014-09-04 19:01 - 00000000 ____D () C:\FRST
2014-09-04 18:57 - 2014-09-04 18:57 - 01096704 _____ (Farbar) C:\Users\Elaine\Downloads\FRST.exe
2014-09-04 13:56 - 2014-09-04 15:53 - 00001105 _____ () C:\Users\Elaine\Desktop\Continue Live Installation.lnk
2014-09-04 10:33 - 2014-09-04 13:24 - 00000364 _____ () C:\windows\Tasks\APSnotifierPP3.job
2014-09-04 10:32 - 2014-09-04 13:24 - 00000364 _____ () C:\windows\Tasks\APSnotifierPP2.job
2014-09-04 10:32 - 2014-09-04 11:16 - 00000366 _____ () C:\windows\Tasks\APSnotifierPP1.job
2014-09-04 10:32 - 2014-09-04 10:32 - 00575544 _____ (ClickMeIn Limited) C:\Users\Elaine\AppData\Local\nseB93.tmp
2014-09-04 10:20 - 2014-09-04 10:21 - 00000000 ____D () C:\Users\Elaine\AppData\Local\Astromenda
2014-09-04 10:20 - 2014-09-04 10:20 - 00000000 ____D () C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Astromenda
2014-09-03 23:04 - 2014-09-03 23:04 - 00000000 ____D () C:\Program Files\predm
2014-09-02 15:15 - 2014-09-02 15:16 - 00000000 ____D () C:\Users\Elaine\AppData\Local\Smartbar
2014-09-02 13:42 - 2014-09-04 09:28 - 00000000 ____D () C:\Users\Elaine\Documents\ProPCCleaner
2014-09-02 13:41 - 2014-09-04 10:05 - 00000000 ____D () C:\Program Files\Pro PC Cleaner
2014-09-02 13:40 - 2014-09-02 13:40 - 00000000 ____D () C:\Users\Elaine\AppData\Roaming\Pro PC Cleaner
2014-09-02 12:45 - 2014-09-02 12:45 - 00000000 ____D () C:\Users\Elaine\AppData\Local\IsolatedStorage
2014-09-02 12:43 - 2014-09-02 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
2014-09-02 12:43 - 2014-09-02 12:43 - 00000000 ____D () C:\Program Files\Earth Networks
2014-09-02 12:41 - 2014-09-04 10:05 - 00000000 ___DC () C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756}
2014-09-02 12:40 - 2014-09-04 10:06 - 00000000 ____D () C:\Program Files\PennyBee
2014-09-01 12:02 - 2014-09-01 12:02 - 00631728 _____ (ClickMeIn Limited) C:\Users\Elaine\AppData\Local\nsc28A8.tmp
2014-09-01 11:41 - 2014-09-04 13:36 - 00000318 _____ () C:\Users\Elaine\AppData\Roaming\aps.uninstall.scan.results
2014-09-01 11:41 - 2014-09-01 11:41 - 00575544 _____ (ClickMeIn Limited) C:\Users\Elaine\AppData\Local\nspCE08.tmp
2014-09-01 11:40 - 2014-09-04 10:05 - 00000000 ____D () C:\Program Files\System Optimizer Pro
2014-09-01 11:39 - 2014-09-04 10:06 - 00000000 ____D () C:\Program Files\V-bates
2014-09-01 11:37 - 2014-08-30 04:19 - 00052360 _____ (StdLib) C:\windows\system32\Drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}w.sys
2014-09-01 11:33 - 2014-09-04 18:46 - 00000000 ____D () C:\Users\Elaine\AppData\Local\fst_us_235
2014-09-01 11:33 - 2014-09-04 18:28 - 00000000 ____D () C:\Program Files\fst_us_235
2014-09-01 11:33 - 2014-09-04 15:49 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-01 11:33 - 2014-09-01 11:33 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-09-01 11:32 - 2014-09-04 15:15 - 00000000 ____D () C:\Program Files\App Bud
2014-09-01 11:32 - 2014-09-04 10:04 - 00000000 ____D () C:\ProgramData\COMODO
2014-09-01 11:32 - 2014-09-04 10:04 - 00000000 ____D () C:\Program Files\COMODO
2014-09-01 11:31 - 2014-09-04 15:41 - 00000000 ____D () C:\Users\Elaine\AppData\Roaming\Systweak
2014-09-01 11:31 - 2014-08-05 19:14 - 00018280 _____ () C:\windows\system32\roboot.exe
2014-09-01 11:14 - 2014-09-04 13:44 - 00000000 ____D () C:\Users\Elaine\Documents\Business-in-a-Box Files
2014-09-01 10:43 - 2014-09-04 16:49 - 00000000 ____D () C:\Program Files\globalUpdate
2014-09-01 10:43 - 2014-09-01 10:43 - 00000000 ____D () C:\Users\Elaine\AppData\Local\globalUpdate
2014-09-01 10:42 - 2014-09-04 15:42 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-09-01 10:42 - 2014-09-01 10:42 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-09-01 10:41 - 2014-09-01 10:41 - 00000000 ____D () C:\Users\Elaine\AppData\Local\CrashRpt
2014-08-30 20:33 - 2014-08-30 20:34 - 00000000 ____D () C:\Users\Elaine\AppData\Local\iWesoft
2014-08-30 20:26 - 2014-08-29 18:08 - 00052416 _____ (StdLib) C:\windows\system32\Drivers\{fe651286-52a1-461b-a17a-f258b4b81968}w.sys
2014-08-30 20:25 - 2014-08-30 20:25 - 00000000 ____D () C:\Program Files\Instagram Downloader
2014-08-30 20:21 - 2014-08-30 20:21 - 03998208 _____ (iWesoft) C:\Users\Elaine\Downloads\InstagramDownloader_setup.exe
2014-08-30 20:20 - 2014-09-04 15:44 - 00000000 ____D () C:\Program Files\neurowise
2014-08-30 20:20 - 2014-08-30 20:20 - 00000000 ____D () C:\Users\Elaine\AppData\Local\SearchProtect
2014-08-30 20:19 - 2014-09-04 10:04 - 00000000 ____D () C:\Program Files\SearchProtect
2014-08-27 13:36 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-27 13:36 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-26 11:11 - 2014-08-26 11:11 - 00000000 ____D () C:\Users\Elaine\AppData\Local\Adobe
2014-08-21 11:54 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-21 11:54 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-21 11:54 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-21 11:54 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-21 11:54 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-21 11:54 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-21 11:54 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-21 11:53 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-21 11:53 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-20 10:55 - 2014-08-20 10:55 - 00001724 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-20 10:55 - 2014-08-20 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-20 10:54 - 2014-08-20 10:55 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-20 10:54 - 2014-08-20 10:55 - 00000000 ____D () C:\Program Files\iTunes
2014-08-20 10:54 - 2014-08-20 10:54 - 00000000 ____D () C:\Program Files\iPod
2014-08-20 10:11 - 2014-08-20 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-13 22:42 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-13 22:42 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-13 22:42 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-13 22:42 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-13 08:12 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-13 08:12 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-13 08:12 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-13 08:12 - 2014-07-25 09:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-13 08:12 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-13 08:12 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-13 08:12 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-13 08:12 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-13 08:12 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-13 08:12 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-13 08:12 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-13 08:12 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-13 08:12 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-13 08:12 - 2014-07-25 08:10 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-13 08:12 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-13 08:12 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-13 08:12 - 2014-07-25 07:59 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-13 08:12 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-13 08:12 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 08:12 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-13 08:12 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-13 08:12 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-13 08:12 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-13 08:12 - 2014-07-25 07:09 - 00663040 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-13 08:12 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-13 08:12 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-13 08:12 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-13 08:12 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-13 08:12 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-13 08:12 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-13 08:12 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-13 08:12 - 2014-07-13 21:42 - 00654336 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-13 08:12 - 2014-06-15 21:44 - 00730048 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-13 08:12 - 2014-06-15 21:44 - 00219072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-08-13 08:12 - 2014-06-15 21:40 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2014-08-13 08:11 - 2014-08-06 21:43 - 00412160 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-13 08:11 - 2014-08-06 21:39 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-13 08:11 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-13 08:11 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-13 08:11 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-13 08:11 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-13 08:11 - 2014-07-08 21:29 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-13 08:11 - 2014-07-08 18:30 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-13 08:11 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-13 08:11 - 2014-06-03 05:30 - 00101824 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-13 08:11 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-13 08:11 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-13 08:11 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-06 12:48 - 2014-08-08 11:36 - 00000504 _____ () C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Start Menu\Electronics, Cars, Fashion, Collectibles, Coupons and More  eBay.website
2014-08-06 11:30 - 2014-08-06 18:45 - 00013312 _____ () C:\Users\Elaine\Documents\new invoice 8 14 A to Z.wps
2014-08-06 10:13 - 2014-08-06 10:21 - 00000000 _____ () C:\Users\Elaine\AppData\Roaming\bibstats
2014-08-06 10:12 - 2011-03-21 11:14 - 00080136 _____ () C:\Users\Elaine\Desktop\Licensee Oriented Software License Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00676048 _____ () C:\Users\Elaine\Desktop\Marketing Plan.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00282344 _____ () C:\Users\Elaine\Desktop\Management Audit.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00210648 _____ () C:\Users\Elaine\Desktop\Proposal for Services.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00192712 _____ () C:\Users\Elaine\Desktop\Sales Proposal.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00190184 _____ () C:\Users\Elaine\Desktop\Sublease.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00151248 _____ () C:\Users\Elaine\Desktop\Profit Sharing Plan.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00148216 _____ () C:\Users\Elaine\Desktop\Lease Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00115008 _____ () C:\Users\Elaine\Desktop\Shareholders Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00092960 _____ () C:\Users\Elaine\Desktop\Software Development and Consulting Services Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00090376 _____ () C:\Users\Elaine\Desktop\Service Level Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00086752 _____ () C:\Users\Elaine\Desktop\Partnership Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00077104 _____ () C:\Users\Elaine\Desktop\Minutes of Meeting_Master.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00074000 _____ () C:\Users\Elaine\Desktop\Property Management Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00073008 _____ () C:\Users\Elaine\Desktop\Trademark License Agreement_For Software.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00071392 _____ () C:\Users\Elaine\Desktop\Joint Venture Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00067320 _____ () C:\Users\Elaine\Desktop\Mutual Non-Disclosure Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00065808 _____ () C:\Users\Elaine\Desktop\Stock Subscription Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00064760 _____ () C:\Users\Elaine\Desktop\Sales Agency Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00064712 _____ () C:\Users\Elaine\Desktop\Market Study Outline.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00063232 _____ () C:\Users\Elaine\Desktop\Separation and Release Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00062248 _____ () C:\Users\Elaine\Desktop\Web Content Partnership Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00062216 _____ () C:\Users\Elaine\Desktop\Website Linking Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00050408 _____ () C:\Users\Elaine\Desktop\Mortgage.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00043296 _____ () C:\Users\Elaine\Desktop\Press Release_Company Has Reached a Milestone.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00043288 _____ () C:\Users\Elaine\Desktop\Telecommuting Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00042760 _____ () C:\Users\Elaine\Desktop\Stock Purchase Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00042200 _____ () C:\Users\Elaine\Desktop\Term Sheet.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00041200 _____ () C:\Users\Elaine\Desktop\Subcontract Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00039176 _____ () C:\Users\Elaine\Desktop\Promissory Note.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00038640 _____ () C:\Users\Elaine\Desktop\Loan Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00036064 _____ () C:\Users\Elaine\Desktop\Wire Transfer Instructions Form.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00035040 _____ () C:\Users\Elaine\Desktop\Request Bank to Stop-Payment.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00034048 _____ () C:\Users\Elaine\Desktop\Visitors Non-Disclosure Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00034024 _____ () C:\Users\Elaine\Desktop\Severance Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00033608 _____ () C:\Users\Elaine\Desktop\Pre-Incorporation Agreement.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00033520 _____ () C:\Users\Elaine\Desktop\Request for Reference.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00033048 _____ () C:\Users\Elaine\Desktop\Revocation of Guaranty.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00033040 _____ () C:\Users\Elaine\Desktop\Personal Recommendation and Reference.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00031984 _____ () C:\Users\Elaine\Desktop\Request for Proposal.btd
2014-08-06 10:12 - 2010-04-30 11:35 - 00029920 _____ () C:\Users\Elaine\Desktop\Retainer for Attorney.btd
2014-08-05 20:36 - 2014-08-07 16:33 - 00000416 _____ () C:\Users\Elaine\AppData\Roaming\wklnhst.dat
2014-08-05 20:36 - 2014-08-06 09:41 - 00000000 ____D () C:\Users\Elaine\AppData\Roaming\Template
2014-08-05 20:23 - 2014-08-05 20:23 - 00046122 _____ () C:\Users\Elaine\Downloads\TS010377326.dotx
2014-08-05 20:23 - 2014-08-05 20:23 - 00046122 _____ () C:\Users\Elaine\Downloads\TS010377326 (1).dotx
2014-08-05 15:56 - 2014-08-05 15:56 - 31891592 _____ (Microsoft Corporation) C:\Users\Elaine\Downloads\EIE11_EN-US_MSN_WIN7 (2).EXE
2014-08-05 15:56 - 2014-08-05 15:56 - 31891592 _____ (Microsoft Corporation) C:\Users\Elaine\Downloads\EIE11_EN-US_MSN_WIN7 (1).EXE
2014-08-05 15:55 - 2014-08-05 15:56 - 31891592 _____ (Microsoft Corporation) C:\Users\Elaine\Downloads\EIE11_EN-US_MSN_WIN7.EXE
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 19:01 - 2014-09-04 18:58 - 00000000 ____D () C:\FRST
2014-09-04 18:57 - 2014-09-04 18:57 - 01096704 _____ (Farbar) C:\Users\Elaine\Downloads\FRST.exe
2014-09-04 18:56 - 2010-02-05 19:34 - 00000000 ____D () C:\Users\Elaine\AppData\Local\CrashDumps
2014-09-04 18:50 - 2009-07-14 00:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 18:50 - 2009-07-14 00:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 18:46 - 2014-09-01 11:33 - 00000000 ____D () C:\Users\Elaine\AppData\Local\fst_us_235
2014-09-04 18:46 - 2009-11-19 21:23 - 01414064 _____ () C:\windows\WindowsUpdate.log
2014-09-04 18:46 - 2009-09-03 21:09 - 00879918 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-04 18:42 - 2010-01-31 10:34 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 18:42 - 2009-09-03 21:31 - 01544832 _____ () C:\windows\PFRO.log
2014-09-04 18:42 - 2009-07-14 00:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-04 18:42 - 2009-07-14 00:39 - 00214705 _____ () C:\windows\setupact.log
2014-09-04 18:29 - 2014-01-01 18:29 - 00000306 _____ () C:\windows\Tasks\UpdaterEX.job
2014-09-04 18:28 - 2014-09-01 11:33 - 00000000 ____D () C:\Program Files\fst_us_235
2014-09-04 18:11 - 2010-01-31 10:34 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 18:10 - 2012-04-03 12:43 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 17:55 - 2011-10-14 18:03 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-779674808-260475982-4367784-1001UA.job
2014-09-04 16:49 - 2014-09-01 10:43 - 00000000 ____D () C:\Program Files\globalUpdate
2014-09-04 16:01 - 2010-04-20 17:30 - 00000000 ____D () C:\Program Files\egames
2014-09-04 15:53 - 2014-09-04 13:56 - 00001105 _____ () C:\Users\Elaine\Desktop\Continue Live Installation.lnk
2014-09-04 15:49 - 2014-09-01 11:33 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-04 15:44 - 2014-08-30 20:20 - 00000000 ____D () C:\Program Files\neurowise
2014-09-04 15:42 - 2014-09-01 10:42 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-09-04 15:42 - 2013-06-08 08:42 - 00001346 _____ () C:\Users\Elaine\Desktop\Internet Explorer.lnk
2014-09-04 15:41 - 2014-09-01 11:31 - 00000000 ____D () C:\Users\Elaine\AppData\Roaming\Systweak
2014-09-04 15:38 - 2014-06-23 14:06 - 00000000 ____D () C:\Users\Elaine\AppData\Roaming\WildTangent
2014-09-04 15:38 - 2014-06-23 14:06 - 00000000 ____D () C:\Program Files\WildTangent Games
2014-09-04 15:38 - 2009-09-03 21:13 - 00000000 ____D () C:\ProgramData\WildTangent
2014-09-04 15:38 - 2009-07-14 00:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-04 15:31 - 2009-07-13 22:04 - 00000601 _____ () C:\windows\win.ini
2014-09-04 15:15 - 2014-09-01 11:32 - 00000000 ____D () C:\Program Files\App Bud
2014-09-04 15:15 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-04 13:52 - 2013-08-19 13:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-04 13:52 - 2009-09-03 21:20 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-04 13:44 - 2014-09-01 11:14 - 00000000 ____D () C:\Users\Elaine\Documents\Business-in-a-Box Files
2014-09-04 13:36 - 2014-09-01 11:41 - 00000318 _____ () C:\Users\Elaine\AppData\Roaming\aps.uninstall.scan.results
2014-09-04 13:24 - 2014-09-04 10:33 - 00000364 _____ () C:\windows\Tasks\APSnotifierPP3.job
2014-09-04 13:24 - 2014-09-04 10:32 - 00000364 _____ () C:\windows\Tasks\APSnotifierPP2.job
2014-09-04 11:16 - 2014-09-04 10:32 - 00000366 _____ () C:\windows\Tasks\APSnotifierPP1.job
2014-09-04 10:34 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\NDF
2014-09-04 10:32 - 2014-09-04 10:32 - 00575544 _____ (ClickMeIn Limited) C:\Users\Elaine\AppData\Local\nseB93.tmp
2014-09-04 10:21 - 2014-09-04 10:20 - 00000000 ____D () C:\Users\Elaine\AppData\Local\Astromenda
2014-09-04 10:20 - 2014-09-04 10:20 - 00000000 ____D () C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Astromenda
2014-09-04 10:08 - 2009-12-16 22:42 - 00000000 ____D () C:\Users\Elaine
2014-09-04 10:06 - 2014-09-02 12:40 - 00000000 ____D () C:\Program Files\PennyBee
2014-09-04 10:06 - 2014-09-01 11:39 - 00000000 ____D () C:\Program Files\V-bates
2014-09-04 10:06 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\system32\wfp
2014-09-04 10:05 - 2014-09-02 13:41 - 00000000 ____D () C:\Program Files\Pro PC Cleaner
2014-09-04 10:05 - 2014-09-02 12:41 - 00000000 ___DC () C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756}
2014-09-04 10:05 - 2014-09-01 11:40 - 00000000 ____D () C:\Program Files\System Optimizer Pro
2014-09-04 10:05 - 2013-01-03 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerClaim
2014-09-04 10:05 - 2012-02-22 11:24 - 00000000 ____D () C:\Program Files\Conduit
2014-09-04 10:05 - 2011-11-30 13:18 - 00000000 ____D () C:\Users\Elaine\AppData\Local\Conduit
2014-09-04 10:05 - 2010-02-23 19:08 - 00000000 ____D () C:\Users\Guest
2014-09-04 10:05 - 2009-11-19 21:27 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-09-04 10:04 - 2014-09-01 11:32 - 00000000 ____D () C:\ProgramData\COMODO
2014-09-04 10:04 - 2014-09-01 11:32 - 00000000 ____D () C:\Program Files\COMODO
2014-09-04 10:04 - 2014-08-30 20:19 - 00000000 ____D () C:\Program Files\SearchProtect
2014-09-04 10:04 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\registration
2014-09-04 09:28 - 2014-09-02 13:42 - 00000000 ____D () C:\Users\Elaine\Documents\ProPCCleaner
2014-09-03 23:04 - 2014-09-03 23:04 - 00000000 ____D () C:\Program Files\predm
2014-09-02 15:16 - 2014-09-02 15:15 - 00000000 ____D () C:\Users\Elaine\AppData\Local\Smartbar
2014-09-02 14:49 - 2014-09-02 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
2014-09-02 13:40 - 2014-09-02 13:40 - 00000000 ____D () C:\Users\Elaine\AppData\Roaming\Pro PC Cleaner
2014-09-02 12:45 - 2014-09-02 12:45 - 00000000 ____D () C:\Users\Elaine\AppData\Local\IsolatedStorage
2014-09-02 12:43 - 2014-09-02 12:43 - 00000000 ____D () C:\Program Files\Earth Networks
2014-09-01 12:02 - 2014-09-01 12:02 - 00631728 _____ (ClickMeIn Limited) C:\Users\Elaine\AppData\Local\nsc28A8.tmp
2014-09-01 11:41 - 2014-09-01 11:41 - 00575544 _____ (ClickMeIn Limited) C:\Users\Elaine\AppData\Local\nspCE08.tmp
2014-09-01 11:33 - 2014-09-01 11:33 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-09-01 10:43 - 2014-09-01 10:43 - 00000000 ____D () C:\Users\Elaine\AppData\Local\globalUpdate
2014-09-01 10:42 - 2014-09-01 10:42 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-09-01 10:41 - 2014-09-01 10:41 - 00000000 ____D () C:\Users\Elaine\AppData\Local\CrashRpt
2014-08-30 20:34 - 2014-08-30 20:33 - 00000000 ____D () C:\Users\Elaine\AppData\Local\iWesoft
2014-08-30 20:25 - 2014-08-30 20:25 - 00000000 ____D () C:\Program Files\Instagram Downloader
2014-08-30 20:21 - 2014-08-30 20:21 - 03998208 _____ (iWesoft) C:\Users\Elaine\Downloads\InstagramDownloader_setup.exe
2014-08-30 20:20 - 2014-08-30 20:20 - 00000000 ____D () C:\Users\Elaine\AppData\Local\SearchProtect
2014-08-30 20:19 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\Resources
2014-08-30 04:19 - 2014-09-01 11:37 - 00052360 _____ (StdLib) C:\windows\system32\Drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}w.sys
2014-08-29 20:55 - 2011-10-14 18:03 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-779674808-260475982-4367784-1001Core.job
2014-08-29 18:08 - 2014-08-30 20:26 - 00052416 _____ (StdLib) C:\windows\system32\Drivers\{fe651286-52a1-461b-a17a-f258b4b81968}w.sys
2014-08-28 08:30 - 2009-07-14 00:33 - 00472504 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-26 11:11 - 2014-08-26 11:11 - 00000000 ____D () C:\Users\Elaine\AppData\Local\Adobe
2014-08-24 10:56 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\rescache
2014-08-22 21:46 - 2014-08-27 13:36 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-22 20:42 - 2014-08-27 13:36 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-21 18:07 - 2012-04-03 12:43 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-08-21 18:07 - 2011-06-02 08:28 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-20 10:55 - 2014-08-20 10:55 - 00001724 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-20 10:55 - 2014-08-20 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-20 10:55 - 2014-08-20 10:54 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-20 10:55 - 2014-08-20 10:54 - 00000000 ____D () C:\Program Files\iTunes
2014-08-20 10:54 - 2014-08-20 10:54 - 00000000 ____D () C:\Program Files\iPod
2014-08-20 10:54 - 2010-04-17 17:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-20 10:11 - 2014-08-20 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-14 10:33 - 2009-07-13 22:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-08-14 10:07 - 2014-05-06 19:15 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-13 22:50 - 2013-08-05 22:33 - 00000000 ____D () C:\windows\system32\MRT
2014-08-13 22:50 - 2009-11-19 21:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 22:45 - 2009-12-23 17:15 - 96303304 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-08 23:19 - 2014-01-01 18:29 - 00000000 ____D () C:\Users\Elaine\AppData\Roaming\UpdaterEX
2014-08-08 23:19 - 2013-12-11 15:57 - 00000000 ____D () C:\Program Files\Price Finder
2014-08-08 11:36 - 2014-08-06 12:48 - 00000504 _____ () C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Start Menu\Electronics, Cars, Fashion, Collectibles, Coupons and More  eBay.website
2014-08-07 16:33 - 2014-08-05 20:36 - 00000416 _____ () C:\Users\Elaine\AppData\Roaming\wklnhst.dat
2014-08-07 15:31 - 2011-02-09 22:57 - 00000000 ____D () C:\Users\Elaine\Documents\David
2014-08-06 21:43 - 2014-08-13 08:11 - 00412160 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-06 21:39 - 2014-08-13 08:11 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-06 18:45 - 2014-08-06 11:30 - 00013312 _____ () C:\Users\Elaine\Documents\new invoice 8 14 A to Z.wps
2014-08-06 10:21 - 2014-08-06 10:13 - 00000000 _____ () C:\Users\Elaine\AppData\Roaming\bibstats
2014-08-06 09:41 - 2014-08-05 20:36 - 00000000 ____D () C:\Users\Elaine\AppData\Roaming\Template
2014-08-05 20:23 - 2014-08-05 20:23 - 00046122 _____ () C:\Users\Elaine\Downloads\TS010377326.dotx
2014-08-05 20:23 - 2014-08-05 20:23 - 00046122 _____ () C:\Users\Elaine\Downloads\TS010377326 (1).dotx
2014-08-05 19:14 - 2014-09-01 11:31 - 00018280 _____ () C:\windows\system32\roboot.exe
2014-08-05 16:17 - 2013-01-04 18:04 - 00002127 _____ () C:\windows\epplauncher.mif
2014-08-05 16:14 - 2014-06-23 14:01 - 00000000 ____D () C:\Program Files\DriverUpdate
2014-08-05 16:05 - 2014-06-23 14:01 - 00013464 _____ () C:\windows\system32\Drivers\SWDUMon.sys
2014-08-05 16:02 - 2013-11-12 23:33 - 00016283 _____ () C:\windows\IE11_main.log
2014-08-05 15:57 - 2009-09-03 21:12 - 00000000 ___HD () C:\windows\msdownld.tmp
2014-08-05 15:56 - 2014-08-05 15:56 - 31891592 _____ (Microsoft Corporation) C:\Users\Elaine\Downloads\EIE11_EN-US_MSN_WIN7 (2).EXE
2014-08-05 15:56 - 2014-08-05 15:56 - 31891592 _____ (Microsoft Corporation) C:\Users\Elaine\Downloads\EIE11_EN-US_MSN_WIN7 (1).EXE
2014-08-05 15:56 - 2014-08-05 15:55 - 31891592 _____ (Microsoft Corporation) C:\Users\Elaine\Downloads\EIE11_EN-US_MSN_WIN7.EXE
 
Some content of TEMP:
====================
C:\Users\Elaine\AppData\Local\Temp\BackupSetup.exe
C:\Users\Elaine\AppData\Local\Temp\CloudBackup8956.exe
C:\Users\Elaine\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Elaine\AppData\Local\Temp\optprosetup.exe
C:\Users\Elaine\AppData\Local\Temp\post1.exe
C:\Users\Elaine\AppData\Local\Temp\post2.dll
C:\Users\Elaine\AppData\Local\Temp\post2.exe
C:\Users\Elaine\AppData\Local\Temp\tu17p84.exe
C:\Users\Guest\AppData\Local\Temp\4rnkkejb.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 13:59
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

 

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Make sure you have created a restore point and.....
bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ============================

    Please uninstall this from you Programs and Features: (if possible)
    CouponXplorer Internet Explorer Toolbar


    ===========================

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
    Run FRST.exe/FRST64.exe and click Fix only once and wait
    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ===========================

    Please download AdwCleaner from HERE or HERE to your desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........

    Please run a Threat Scan
    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
    Same for PUM (Potentially Unwanted Modifications)
    Quarantine All that's found

    MrC
Link to post
Share on other sites

 Created a restore point, - couldn't remove coupon explorer, seemed to switch items as I hit uninstall.

I don't consider myself a stupid person or completely computer illeterate but you lost me after a few sentences beyond remove coupon explorer.  I tried to print out the directions but that didn't work, I can't seem to save anything on the desktop.  There are so many open pages it's hard to keep track of where everything is while folowing directions!!!

Link to post
Share on other sites

If I try to open email it takes a long time.  when the message pane finaly does open, clicking on any link in email from you gets me to a box titled   "locate link browser".

 

I got to you here by going through Google with the links in the last email you sent only I eliminated some wording at the end.

 

I tried to follow directions from you that we printed out but I couldn't save any documents because I couldn't locate my Microsoft CD to authenticate ownership of Office 2007 which we do have someplace?.

I ran the software links you told her to run but couldn't save logs to a document.  I did have my previous CD of Office 2003 so I am using that now but I don't have the log s you want.

Astromenda is not in the list of programs if I open Control Panel and check to see uninstall programs.

Link to post
Share on other sites

These are all your restore points:
 

01-09-2014 14:10:42 Windows Update
01-09-2014 15:37:56 RCP Mon, Sep 01, 14 11:37
04-09-2014 14:01:13 Restore Operation
04-09-2014 14:18:22 Windows Update
04-09-2014 17:50:33 Windows Live Essentials
04-09-2014 17:50:54 WLSetup
04-09-2014 19:59:38 Removed GeekBuddy.
04-09-2014 20:03:35 Removed Bonjour
05-09-2014 16:16:37 MalwareBytes restorepoint

08-09-2014 08:10:30 Windows Update <------this one sounds the best as long as it's before the problem started

09-09-2014 03:01:27 Removed Microsoft Office Home and Student 2007
09-09-2014 12:27:22 Removed Microsoft Office Professional Edition 2003
09-09-2014 12:37:21 Removed Compatibility Pack for the 2007 Office system
09-09-2014 12:49:31 Installed Microsoft Office 2003 Web Components
09-09-2014 16:02:27 Checkpoint by HitmanPro
09-09-2014 16:04:00 Checkpoint by HitmanPro

 

 

Let me know...MrC

Link to post
Share on other sites

See if you can do this:

Download and run rkill (post the log):

http://www.bleepingcomputer.com/download/rkill/dl/132/

Post the log

======================

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.