[DailyDose]

I finally upgraded to Windows 7 from XP and did a fresh install. As I was reinstalling a bunch of programs, I somehow got something called FunMoods. I've already uninstalled it from the programs & features section & disabled it on firefox. However, it is still shows in any browser I use (firefox, chrome, IE). I have Windows Vista 64bit. I've already run MalwareBytes and it removed a bunch of FunMoods stuff but it's still hanging around. Any help would be greatly appreciated.

Here is the log from MalwareBytes:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.03.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fred Chang :: FREDCHANG-PC [administrator]

8/2/2012 9:27:58 PM
mbam-log-2012-08-02 (21-27-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186475
Time elapsed: 1 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 23
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Fred Chang\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Fred Chang\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Fred Chang\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

(end)

[Advertisements]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please go here and download ERUNT.
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
• Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
• Make sure that at least the first two check boxes are selected.
• Click on OK
• Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

• Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
• Now click on the Search tab.
• Please post the contents of the logfile created in your next post.

Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case should be something like R1.

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• AdwCleaner Log.

[Dakeyras]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please go here and download ERUNT.
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
• Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
• Make sure that at least the first two check boxes are selected.
• Click on OK
• Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

• Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
• Now click on the Search tab.
• Please post the contents of the logfile created in your next post.

Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case should be something like R1.

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• AdwCleaner Log.

[DailyDose]

The computer seems to be fine. Better than it was before. When I search through google (in Chrome) it no longer shows that it's searching through FunMoods. However, in Firefox it still shows FunMoods when searching from google.

Also, I wasn't supposed to click on delete after I ran the search in AdwCleaner was I? When I exited the program it mentioned that non of the found items were removed unless I clicked delete. Just curious. I did not press delete since you did not mention to do so.

Here is the log from the AdwClearner:

# AdwCleaner v1.608 - Logfile created 08/03/2012 at 15:40:34
# Updated 27/05/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Fred Chang - FREDCHANG-PC
# Running from : C:\Users\Fred Chang\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Fred Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Found : C:\Users\Fred Chang\AppData\Roaming\Mozilla\Firefox\Profiles\1bukvxvz.default\extensions\staged
File Found : C:\Users\Fred Chang\AppData\Local\funmoods-speeddial.crx

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\S
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtD0DyEyDtDyE0F0BtAzz0DtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2020235157

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Fred Chang\AppData\Roaming\Mozilla\Firefox\Profiles\1bukvxvz.default\prefs.js

Found : user_pref("extensions.funmoods.aflt", "axl");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Found : user_pref("extensions.funmoods.cntry", "US");
Found : user_pref("extensions.funmoods.cv", "cv5");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dfltlng", "en");
Found : user_pref("extensions.funmoods.dfltsrch", "false");
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "C6F298CE96BC9D01F6A23AD4667EA07D");
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2[...]
Found : user_pref("extensions.funmoods.hrdid", "001FD0D4504FB38D");
Found : user_pref("extensions.funmoods.id", "001FD0D4504FB38D");
Found : user_pref("extensions.funmoods.instlDay", "15554");
Found : user_pref("extensions.funmoods.instlRef", "axl");
Found : user_pref("extensions.funmoods.instlday", "15554");
Found : user_pref("extensions.funmoods.instlref", "axl");

Edited by DailyDose, 03 August 2012 - 05:06 PM.

[Dakeyras]

Hi.

The computer seems to be fine. Better than it was before. When I search through google (in Chrome) it no longer shows that it's searching through FunMoods. However, in Firefox it still shows FunMoods when searching from google.

OK.

Also, I wasn't supposed to click on delete after I ran the search in AdwCleaner was I? When I exited the program it mentioned that non of the found items were removed unless I clicked delete. Just curious. I did not press delete since you did not mention to do so.

Correct, reason I advise a first run with search only is so I can review the results and double check all is malicious etc. Anyway lets proceed as follows shall we...

Re-scan with AdwCleaner:

• Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
• Now click on the Delete tab.
• Reboot(restart) your machine if not prompted to do so after the scan(delete) is complete.

Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case should be something like R2.

Next:

Post the new AdwCleaner log in your next reply, provide a quick update as in any further issues etc and we will go from there, thank you.

[DailyDose]

From IE and Chrome if I do a search from the main address bar it seems fine. However, in firefox, it still shows funmood when I do a search through the main address bar.

Here is the log after the delete from AdwCleaner:


-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Fred Chang\AppData\Roaming\Mozilla\Firefox\Profiles\1bukvxvz.default\prefs.js

C:\Users\Fred Chang\AppData\Roaming\Mozilla\Firefox\Profiles\1bukvxvz.default\user.js ... Deleted !

Deleted : user_pref("extensions.funmoods.aflt", "axl");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Deleted : user_pref("extensions.funmoods.dfltsrch", "false");
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "C6F298CE96BC9D01F6A23AD4667EA07D");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.funmoods.hrdid", "001FD0D4504FB38D");
Deleted : user_pref("extensions.funmoods.id", "001FD0D4504FB38D");
Deleted : user_pref("extensions.funmoods.instlDay", "15554");
Deleted : user_pref("extensions.funmoods.instlRef", "axl");
Deleted : user_pref("extensions.funmoods.instlday", "15554");
Deleted : user_pref("extensions.funmoods.instlref", "axl");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2219:6:46");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.newtab", true);
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.similarsitesstorage-pid2", "fb5d4ced1e7540e9");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2219:6:46");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2219:6:46");
Deleted : user_pref("extensions.funmoods.xpestat\\xpereportdata", "2-7-2012");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:6:46");

-\\ Google Chrome v21.0.1180.60

File : C:\Users\Fred Chang\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "urls_to_restore_on_startup": [ "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2[...]
Deleted : "name": "Funmoods",
Deleted : "update_url": "hxxp://funmoods.com/public/download/chrome/update.xml",
Deleted : "baseUrl": "hxxp://start.funmoods.com/results.php?",
Deleted : "update_url": "hxxp://update.funmoods.com/speeddial/update.xml?bu=st",
Deleted : "urls_to_restore_on_startup": [ "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L[...]

*************************

AdwCleaner[R1].txt - [9033 octets] - [03/08/2012 15:40:34]
AdwCleaner[R2].txt - [9093 octets] - [03/08/2012 15:44:14]
AdwCleaner[R3].txt - [9153 octets] - [03/08/2012 16:04:29]
AdwCleaner[S1].txt - [8727 octets] - [03/08/2012 16:42:37]

########## EOF - C:\AdwCleaner[S1].txt - [8855 octets] ##########

[Dakeyras]

Hi.

However, in firefox, it still shows funmood when I do a search through the main address bar.

OK we will investigate that. Noticed you appeared to have ran AdwCleaner in search mode more than once, any particular reason as to why? Not a problem I will add, merely curious...

Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate download is here.

• Quit all running programs.
• Right-click on RogueKiller.exe and select Run as Administrator to start the application.
• Let the pre-scan complete, then click on Accept option when the disclaimer window appears.
• Now click on the Scan tab back in the RogueKiller main window.
• The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next reply.

Scan with OTL:

Please download OTL and save it to your desktop.

Alternate downloads are here and here.

• Right-click on OTL.exe and select Run as Administrator to start OTL.
• Ensure Include 64bit Scans is selected.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• RogueKiller Log.
• Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

[DailyDose]

I ended up running AdwCleaner more than once because I wasn't sure if I was following your directions correctly. Overall the computer seems fine, other than the same issue of when you do a search through the main location bar of Firefox it says that its by FunMoods and not google.

Here is the log from RogueKiller:


RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Fred Chang [Admin rights]
Mode: Scan -- Date: 08/04/2012 14:48:25

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST1000DM005 HD103SJ ATA Device +++++
--- User ---
[MBR] 7c25771fac2b79c64a12fdc1d205afe9
[BSP] c3f21cd89088fbc18f76d4c6ff714afe : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

[DailyDose]

Here is the log from OTL.txt:


OTL logfile created on: 8/4/2012 2:51:57 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Fred Chang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 68.58% Memory free
8.00 Gb Paging File | 6.36 Gb Available in Paging File | 79.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 672.32 Gb Free Space | 72.18% Space Free | Partition Type: NTFS

Computer Name: FREDCHANG-PC | User Name: Fred Chang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Fred Chang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Fred Chang\Desktop\RogueKiller.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Users\Fred Chang\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Users\Fred Chang\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Fred Chang\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll ()
MOD - C:\Users\Fred Chang\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll ()
MOD - C:\Users\Fred Chang\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll ()
MOD - C:\Users\Fred Chang\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater12.1.5) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...B&cr=2020235157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...B&cr=2020235157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...B&cr=2020235157
IE - HKLM\..\SearchScopes\{330551F4-EA08-1C00-CA4C-08775372C9E7}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1476969139-465768082-2317167955-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.msn.com/?...=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-1476969139-465768082-2317167955-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-1476969139-465768082-2317167955-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-1476969139-465768082-2317167955-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1476969139-465768082-2317167955-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1476969139-465768082-2317167955-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 A8 5F 71 18 71 CD 01 [binary data]
IE - HKU\S-1-5-21-1476969139-465768082-2317167955-1001\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1476969139-465768082-2317167955-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1476969139-465768082-2317167955-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1476969139-465768082-2317167955-1001\..\SearchScopes\{330551F4-EA08-1C00-CA4C-08775372C9E7}: "URL" = https://isearch.avg....fr&d=2012-08-02 18:53:17&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1476969139-465768082-2317167955-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://start.funmood...B&cr=2020235157
IE - HKU\S-1-5-21-1476969139-465768082-2317167955-1001\..\SearchScopes\{EA5BF67B-4C50-4431-85A7-D0C6BA152CB7}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-1476969139-465768082-2317167955-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..backup.old.browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "about:home"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fred Chang\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fred Chang\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/02 18:52:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/08/02 18:53:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012/08/03 02:53:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/03 19:05:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/03 19:01:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/03 19:07:28 | 000,000,000 | ---D | M]

[2012/08/02 19:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fred Chang\AppData\Roaming\Mozilla\Extensions
[2012/08/03 19:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fred Chang\AppData\Roaming\Mozilla\Firefox\Profiles\1bukvxvz.default\extensions
[2012/08/03 19:02:35 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Fred Chang\AppData\Roaming\Mozilla\Firefox\Profiles\1bukvxvz.default\extensions\[email protected]
[2012/08/03 02:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fred Chang\AppData\Roaming\Mozilla\Firefox\Profiles\1bukvxvz.default\extensions\trash
[2012/08/02 21:06:59 | 000,002,331 | ---- | M] () -- C:\Users\Fred Chang\AppData\Roaming\Mozilla\Firefox\Profiles\1bukvxvz.default\searchplugins\Search.xml
[2012/08/02 18:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/03 19:05:52 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/08/03 02:53:32 | 000,000,000 | ---D | M] (Logitech Flow Scroll) -- C:\PROGRAM FILES\LOGITECH\FLOWSCROLL\LOGISMOOTHFIREFOXEXT
[2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/02 18:53:07 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fred Chang\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fred Chang\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fred Chang\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fred Chang\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Fred Chang\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: AVG Secure Search = C:\Users\Fred Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.1.0.21_0\
CHR - Extension: Logitech Flow Scroll = C:\Users\Fred Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi\4.0.33_0\
CHR - Extension: Google Mail Checker = C:\Users\Fred Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Yontoo = C:\Users\Fred Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Fred Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Fred Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LogiScrollApp] C:\Program Files\Logitech\FlowScroll\KhalScroll.exe (Logitech, Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1476969139-465768082-2317167955-1001..\Run: [googletalk] C:\Users\Fred Chang\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Fred Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2736DD41-2E3E-4602-846F-97B578080F59}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 14:49:33 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Fred Chang\Desktop\OTL.exe
[2012/08/04 14:47:40 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\Desktop\RK_Quarantine
[2012/08/03 22:52:57 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\Apple Computer
[2012/08/03 22:37:17 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\RCM Preferences
[2012/08/03 22:37:12 | 004,378,624 | ---- | C] (ClearVision Technologies, Inc.) -- C:\Users\Fred Chang\Desktop\RCM5.exe
[2012/08/03 19:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/08/03 19:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/08/03 19:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/03 19:06:36 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Local\DDMSettings
[2012/08/03 19:05:45 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\DivX
[2012/08/03 19:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/08/03 19:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/08/03 19:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/08/03 19:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/08/03 19:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012/08/03 19:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/08/03 19:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/08/03 19:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/03 19:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/08/03 19:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/08/03 19:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/08/03 19:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/08/03 19:00:37 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Local\Apple
[2012/08/03 19:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/08/03 19:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/08/03 18:58:34 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\WinRAR
[2012/08/03 18:58:34 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/03 18:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/03 18:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/08/03 18:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/03 18:54:58 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012/08/03 18:54:58 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2012/08/03 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/08/03 18:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/08/03 18:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/08/03 16:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/08/03 16:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/08/03 16:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/08/03 16:00:18 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/08/03 16:00:18 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/08/03 16:00:17 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/08/03 16:00:17 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/08/03 16:00:17 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/08/03 16:00:17 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/08/03 16:00:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/08/03 16:00:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/08/03 16:00:17 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/08/03 15:38:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/03 15:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/03 15:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/08/03 03:02:40 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\vlc
[2012/08/03 02:46:50 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Local\Logishrd
[2012/08/03 02:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/08/03 02:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012/08/03 02:42:32 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\Leadertech
[2012/08/03 02:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012/08/03 02:42:22 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012/08/03 02:42:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2012/08/03 02:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/08/03 02:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2012/08/03 02:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012/08/03 02:40:40 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\Logitech
[2012/08/03 02:40:40 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\Logishrd
[2012/08/02 22:17:25 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
[2012/08/02 22:17:23 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\Google
[2012/08/02 21:27:40 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\Malwarebytes
[2012/08/02 21:27:33 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/02 21:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/02 21:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/02 21:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/02 21:20:34 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\Macromedia
[2012/08/02 21:20:34 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Local\Macromedia
[2012/08/02 21:20:34 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\Adobe
[2012/08/02 21:18:52 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/02 21:18:52 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/02 21:18:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/08/02 21:18:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/08/02 20:30:21 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\stickies
[2012/08/02 20:13:17 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\Documents\Wittmann
[2012/08/02 20:11:26 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\Documents\HTC Sensation
[2012/08/02 20:10:35 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\Documents\usb backup
[2012/08/02 20:10:35 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\Documents\SMSBackupRestore
[2012/08/02 20:10:16 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\Documents\Sandisk Backup
[2012/08/02 20:09:05 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\Documents\Mytouch
[2012/08/02 19:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/08/02 19:45:05 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\ATI
[2012/08/02 19:45:05 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Local\ATI
[2012/08/02 19:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/08/02 19:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/08/02 19:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/08/02 19:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/08/02 19:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/08/02 19:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/08/02 19:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/08/02 19:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/08/02 19:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/08/02 19:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/08/02 19:42:03 | 000,000,000 | ---D | C] -- C:\AMD
[2012/08/02 19:36:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/08/02 19:36:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/08/02 19:35:58 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/08/02 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/08/02 19:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/08/02 19:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/08/02 19:05:02 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/08/02 19:05:01 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/08/02 19:05:01 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/08/02 19:03:02 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/08/02 19:03:02 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/08/02 19:02:46 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/08/02 19:02:45 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/08/02 19:02:45 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/08/02 19:02:45 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/08/02 19:02:45 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/08/02 19:02:44 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/08/02 19:02:44 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/08/02 19:02:44 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/08/02 19:02:44 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/08/02 19:02:39 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/08/02 19:02:39 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/08/02 19:02:39 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/08/02 19:02:39 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/08/02 19:02:39 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/08/02 19:02:39 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/08/02 19:02:39 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/08/02 19:02:39 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/08/02 19:02:39 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/08/02 19:02:39 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/08/02 19:02:39 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/08/02 19:02:39 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/08/02 19:02:39 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/08/02 19:02:38 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/08/02 19:02:38 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/08/02 19:02:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/08/02 19:02:38 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/08/02 19:02:38 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/08/02 19:02:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/08/02 19:02:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/08/02 19:02:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/08/02 19:02:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/08/02 19:02:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/08/02 19:02:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/08/02 19:02:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/08/02 19:02:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/08/02 19:02:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/08/02 19:02:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/08/02 19:02:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/08/02 19:02:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/08/02 19:02:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/08/02 19:02:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/08/02 19:02:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/08/02 19:02:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/08/02 19:02:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/08/02 19:02:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/08/02 19:02:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/08/02 19:02:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/08/02 19:02:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/08/02 19:02:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/08/02 19:02:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/08/02 19:02:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/08/02 19:02:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/08/02 19:02:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/08/02 19:02:36 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/08/02 19:02:33 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/08/02 19:02:33 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/08/02 19:02:32 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/08/02 19:02:29 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/08/02 19:02:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/08/02 19:02:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/08/02 19:02:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/08/02 19:02:28 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/08/02 19:02:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/08/02 19:02:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/08/02 19:02:27 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/08/02 19:02:27 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/08/02 19:02:26 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/08/02 19:02:26 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/08/02 19:02:26 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/08/02 19:02:25 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/08/02 19:02:25 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/08/02 19:02:24 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/08/02 19:02:24 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/08/02 19:02:24 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/08/02 19:02:24 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/08/02 19:02:24 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/08/02 19:02:24 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/08/02 19:02:24 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/08/02 19:02:24 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/08/02 19:02:24 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/08/02 19:02:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/08/02 19:02:24 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/08/02 19:02:24 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/08/02 19:02:24 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/08/02 19:02:21 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/08/02 19:02:21 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/08/02 19:02:19 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/08/02 19:02:19 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/08/02 19:02:18 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/08/02 19:02:17 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/08/02 19:02:17 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/08/02 19:02:17 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/08/02 19:02:17 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/08/02 19:02:14 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/08/02 19:02:14 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/08/02 19:02:14 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/08/02 19:02:14 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/08/02 19:02:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/08/02 19:02:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/08/02 19:02:14 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/08/02 19:02:14 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/08/02 19:02:14 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/08/02 19:02:14 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/08/02 19:02:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/08/02 19:02:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/08/02 19:02:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/08/02 19:02:12 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/08/02 19:02:12 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/08/02 19:02:12 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/08/02 19:02:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/08/02 19:02:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/08/02 19:02:11 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/08/02 19:02:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/08/02 19:02:11 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/08/02 19:02:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/08/02 19:02:10 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/08/02 19:02:10 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/08/02 19:02:10 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/08/02 19:02:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/08/02 19:02:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/08/02 19:02:06 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/08/02 19:02:06 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/08/02 19:02:01 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/08/02 19:01:59 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/08/02 19:01:58 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/08/02 19:01:41 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/08/02 19:01:41 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/08/02 18:57:34 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/08/02 18:57:34 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/08/02 18:57:25 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/08/02 18:57:25 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/08/02 18:57:23 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/08/02 18:56:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/08/02 18:56:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/08/02 18:53:51 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\AVG2012
[2012/08/02 18:53:33 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Local\AVG Secure Search
[2012/08/02 18:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/02 18:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/08/02 18:53:12 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/08/02 18:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/08/02 18:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/08/02 18:52:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/08/02 18:52:21 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/08/02 18:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/02 18:52:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/08/02 18:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/08/02 18:45:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/08/02 18:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/02 18:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/08/02 18:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/02 18:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/02 18:44:35 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/02 18:44:35 | 000,687,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/08/02 18:44:35 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/02 18:44:26 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/02 18:44:26 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/02 18:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/08/02 18:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/02 18:42:58 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\Mozilla
[2012/08/02 18:42:58 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Local\Mozilla
[2012/08/02 18:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/02 18:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/02 18:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/02 18:42:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/08/02 18:42:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/08/02 18:42:22 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/02 18:42:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/02 18:42:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/02 18:42:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/02 18:42:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/02 18:42:22 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/02 18:42:22 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/02 18:42:22 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/08/02 18:42:22 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/08/02 18:42:22 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/08/02 18:42:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/08/02 18:42:22 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/08/02 18:42:22 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/08/02 18:42:22 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/08/02 18:42:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/02 18:42:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/02 18:42:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/02 18:42:22 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/08/02 18:42:22 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/08/02 18:42:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/08/02 18:42:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/02 18:42:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/02 18:42:22 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/08/02 18:42:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/08/02 18:42:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/08/02 18:42:22 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/08/02 18:42:22 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/08/02 18:42:22 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/08/02 18:42:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/08/02 18:42:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/08/02 18:42:22 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/08/02 18:42:22 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/08/02 18:42:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/02 18:42:22 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/08/02 18:42:22 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/08/02 18:42:22 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/08/02 18:42:22 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/08/02 18:42:22 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/08/02 18:42:22 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/08/02 18:42:22 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/08/02 18:42:22 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/08/02 18:42:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/08/02 18:42:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/02 18:42:22 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/08/02 18:42:22 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/08/02 18:42:22 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/08/02 18:42:22 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/08/02 18:42:22 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/08/02 18:42:22 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/08/02 18:42:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/08/02 18:42:22 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/08/02 18:42:22 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/08/02 18:42:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/08/02 18:42:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/08/02 18:42:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/08/02 18:42:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/02 18:42:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/08/02 18:42:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/08/02 18:42:22 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/08/02 18:42:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/08/02 18:42:22 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/08/02 18:42:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/08/02 18:42:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/08/02 18:42:22 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/08/02 18:42:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/08/02 18:42:22 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/08/02 18:42:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/08/02 18:42:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/08/02 18:42:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/08/02 18:42:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/08/02 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/02 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Local\Google
[2012/08/02 18:40:01 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Local\Apps
[2012/08/02 18:40:00 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Local\Deployment
[2012/08/02 18:38:56 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/08/02 18:37:47 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/08/02 18:37:47 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/08/02 18:35:04 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/08/02 18:35:04 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/08/02 18:35:04 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/08/02 18:34:55 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/08/02 18:34:55 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/08/02 18:34:55 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/08/02 18:34:40 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/08/02 18:34:40 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/08/02 18:34:31 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/02 18:34:31 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\Searches
[2012/08/02 18:34:31 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/02 18:34:31 | 000,000,000 | -H-D | C] -- C:\Users\Fred Chang\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/02 18:34:22 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\Identities
[2012/08/02 18:34:20 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\Contacts
[2012/08/02 18:34:16 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Local\VirtualStore
[2012/08/02 18:34:11 | 000,000,000 | --SD | C] -- C:\Users\Fred Chang\AppData\Roaming\Microsoft
[2012/08/02 18:34:11 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\Videos
[2012/08/02 18:34:11 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\Saved Games
[2012/08/02 18:34:11 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\Pictures
[2012/08/02 18:34:11 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\Music
[2012/08/02 18:34:11 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/02 18:34:11 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\Links
[2012/08/02 18:34:11 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\Favorites
[2012/08/02 18:34:11 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\Downloads
[2012/08/02 18:34:11 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\Documents
[2012/08/02 18:34:11 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\Desktop
[2012/08/02 18:34:11 | 000,000,000 | R--D | C] -- C:\Users\Fred Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\AppData\Local\Temporary Internet Files
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\Templates
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\Start Menu
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\SendTo
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\Recent
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\PrintHood
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\NetHood
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\Documents\My Videos
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\Documents\My Pictures
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\Documents\My Music
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\My Documents
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\Local Settings
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\AppData\Local\History
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\Cookies
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\Application Data
[2012/08/02 18:34:11 | 000,000,000 | -HSD | C] -- C:\Users\Fred Chang\AppData\Local\Application Data
[2012/08/02 18:34:11 | 000,000,000 | -H-D | C] -- C:\Users\Fred Chang\AppData
[2012/08/02 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Local\Temp
[2012/08/02 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Local\Microsoft
[2012/08/02 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\Fred Chang\AppData\Roaming\Media Center Programs
[2012/08/02 18:34:02 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/08/02 18:33:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/08/02 18:26:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/08/02 18:25:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/04 14:50:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1476969139-465768082-2317167955-1001UA.job
[2012/08/04 14:49:37 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Fred Chang\Desktop\OTL.exe
[2012/08/04 14:46:56 | 001,552,896 | ---- | M] () -- C:\Users\Fred Chang\Desktop\RogueKiller.exe
[2012/08/04 14:44:10 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/04 14:44:10 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/04 14:44:10 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/04 14:42:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/08/04 14:09:30 | 102,971,474 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/04 14:03:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/04 14:03:52 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/04 02:50:56 | 000,021,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 02:50:56 | 000,021,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 02:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/03 18:53:23 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/03 18:50:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1476969139-465768082-2317167955-1001Core.job
[2012/08/03 15:40:04 | 000,591,235 | ---- | M] () -- C:\Users\Fred Chang\Desktop\adwcleaner.exe
[2012/08/03 15:38:09 | 000,000,924 | ---- | M] () -- C:\Users\Fred Chang\Desktop\NTREGOPT.lnk
[2012/08/03 15:38:09 | 000,000,905 | ---- | M] () -- C:\Users\Fred Chang\Desktop\ERUNT.lnk
[2012/08/03 02:46:53 | 000,001,354 | ---- | M] () -- C:\Users\Fred Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/08/03 02:42:22 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012/08/03 02:27:40 | 000,003,584 | ---- | M] () -- C:\Users\Fred Chang\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/02 22:03:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/02 22:03:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/02 21:27:33 | 000,001,133 | ---- | M] () -- C:\Users\Fred Chang\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/02 19:29:23 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/02 19:07:18 | 000,033,958 | ---- | M] () -- C:\ProgramData\uninstaller.exe
[2012/08/02 18:53:12 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/08/02 18:52:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/02 18:52:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/02 18:50:44 | 000,001,437 | ---- | M] () -- C:\Users\Fred Chang\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/02 18:44:23 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/02 18:44:23 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/02 18:42:22 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/08/02 18:42:22 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/08/02 18:42:22 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/02 18:42:22 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/02 18:42:22 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/02 18:42:22 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/02 18:42:22 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/02 18:42:22 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/02 18:42:22 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/02 18:42:22 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/08/02 18:42:22 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/08/02 18:42:22 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/08/02 18:42:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/08/02 18:42:22 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/08/02 18:42:22 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/08/02 18:42:22 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/08/02 18:42:22 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/02 18:42:22 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/02 18:42:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/02 18:42:22 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/08/02 18:42:22 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/08/02 18:42:22 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/08/02 18:42:22 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/02 18:42:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/02 18:42:22 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/08/02 18:42:22 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/08/02 18:42:22 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/08/02 18:42:22 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/08/02 18:42:22 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/08/02 18:42:22 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/08/02 18:42:22 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/08/02 18:42:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/08/02 18:42:22 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/08/02 18:42:22 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/08/02 18:42:22 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/02 18:42:22 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/08/02 18:42:22 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/08/02 18:42:22 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/08/02 18:42:22 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/08/02 18:42:22 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/08/02 18:42:22 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/08/02 18:42:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/08/02 18:42:22 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/08/02 18:42:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/08/02 18:42:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/02 18:42:22 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/08/02 18:42:22 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/08/02 18:42:22 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/08/02 18:42:22 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/08/02 18:42:22 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/08/02 18:42:22 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/08/02 18:42:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/08/02 18:42:22 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/08/02 18:42:22 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/08/02 18:42:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/08/02 18:42:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/08/02 18:42:22 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/08/02 18:42:22 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/02 18:42:22 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/02 18:42:22 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/02 18:42:22 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/08/02 18:42:22 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/08/02 18:42:22 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/08/02 18:42:22 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/08/02 18:42:22 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/08/02 18:42:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/08/02 18:42:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/08/02 18:42:22 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/08/02 18:42:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/08/02 18:42:22 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/08/02 18:42:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/08/02 18:42:22 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/08/02 18:42:22 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/08/02 18:42:22 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/08/02 18:28:58 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/08/02 18:28:58 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/08/02 18:27:21 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/07/12 07:29:52 | 004,534,272 | ---- | M] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2012/07/05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/04 14:46:54 | 001,552,896 | ---- | C] () -- C:\Users\Fred Chang\Desktop\RogueKiller.exe
[2012/08/04 14:42:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/08/04 14:09:30 | 102,971,474 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/03 19:07:28 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/03 19:00:37 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/08/03 18:53:23 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/03 15:40:03 | 000,591,235 | ---- | C] () -- C:\Users\Fred Chang\Desktop\adwcleaner.exe
[2012/08/03 15:38:09 | 000,000,924 | ---- | C] () -- C:\Users\Fred Chang\Desktop\NTREGOPT.lnk
[2012/08/03 15:38:09 | 000,000,905 | ---- | C] () -- C:\Users\Fred Chang\Desktop\ERUNT.lnk
[2012/08/03 02:42:32 | 000,001,354 | ---- | C] () -- C:\Users\Fred Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/08/03 02:27:40 | 000,003,584 | ---- | C] () -- C:\Users\Fred Chang\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/02 21:27:33 | 000,001,133 | ---- | C] () -- C:\Users\Fred Chang\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/02 21:18:53 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/02 20:07:16 | 000,120,620 | ---- | C] () -- C:\Users\Fred Chang\Documents\wittmantrackshirtwhite.pdf
[2012/08/02 20:07:11 | 008,396,236 | ---- | C] () -- C:\Users\Fred Chang\Documents\w208.pdf
[2012/08/02 19:07:18 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2012/08/02 18:52:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/02 18:52:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/02 18:42:55 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/02 18:42:22 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/02 18:42:22 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/02 18:40:10 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1476969139-465768082-2317167955-1001UA.job
[2012/08/02 18:40:10 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1476969139-465768082-2317167955-1001Core.job
[2012/08/02 18:36:41 | 000,001,437 | ---- | C] () -- C:\Users\Fred Chang\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/02 18:35:34 | 000,001,409 | ---- | C] () -- C:\Users\Fred Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/08/02 18:35:30 | 000,001,443 | ---- | C] () -- C:\Users\Fred Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/02 18:34:11 | 000,000,290 | ---- | C] () -- C:\Users\Fred Chang\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/02 18:34:11 | 000,000,272 | ---- | C] () -- C:\Users\Fred Chang\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/02 18:28:50 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/08/02 18:28:48 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/08/02 18:27:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/02 18:25:48 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/12 07:29:52 | 004,534,272 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2012/07/03 22:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/03 22:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

< End of report >

[DailyDose]

Here is the log file Extra.txt from the OTL program:


OTL Extras logfile created on: 8/4/2012 2:51:57 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Fred Chang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 68.58% Memory free
8.00 Gb Paging File | 6.36 Gb Available in Paging File | 79.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 672.32 Gb Free Space | 72.18% Space Free | Partition Type: NTFS

Computer Name: FREDCHANG-PC | User Name: Fred Chang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0678075B-5746-456E-BA7F-813A58792A99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0F6A94F9-1293-4277-8C7E-7AE9FE2FD904}" = lport=139 | protocol=6 | dir=in | app=system |
"{2EF3F0C7-FFE5-4651-BE6B-B50F706FEF54}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32A8301D-6BE2-4186-815E-44B518F53C8C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A511AEA-BBC1-422A-8ED8-0BE7320A70EA}" = rport=137 | protocol=17 | dir=out | app=system |
"{417BFBEC-7149-4133-A89F-679449BF6956}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46F9D01A-B56E-47AC-87B2-0596C6F35D40}" = lport=138 | protocol=17 | dir=in | app=system |
"{4C63AB15-8D24-4929-B8F0-A26CD143CBFC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57AD4395-C120-4019-B320-ECE344A62BFE}" = rport=445 | protocol=6 | dir=out | app=system |
"{5DB4D84C-9461-4B5A-87C4-0EAA3C75A267}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5EC8D31C-5465-4942-85FF-4D5CBBCD8BDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6013D490-C95F-4E98-84EA-110B97D01A6F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{628B12DE-AEA8-482B-818D-4C02C7C4A7F2}" = rport=138 | protocol=17 | dir=out | app=system |
"{74498F43-905B-4024-88B6-FEB41F14A159}" = lport=445 | protocol=6 | dir=in | app=system |
"{760E6BC1-52C8-42A7-BD28-4E050A47599C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{804EEABB-5459-4F03-9A61-F11EE04B79CF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96416BAB-0118-4BA1-B16A-FB278D92F203}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9EAC345-7837-4856-9263-7F348976BA9E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC92AB67-1C5B-4AD0-B250-0655C4B5DA7B}" = lport=137 | protocol=17 | dir=in | app=system |
"{EE2A14C2-0785-48F9-B73A-596768447173}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FD8B7ED0-0000-41E2-BDE9-5DB89BBD0759}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C16F8A-9D48-4AE1-8DC8-F6D768E88FFA}" = protocol=58 | dir=out | [email protected],-28546 |
"{0CCFF0D4-4C37-4689-B8B2-EC585E14C093}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{14C2C30D-9C94-465E-BD0D-E0D9FC3204A4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C8904E8-DF0F-4320-A951-313C47102CD1}" = protocol=6 | dir=out | app=system |
"{35CC8FE3-78DB-4D67-BF0C-F2D1E6BC2B57}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37C43290-7520-432A-AC67-501F5274E228}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{3A259333-5724-4E4B-8052-25A373E13C8E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{431BE7CF-C779-4E48-890A-52B6113AB150}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{57351560-EFAD-4F80-B64D-AF006F6D3E4C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{5809D4AB-A98E-462A-B330-A661FDEC6900}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AD40392-17E9-447A-BC39-A83F9BCA499A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{5B421319-9A06-4742-9C2F-A5B633BC2C96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6FBA13B8-05EE-4573-A79A-59048C581B60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{706E0D8E-6DF0-489C-962C-AF0C10B6BBA1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7B2BF8A0-1B5D-44DC-92EC-2F373D5FC5D8}" = protocol=1 | dir=in | [email protected],-28543 |
"{82A906D0-63A8-4F6F-969C-20EC4F83F7FB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{940893D6-754E-4485-842F-18161B074D7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{953BDB48-FC11-4839-B217-B624B0A6B751}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{9C56054A-7E32-4DD8-AD97-03C463A1CB72}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A8D92BE1-8D5E-4D3A-AA42-0D80E334F72E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD34A209-7D7E-46F2-9527-10116AA6B5EA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{BABA188A-B8E0-4FA4-8124-F1353FCD3190}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C1E45D99-11B4-4336-91FE-D30A2AD022EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC6F30FA-4BD9-470C-8B87-52DD554937A8}" = protocol=58 | dir=in | [email protected],-28545 |
"{D4CF7C09-7C1A-4CB5-AD39-CC68017CE1D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D526715E-2601-477A-9413-8A5C993B2B63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E769D420-194F-4EEC-AC83-9A997F466732}" = protocol=1 | dir=out | [email protected],-28544 |
"{F74C5598-4E88-4951-906E-C29AAE8EFA6A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{018F3B17-AF23-809D-3807-25A16563416C}" = AMD Media Foundation Decoders
"{170EF2EC-C6AC-9418-933B-E2215E5ACE62}" = AMD Accelerated Video Transcoding
"{1A2B11DC-654B-0C80-14AA-B980D07257A7}" = ccc-utility64
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{A2A448FD-B078-DBF9-0F3F-AC8A8A4ADDB9}" = AMD Drag and Drop Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E391E2FF-927F-46A6-8466-C688A2FAF1FB}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Sn1" = Logitech Flow Scroll 4.0
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03E1711E-2A57-D826-142F-4D1C8CBB9CE3}" = CCC Help Korean
"{05499036-169E-2DB2-CA6A-921826EDB571}" = CCC Help Hungarian
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1737B9BC-D3B4-D62A-C79F-049D1C14BAC5}" = CCC Help Finnish
"{1C179D24-8307-A87E-5BF2-7F847B5489FB}" = CCC Help Dutch
"{1C961E37-1448-39D0-7A46-BB6BEA266C18}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24E95349-8629-47A0-EB12-9B081EFE4122}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4048B649-4AD0-1C0F-3C0F-09478FE3E4E8}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E47ACA-6672-7A6B-FE18-20E1EA4802E3}" = CCC Help Greek
"{59C7AFEC-E6E0-C99E-31FD-1FCBBFF70393}" = Catalyst Control Center
"{5CA66729-D7A8-428B-21AC-CE78AB6BC83D}" = CCC Help Portuguese
"{604B7475-6B17-D7DF-636D-E1E147349316}" = CCC Help Japanese
"{62460273-C5CA-BEAB-5AEA-360698FCB506}" = CCC Help Czech
"{6D5B770B-9F4B-5D56-C270-196E91C9F0FF}" = CCC Help Danish
"{6E25AE88-7018-022F-508B-80656F538535}" = CCC Help Polish
"{778AA318-7343-B50A-09FE-96BD3FF18501}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{941BF29A-8738-34FB-58AF-116758FA60AB}" = CCC Help Thai
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4D322B-0BE2-F994-701F-8E464029B11A}" = CCC Help Swedish
"{A9FDFB03-82ED-0DCC-6351-A562F184E9ED}" = CCC Help Italian
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B62BA521-B0BB-7215-6467-9EC0A1E61D85}" = Catalyst Control Center Graphics Previews Common
"{B6D49D90-3D8B-F6D4-2009-11AE0E11EBC3}" = CCC Help English
"{BE0BEC1F-C9D6-17D5-075A-53DF0A23C282}" = CCC Help Norwegian
"{BFD7E2D6-B4E1-D425-166E-CF27BBD79C10}" = CCC Help Spanish
"{C04ACDD0-62A7-091E-0B83-4383E7073469}" = CCC Help Turkish
"{C7232E58-FD2F-5EC0-B4FD-2C5FA2DB6BB8}" = CCC Help French
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E661CA41-4846-13AB-5137-25F13F1C5D6B}" = CCC Help Chinese Standard
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{FCB53C89-7998-6782-DA2B-99B49BE8AD96}" = CCC Help German
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DivX Setup" = DivX Setup
"ERUNT_is1" = ERUNT 1.1j
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SpywareBlaster_is1" = SpywareBlaster 4.6
"VLC media player" = VLC media player 2.0.3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1476969139-465768082-2317167955-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/3/2012 12:32:36 AM | Computer Name = FredChang-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/3/2012 1:43:13 AM | Computer Name = FredChang-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/3/2012 6:24:47 PM | Computer Name = FredChang-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/3/2012 7:21:03 PM | Computer Name = FredChang-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 8/3/2012 7:47:50 PM | Computer Name = FredChang-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/3/2012 10:05:28 PM | Computer Name = FredChang-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\DivX\DivX
Transcode Engine\gzHF330.ddc". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/3/2012 10:05:28 PM | Computer Name = FredChang-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\DivX\DivX
Transcode Engine\mtw178.ddc". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/4/2012 1:53:34 AM | Computer Name = FredChang-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/4/2012 5:31:07 AM | Computer Name = FredChang-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b98 Start
Time: 01cd72055a75de20 Termination Time: 60000 Application Path: C:\Windows\Explorer.EXE

Report
Id:

Error - 8/4/2012 5:05:27 PM | Computer Name = FredChang-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/3/2012 2:22:44 AM | Computer Name = FredChang-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 8/3/2012 7:21:23 PM | Computer Name = FredChang-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack
1 Redistributable Package (KB2538243).

Error - 8/3/2012 11:10:04 PM | Computer Name = FredChang-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 8/4/2012 1:58:25 AM | Computer Name = FredChang-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 8/4/2012 1:59:02 AM | Computer Name = FredChang-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/4/2012 3:39:09 AM | Computer Name = FredChang-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/4/2012 3:39:13 AM | Computer Name = FredChang-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/4/2012 5:26:54 AM | Computer Name = FredChang-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/4/2012 5:29:14 AM | Computer Name = FredChang-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 8/4/2012 5:33:42 AM | Computer Name = FredChang-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume F: encountered
a non-retryable error and could not start. The data contains the error code.


< End of report >

[Dakeyras]

Hi.

I ended up running AdwCleaner more than once because I wasn't sure if I was following your directions correctly

Fair play and not a problem as I mentioned prior.

Overall the computer seems fine, other than the same issue of when you do a search through the main location bar of Firefox it says that its by FunMoods and not google.

OK and thanks for the update.

Next:

The advised uninstalltions below highlighted in red are deemed optional/at your own discretion if you wish to keep them installed or not.

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

JavaFX 2.1.1 <-- No need for this unless you do use it to create RIAs(rich Internet applications) that is.
SpywareBlaster 4.6 <-- Your choice to keep or not but no real need since you have IE9 installed and the use of a custom Host File is the better option. Which I will advise about when I give the all clear.
Yontoo <-- Adware related, has undesirable characteristics.

To do so click once on each of the above to highlight and and then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Reset Windows 7 Firewall:

Click on Start(Windows 7 Orb) >> Control Panel >> Windows Firewall

Now click click on Restore defaults >> Restore defaults >> At the prompt click on Yes.

Custom OTL Script:

Note: Part of the custom script below will remove the Windows Sidebar from auto starting. Reason why can be read here.

• Right-click OTL.exe and select Run as Administrator to start the program.
• Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...B&cr=2020235157
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...B&cr=2020235157
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...B&cr=2020235157
IE - HKU\S-1-5-21-1476969139-465768082-2317167955-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://start.funmood...B&cr=2020235157
[2012/08/03 19:02:35 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Fred Chang\AppData\Roaming\Mozilla\Firefox\Profiles\1bukvxvz.default\extensions\[email protected]
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
[2012/08/03 19:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/08/03 19:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands
[ResetHosts]
[EmptyTemp]
[Reboot]

• Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
• Then click the red Run Fix button.
• Let the program run unhindered.
• If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

• Launch the application, Check for Updates >> Perform quick scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• OTL Log from the Custom Script.
• Malwarebytes Anti-Malware Log.

[DailyDose]

The same thing happens in firefox when searching through the main location bar. But like I said before, in IE and Chrome everything seems fine. Maybe I just shouldn't use firefox?

Also, I went ahead and uninstalled JavaFX 2.1.1, SpywareBlaster and Yontoo.

Here is the OTL log from the Custom Script:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1476969139-465768082-2317167955-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Folder C:\Users\Fred Chang\AppData\Roaming\Mozilla\Firefox\Profiles\1bukvxvz.default\extensions\[email protected]\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
File C:\Program Files (x86)\Yontoo\YontooIEClient.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
Folder C:\Program Files (x86)\Yontoo\ not found.
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Cache folder moved successfully.
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96} folder moved successfully.
C:\ProgramData\Tarma Installer folder moved successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Fred Chang\Desktop\cmd.bat deleted successfully.
C:\Users\Fred Chang\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Fred Chang
->Temp folder emptied: 228064638 bytes
->Temporary Internet Files folder emptied: 249066800 bytes
->Java cache emptied: 64532 bytes
->FireFox cache emptied: 55464105 bytes
->Google Chrome cache emptied: 245440460 bytes
->Flash cache emptied: 709 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 114265356 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 851.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 08052012_104605

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
C:\Users\Fred Chang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
[2010/11/20 20:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe : MD5=DCCA4B04AF87E52EF9EAA2190E06CBAC
File C:\Users\Fred Chang\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Here is the malwarebytes log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fred Chang :: FREDCHANG-PC [administrator]

8/5/2012 10:52:15 AM
mbam-log-2012-08-05 (10-52-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187378
Time elapsed: 1 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[DailyDose]

I attached a screenshot to show you what I mean what happens in Firefox just so you could get a better idea of what I'm trying to explain since I'm not sure if I'm explaining it correctly.

Attached Thumbnails

• 

[Dakeyras]

Hi.

Maybe I just shouldn't use firefox?

No need for that...

I attached a screenshot to show you what I mean what happens in Firefox just so you could get a better idea of what I'm trying to explain since I'm not sure if I'm explaining it correctly.

Aye certainly helpful.

Launch FireFox >> now on the extreme right next to the Home-Page button you will see a small search bar named Search >> click on the drop down menu arrow >> Manage Search Engines...

Now click once on Funmoods to highlight >> Remove >> OK >> restart FireFox.

[DailyDose]

Funmoods is not listed to be removed from the list of search engines. The only ones listed are Google, Yahoo, Bing, Amazon, AVG Secure Search, eBay, Search, Twitter and Wikipedia (en)

[Dakeyras]

Hi.

OK lets take a diffrent approach as follows...

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

How to use ComboFix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall and Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any other symptoms and or problems encountered?
• ComboFix Log.