[dsu1979]

I've been the UNlucky chosen candidate of receiving the MBR:Alureon-0 [Rtk].  I have searched online high and low on how to fix it.  So I've taken steps to do the Avast scans as well as Microsoft Safety Scanner.  I am attaching a copy of the aswMBR.txt as well as my disk management.  Can anyone please help me get this off of my ASUS CG1330 desktop?

 

 aswMBR.txt   2.24KB   145 downloads

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-31 04:30:23
-----------------------------
04:30:23.143    OS Version: Windows x64 6.1.7601 Service Pack 1
04:30:23.143    Number of processors: 6 586 0xA00
04:30:23.144    ComputerName: DANA-PC  UserName: Dana
04:30:28.729    Initialize success
04:30:32.201    AVAST engine defs: 14033100
04:30:38.419    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:30:38.421    Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
04:30:38.423    Device \Driver\atapi -> MajorFunction fffffa80082b70a8
04:30:38.447    Disk 0 MBR read successfully
04:30:38.450    Disk 0 MBR scan
04:30:38.453    Disk 0 MBR:Alureon-O [Rtk]
04:30:38.455    Disk 0 TDL4@MBR code has been found
04:30:38.458    Disk 0 MBR hidden
04:30:38.463    Disk 0 Partition 1 80 (A) 0B        FAT32 NTFS        19024 MB offset 2048
04:30:38.480    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       934843 MB offset 38963200
04:30:38.483    Disk 0 MBR [TDL4]  **ROOTKIT**
04:30:38.503    Disk 0 scanning C:\Windows\system32\drivers
04:30:51.828    Service scanning
04:31:02.166    Service MpKslb21f7fbe C:\Windows\Temp\MpKslb21f7fbe.sys **LOCKED** 32
04:31:14.062    Modules scanning
04:31:14.067    Disk 0 trace - called modules:
04:31:14.073    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80082b70a8]<<
04:31:14.078    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079fa060]
04:31:14.082    3 CLASSPNP.SYS[fffff8800184d43f] -> nt!IofCallDriver -> [0xfffffa80079229b0]
04:31:14.087    5 ACPI.sys[fffff88000f827a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079f6060]
04:31:14.092    \Driver\atapi[0xfffffa80082b3060] -> IRP_MJ_CREATE -> 0xfffffa80082b70a8
04:31:17.446    AVAST engine scan C:\Windows
04:31:19.944    AVAST engine scan C:\Windows\system32
04:36:01.310    AVAST engine scan C:\Windows\system32\drivers
04:36:18.817    AVAST engine scan C:\Users\Dana
05:34:09.795    AVAST engine scan C:\ProgramData
05:46:32.475    Scan finished successfully
18:37:06.071    Disk 0 MBR has been saved successfully to "C:\Users\Dana\Desktop\MBR.dat"
18:37:06.075    The log file has been saved successfully to "C:\Users\Dana\Desktop\aswMBR.txt"

 

[Advertisements]

Hello and welcome to Geeks to Go! My nickname is Pystryker , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.

• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  
  
• Please read through my instructions carefully and completely before executing them.
• Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
• Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
• Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
• Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
• Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
• If possible, please have your original Windows installation disks handy, just in case.
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
• Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
• Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hello Let's take a good look at your system and then we can start showing the unwanted guests the door.



Step 1: FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Place a check in the box marked Addition.txt
  
  
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Things I need to see in your next post:


FRST Log

Additions.txt Log

[pystryker]

Hello and welcome to Geeks to Go! My nickname is Pystryker , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.

• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  
  
• Please read through my instructions carefully and completely before executing them.
• Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
• Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
• Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
• Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
• Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
• If possible, please have your original Windows installation disks handy, just in case.
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
• Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
• Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hello Let's take a good look at your system and then we can start showing the unwanted guests the door.



Step 1: FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Place a check in the box marked Addition.txt
  
  
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Things I need to see in your next post:


FRST Log

Additions.txt Log

[dsu1979]

I have performed the scan as requested.  Below are the results of the scan.  As a side note, I have the repair disk I created from my computer, but I do not have an option to reformat the computer to factory settings.  I hope it doesn't come to that!

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Dana (administrator) on DANA-PC on 31-03-2014 20:49:20
Running from C:\Users\Dana\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-07-16] (VIA)
HKLM-x32\...\Run: [RunAIShell] - C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2544664 2014-03-24] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [jswtrayutil] - "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-30] (AVAST Software)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-23] (Microsoft Corporation)
HKU\S-1-5-21-1411355380-1723163232-578121940-1001\...\Run: [DW7] - "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-1411355380-1723163232-578121940-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1411355380-1723163232-578121940-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1411355380-1723163232-578121940-1001\...\MountPoints2: {d1725802-9741-11e2-811a-20cf30b3dce9} - I:\MotoCastSetup.exe -a
HKU\S-1-5-21-1411355380-1723163232-578121940-1001\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1411355380-1723163232-578121940-1001\$a2d8084dc4fd0a56dcb82a0e980e3c62\n. ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
GroupPolicyUsers\S-1-5-21-1411355380-1723163232-578121940-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=sgmao-ie&s_qt=sb&tb_uuid=78147240884843B6B995ABE3B65FCFF9&tb_oid=12-05-2013&tb_mrud=12-05-2013
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_wls&mntrId=A8A220CF30B3DCE9&affID=119351&tsp=4930
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_wls&mntrId=A8A220CF30B3DCE9&affID=119351&tsp=4930
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=sgmao-ie&s_qt=sb&tb_uuid=78147240884843B6B995ABE3B65FCFF9&tb_oid=12-05-2013&tb_mrud=12-05-2013
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={345EEFE3-C4A6-48CB-B886-1EB7AA0FC137}&mid=4ba1fa16b57147d3aacbf1867657351a-2cbe18b840d333e81a7c8dbb65bfbe12f44b7b80&lang=en&ds=AVG&pr=pr&d=2013-07-01 11:56:23&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9D79A799-767C-4D01-8A9D-617E84E58778} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {F919CAC9-7524-4B3A-A335-C1DC7419E64F} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-w3i_defaultsearch&p={searchterms}&type=W3i_DS,136,0_0,Search,20130314,19862,0,18,0
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A8A220CF30B3DCE9&affID=119351&tsp=4930
CHR DefaultNewTabURL:
CHR Extension: (YouTube) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-29]
CHR Extension: (Google Search) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-29]
CHR Extension: (AVG SafeGuard toolbar) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-03-02]
CHR Extension: (Google Wallet) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.2.0.8\avg.crx [2013-06-02]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-30] (AVAST Software)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-24] (AVG Secure Search)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()

==================== Drivers (Whitelisted) ====================

R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-30] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-30] ()
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-24] (AVG Technologies)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254464 2013-01-22] (Jungo)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-31 20:49 - 2014-03-31 20:49 - 00016785 _____ () C:\Users\Dana\Desktop\FRST.txt
2014-03-31 20:48 - 2014-03-31 20:49 - 00000000 ____D () C:\FRST
2014-03-31 20:47 - 2014-03-31 20:47 - 02157056 _____ (Farbar) C:\Users\Dana\Desktop\FRST64.exe
2014-03-31 18:37 - 2014-03-31 18:37 - 00002294 _____ () C:\Users\Dana\Desktop\aswMBR.txt
2014-03-31 03:07 - 2013-12-21 05:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-31 03:07 - 2013-12-21 04:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-30 18:17 - 2014-03-30 18:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-30 18:17 - 2014-03-30 18:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-30 18:04 - 2014-03-30 18:05 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\DropboxMaster
2014-03-30 18:04 - 2014-03-30 18:04 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-30 18:02 - 2014-03-30 18:02 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\AVAST Software
2014-03-30 18:01 - 2014-03-30 18:01 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-30 18:00 - 2014-03-30 18:02 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-30 18:00 - 2014-03-30 17:59 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-30 18:00 - 2014-03-30 17:59 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-30 18:00 - 2014-03-30 17:59 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-30 18:00 - 2014-03-30 17:59 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-30 18:00 - 2014-03-30 17:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-30 17:59 - 2014-03-30 17:59 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-30 17:59 - 2014-03-30 17:59 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-30 17:59 - 2014-03-30 17:59 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-30 17:59 - 2014-03-30 17:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-30 17:59 - 2014-03-30 17:59 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-30 17:57 - 2014-03-30 17:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-30 17:36 - 2014-03-30 17:36 - 611794835 _____ () C:\Windows\MEMORY.DMP
2014-03-30 17:36 - 2014-03-30 17:36 - 00275664 _____ () C:\Windows\Minidump\033014-23649-01.dmp
2014-03-30 10:19 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 10:19 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 10:19 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-30 10:19 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-30 10:19 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-30 10:19 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-30 10:19 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-30 10:19 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-30 10:19 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-30 10:19 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-30 10:19 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-30 10:19 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-30 10:19 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 10:19 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-30 10:19 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-30 10:19 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 10:19 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-30 10:19 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-30 10:19 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-30 10:19 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-30 10:19 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-30 10:19 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-30 10:19 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-30 10:19 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-30 10:19 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-30 10:19 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-30 10:19 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-30 10:19 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-30 10:19 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-30 10:19 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-30 10:19 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-30 10:19 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-30 10:19 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-30 10:19 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-30 10:19 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-30 10:19 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-30 10:19 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-30 10:19 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-30 10:19 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-30 10:19 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-30 10:19 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-30 10:19 - 2013-12-24 18:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-30 10:19 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-30 10:19 - 2013-11-23 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-30 10:19 - 2013-11-23 13:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-30 10:19 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-30 10:18 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-30 10:18 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-29 22:28 - 2014-03-29 22:28 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-03-29 19:02 - 2014-03-29 19:19 - 00000000 ____D () C:\Users\Dana\Desktop\on disk
2014-03-29 18:23 - 2014-03-29 18:23 - 00000000 ____D () C:\5e1876c3cb9b5f12525acddf8e27c2
2014-03-29 18:16 - 2014-03-29 18:16 - 00000000 ____D () C:\Users\Dana\AppData\Local\SearchProtect
2014-03-29 18:16 - 2014-03-29 18:16 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-29 12:29 - 2014-03-29 12:29 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-29 12:28 - 2014-03-29 12:28 - 00000000 ____D () C:\Windows\9B4D16A7393F470C8B9F74AE1EA6C105.TMP
2014-03-29 12:27 - 2014-03-29 12:28 - 00000000 ____D () C:\Program Files (x86)\LeapFrog
2014-03-29 12:27 - 2014-03-29 12:27 - 00000000 ____D () C:\ProgramData\Leapfrog
2014-03-29 11:42 - 2014-03-29 11:42 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\RealNetworks
2014-03-29 11:42 - 2014-03-29 11:42 - 00000000 ____D () C:\Users\Dana\AppData\Local\Real
2014-03-29 11:41 - 2014-03-30 14:03 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-29 11:41 - 2014-03-30 14:03 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-29 11:41 - 2014-03-29 11:47 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Real
2014-03-29 11:41 - 2014-03-29 11:41 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-29 11:39 - 2014-03-30 14:03 - 00000000 ____D () C:\ProgramData\Real
2014-03-29 11:28 - 2014-03-29 11:28 - 00000000 ____D () C:\Users\Dana\AppData\Local\Canon Easy-PhotoPrint EX
2014-03-29 10:40 - 2014-03-30 14:03 - 00000000 ____D () C:\Windows\SysWOW64\cache
2014-03-25 03:46 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-03-25 03:43 - 2014-03-25 03:43 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-25 03:43 - 2014-03-25 03:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-25 03:43 - 2014-03-25 03:43 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-25 03:43 - 2014-03-25 03:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-25 03:43 - 2014-03-25 03:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-25 03:43 - 2014-03-25 03:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-25 03:43 - 2014-03-25 03:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-24 09:58 - 2014-03-24 09:58 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-24 05:38 - 2013-05-10 01:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-03-24 05:38 - 2013-05-10 01:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-03-24 05:38 - 2013-05-10 00:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-03-24 05:38 - 2013-05-10 00:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-03-24 05:31 - 2014-03-25 03:47 - 00014552 _____ () C:\Windows\IE11_main.log
2014-03-24 05:12 - 2014-03-24 05:12 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-24 05:09 - 2014-03-24 05:17 - 00008611 _____ () C:\Windows\IE10_main.log
2014-03-24 04:54 - 2014-03-24 04:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-23 19:46 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-23 19:46 - 2013-10-29 22:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-03-23 19:46 - 2013-10-29 22:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-03-23 19:46 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-03-23 19:46 - 2013-07-12 06:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-03-23 19:46 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-03-23 19:46 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-03-23 19:46 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-03-23 19:45 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-23 19:45 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-23 19:45 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-03-23 19:45 - 2013-12-31 19:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-23 19:45 - 2013-11-26 21:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-23 19:45 - 2013-11-26 21:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-23 19:45 - 2013-11-26 21:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-23 19:45 - 2013-11-26 21:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-23 19:45 - 2013-11-26 21:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-23 19:45 - 2013-11-26 21:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-03-23 19:45 - 2013-11-26 21:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-23 19:45 - 2013-10-18 22:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-23 19:45 - 2013-10-18 21:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-23 19:45 - 2013-10-05 16:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-23 19:45 - 2013-10-05 15:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-23 19:45 - 2013-09-27 21:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-23 19:45 - 2013-09-24 22:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-03-23 19:45 - 2013-09-24 22:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-03-23 19:45 - 2013-09-24 22:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-03-23 19:45 - 2013-09-24 22:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-03-23 19:45 - 2013-09-24 22:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-03-23 19:45 - 2013-09-24 22:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-23 19:45 - 2013-09-24 22:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-03-23 19:45 - 2013-09-24 22:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-03-23 19:45 - 2013-09-24 21:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-03-23 19:45 - 2013-09-24 21:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-23 19:45 - 2013-09-24 21:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-03-23 19:45 - 2013-09-24 21:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-03-23 19:45 - 2013-09-24 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-03-23 19:45 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-03-23 19:45 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-23 19:45 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-23 19:45 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-03-23 19:45 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-03-23 19:45 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-03-23 19:45 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-23 19:45 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-03-23 19:45 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-03-23 19:45 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-03-23 19:45 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-03-23 19:45 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-03-23 19:45 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-03-23 19:45 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-03-23 19:45 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-03-23 19:45 - 2013-07-04 08:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-03-23 19:45 - 2013-07-03 00:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-03-23 19:45 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-03-23 19:45 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-03-23 19:44 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-23 19:44 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-23 19:44 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-23 19:44 - 2013-12-05 22:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-23 19:44 - 2013-12-05 22:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-23 19:44 - 2013-12-05 22:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-23 19:44 - 2013-12-05 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-23 19:44 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-23 19:44 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-23 19:44 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-23 19:44 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-23 19:44 - 2013-12-03 22:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-23 19:44 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-23 19:44 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-23 19:44 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-23 19:44 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-23 19:44 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-03-23 19:44 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-03-23 19:44 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-23 19:44 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-23 19:44 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-23 19:44 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-23 19:44 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-03-23 19:44 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-23 19:44 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-23 19:44 - 2013-11-26 07:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-23 19:44 - 2013-11-11 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-23 19:44 - 2013-11-11 22:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-23 19:44 - 2013-10-11 22:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-23 19:44 - 2013-10-11 22:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-23 19:44 - 2013-10-11 22:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-03-23 19:44 - 2013-10-11 22:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-23 19:44 - 2013-10-11 21:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-23 19:44 - 2013-10-11 21:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-23 19:44 - 2013-10-11 21:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-03-23 19:44 - 2013-10-11 21:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-23 19:44 - 2013-10-03 22:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-03-23 19:44 - 2013-10-03 22:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-03-23 19:44 - 2013-10-03 22:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-03-23 19:44 - 2013-10-03 22:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-23 19:44 - 2013-10-03 21:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-03-23 19:44 - 2013-10-03 21:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-03-23 19:44 - 2013-10-03 21:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-03-23 19:44 - 2013-10-03 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-23 19:44 - 2013-10-02 22:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-23 19:44 - 2013-10-02 22:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-03-23 19:44 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-23 19:44 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-03-23 19:44 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-03-23 19:44 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-23 19:44 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-23 19:44 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-03-23 19:44 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-23 19:44 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-03-23 19:44 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-23 19:44 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-23 19:44 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-23 19:44 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-03-23 19:44 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-23 19:44 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-03-23 19:44 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-23 19:44 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-23 19:44 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-23 19:44 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-23 19:44 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-03-23 19:44 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-23 19:44 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-03-23 19:44 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-23 19:44 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-03-23 19:44 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-03-23 19:44 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-03-23 19:44 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-03-23 19:44 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-03-23 19:44 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-03-23 19:44 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-03-23 19:44 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-03-23 19:44 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-03-23 19:44 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-03-23 19:44 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-03-23 19:44 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-03-23 19:44 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-03-23 19:44 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-03-23 19:44 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-03-23 19:44 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-03-23 19:44 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-03-23 19:44 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-03-23 19:44 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-03-23 19:44 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-03-23 19:44 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-03-23 19:43 - 2013-10-11 22:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-03-23 19:43 - 2013-10-11 22:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-23 19:43 - 2013-10-11 22:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-23 19:43 - 2013-10-11 22:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-03-23 19:43 - 2013-10-11 22:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-03-23 19:36 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-03-23 12:43 - 2014-03-31 04:05 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-03-23 08:24 - 2014-03-30 14:03 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-03-08 10:55 - 2014-03-08 10:55 - 00030720 _____ () C:\Users\Dana\Desktop\Joey's Points System.xls
2014-03-08 09:57 - 2014-03-08 09:57 - 00013824 _____ () C:\Users\Dana\Desktop\Book1.xls
2014-03-02 13:18 - 2014-03-02 13:18 - 00000000 ____D () C:\Users\Joey\Downloads\NETGEAR

==================== One Month Modified Files and Folders =======

2014-03-31 20:49 - 2014-03-31 20:49 - 00016785 _____ () C:\Users\Dana\Desktop\FRST.txt
2014-03-31 20:49 - 2014-03-31 20:48 - 00000000 ____D () C:\FRST
2014-03-31 20:47 - 2014-03-31 20:47 - 02157056 _____ (Farbar) C:\Users\Dana\Desktop\FRST64.exe
2014-03-31 19:59 - 2012-09-30 19:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-31 19:22 - 2011-07-24 13:39 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B5E1C1C1-247D-46AD-988A-51E0987517EA}
2014-03-31 19:20 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 19:20 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 19:18 - 2009-07-14 01:13 - 00780196 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 19:16 - 2010-10-27 22:06 - 01980273 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 19:13 - 2009-07-14 00:51 - 00348123 _____ () C:\Windows\setupact.log
2014-03-31 19:12 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-31 18:41 - 2013-03-02 15:55 - 00000000 ____D () C:\Program Files (x86)\Yontoo
2014-03-31 18:37 - 2014-03-31 18:37 - 00002294 _____ () C:\Users\Dana\Desktop\aswMBR.txt
2014-03-31 04:05 - 2014-03-23 12:43 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-03-30 19:42 - 2010-11-21 08:54 - 00000000 ____D () C:\hp_P1000_P1500_Full_Solution
2014-03-30 18:31 - 2010-07-28 18:51 - 00074802 _____ () C:\Windows\PFRO.log
2014-03-30 18:17 - 2014-03-30 18:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-30 18:17 - 2014-03-30 18:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-30 18:17 - 2010-07-28 18:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-30 18:14 - 2013-08-23 14:24 - 00000000 ____D () C:\Program Files\iTunes
2014-03-30 18:14 - 2013-08-23 14:24 - 00000000 ____D () C:\Program Files\iPod
2014-03-30 18:14 - 2013-08-23 14:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-30 18:13 - 2011-01-13 18:56 - 00000000 ____D () C:\Users\Dana\AppData\Local\Adobe
2014-03-30 18:13 - 2010-10-27 20:28 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Adobe
2014-03-30 18:10 - 2013-07-01 13:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-30 18:09 - 2012-09-30 19:58 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-30 18:05 - 2014-03-30 18:04 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\DropboxMaster
2014-03-30 18:05 - 2013-03-29 18:12 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Dropbox
2014-03-30 18:04 - 2014-03-30 18:04 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-30 18:02 - 2014-03-30 18:02 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\AVAST Software
2014-03-30 18:02 - 2014-03-30 18:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-30 18:01 - 2014-03-30 18:01 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-30 18:00 - 2013-07-01 11:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-30 17:59 - 2014-03-30 18:00 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-30 17:59 - 2014-03-30 18:00 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-30 17:59 - 2014-03-30 18:00 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-30 17:59 - 2014-03-30 18:00 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-30 17:59 - 2014-03-30 18:00 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-30 17:59 - 2014-03-30 17:59 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-30 17:59 - 2014-03-30 17:59 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-30 17:59 - 2014-03-30 17:59 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-30 17:59 - 2014-03-30 17:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-30 17:59 - 2014-03-30 17:59 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-30 17:57 - 2014-03-30 17:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-30 17:41 - 2010-10-27 20:22 - 00000000 ____D () C:\Users\Dana\AppData\Local\Deployment
2014-03-30 17:36 - 2014-03-30 17:36 - 611794835 _____ () C:\Windows\MEMORY.DMP
2014-03-30 17:36 - 2014-03-30 17:36 - 00275664 _____ () C:\Windows\Minidump\033014-23649-01.dmp
2014-03-30 17:36 - 2013-10-19 07:11 - 00000000 ____D () C:\Windows\Minidump
2014-03-30 14:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-30 14:03 - 2014-03-29 11:41 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-30 14:03 - 2014-03-29 11:41 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-30 14:03 - 2014-03-29 11:39 - 00000000 ____D () C:\ProgramData\Real
2014-03-30 14:03 - 2014-03-29 10:40 - 00000000 ____D () C:\Windows\SysWOW64\cache
2014-03-30 14:03 - 2014-03-23 08:24 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-03-30 14:03 - 2014-02-03 14:35 - 00000000 ____D () C:\Program Files (x86)\BitPim
2014-03-30 14:03 - 2012-07-15 20:18 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Gygan
2014-03-30 14:03 - 2012-07-15 20:18 - 00000000 ____D () C:\Program Files (x86)\Gygan BETA
2014-03-30 14:03 - 2010-11-13 07:35 - 00000000 ____D () C:\Windows\pss
2014-03-30 14:03 - 2010-10-27 20:17 - 00000000 ____D () C:\Program Files\DIFX
2014-03-30 14:03 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media
2014-03-30 14:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-03-30 14:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-30 10:07 - 2010-10-27 21:12 - 00000000 ___RD () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 10:07 - 2010-10-27 20:22 - 00000000 ___RD () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-30 10:07 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-30 10:06 - 2013-11-30 18:38 - 00000000 ____D () C:\Users\Joey
2014-03-30 10:06 - 2010-10-27 21:12 - 00000000 ____D () C:\Users\Dana
2014-03-30 10:06 - 2010-10-27 20:22 - 00001417 _____ () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-29 22:28 - 2014-03-29 22:28 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-03-29 19:38 - 2009-08-05 13:19 - 00000000 __SHD () C:\Recovery
2014-03-29 19:19 - 2014-03-29 19:02 - 00000000 ____D () C:\Users\Dana\Desktop\on disk
2014-03-29 18:23 - 2014-03-29 18:23 - 00000000 ____D () C:\5e1876c3cb9b5f12525acddf8e27c2
2014-03-29 18:16 - 2014-03-29 18:16 - 00000000 ____D () C:\Users\Dana\AppData\Local\SearchProtect
2014-03-29 18:16 - 2014-03-29 18:16 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-29 12:29 - 2014-03-29 12:29 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-29 12:28 - 2014-03-29 12:28 - 00000000 ____D () C:\Windows\9B4D16A7393F470C8B9F74AE1EA6C105.TMP
2014-03-29 12:28 - 2014-03-29 12:27 - 00000000 ____D () C:\Program Files (x86)\LeapFrog
2014-03-29 12:27 - 2014-03-29 12:27 - 00000000 ____D () C:\ProgramData\Leapfrog
2014-03-29 11:47 - 2014-03-29 11:41 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Real
2014-03-29 11:42 - 2014-03-29 11:42 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\RealNetworks
2014-03-29 11:42 - 2014-03-29 11:42 - 00000000 ____D () C:\Users\Dana\AppData\Local\Real
2014-03-29 11:42 - 2012-09-30 19:58 - 00000000 ____D () C:\ProgramData\Google
2014-03-29 11:41 - 2014-03-29 11:41 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-29 11:28 - 2014-03-29 11:28 - 00000000 ____D () C:\Users\Dana\AppData\Local\Canon Easy-PhotoPrint EX
2014-03-29 11:28 - 2013-01-24 21:39 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-29 11:28 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-25 04:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-03-25 03:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-25 03:47 - 2014-03-24 05:31 - 00014552 _____ () C:\Windows\IE11_main.log
2014-03-25 03:43 - 2014-03-25 03:43 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-25 03:43 - 2014-03-25 03:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-25 03:43 - 2014-03-25 03:43 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-25 03:43 - 2014-03-25 03:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-25 03:43 - 2014-03-25 03:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-25 03:43 - 2014-03-25 03:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-25 03:43 - 2014-03-25 03:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-25 03:43 - 2014-03-25 03:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-25 03:43 - 2014-03-25 03:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-24 14:44 - 2009-07-14 01:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-24 09:58 - 2014-03-24 09:58 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-24 09:57 - 2013-07-01 11:55 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-03-24 09:57 - 2013-03-02 15:56 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-24 05:51 - 2009-07-14 00:45 - 00289920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 05:50 - 2012-04-04 11:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-24 05:50 - 2012-04-04 11:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-24 05:46 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-03-24 05:46 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-24 05:46 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-24 05:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-03-24 05:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-03-24 05:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-03-24 05:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-03-24 05:42 - 2013-03-10 19:27 - 00773920 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-24 05:37 - 2013-03-10 19:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-03-24 05:17 - 2014-03-24 05:09 - 00008611 _____ () C:\Windows\IE10_main.log
2014-03-24 05:12 - 2014-03-24 05:12 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-24 05:12 - 2014-03-24 05:12 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-24 04:54 - 2014-03-24 04:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-23 08:59 - 2012-09-30 19:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-23 08:59 - 2012-09-30 19:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-23 08:59 - 2012-09-30 19:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-08 10:55 - 2014-03-08 10:55 - 00030720 _____ () C:\Users\Dana\Desktop\Joey's Points System.xls
2014-03-08 09:57 - 2014-03-08 09:57 - 00013824 _____ () C:\Users\Dana\Desktop\Book1.xls
2014-03-02 14:05 - 2013-03-31 12:21 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-02 13:18 - 2014-03-02 13:18 - 00000000 ____D () C:\Users\Joey\Downloads\NETGEAR
2014-03-01 02:05 - 2014-03-30 10:19 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-30 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-30 10:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-30 10:19 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-30 10:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-30 10:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-30 10:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-30 10:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-30 10:19 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-30 10:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-30 10:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-30 10:19 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-30 10:19 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-30 10:19 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-30 10:19 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-30 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-30 10:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1411355380-1723163232-578121940-1001\$a2d8084dc4fd0a56dcb82a0e980e3c62

Some content of TEMP:
====================
C:\Users\Dana\AppData\Local\Temp\atl80.dll
C:\Users\Dana\AppData\Local\Temp\bing.exe
C:\Users\Dana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfvrx7e.dll
C:\Users\Dana\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih.exe
C:\Users\Dana\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Dana\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Dana\AppData\Local\Temp\mfc80.dll
C:\Users\Dana\AppData\Local\Temp\mfc80u.dll
C:\Users\Dana\AppData\Local\Temp\mfcm80.dll
C:\Users\Dana\AppData\Local\Temp\mfcm80u.dll
C:\Users\Dana\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Dana\AppData\Local\Temp\msvcm80.dll
C:\Users\Dana\AppData\Local\Temp\msvcp80.dll
C:\Users\Dana\AppData\Local\Temp\msvcr80.dll
C:\Users\Dana\AppData\Local\Temp\oi_{58C6F26E-3EA2-4BE2-A212-49FEA9E47E5E}.exe
C:\Users\Dana\AppData\Local\Temp\oi_{6755B1EF-7063-48BE-8CB4-D8B9578A5A72}.exe
C:\Users\Dana\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Dana\AppData\Local\Temp\TmDbg32.dll
C:\Users\Dana\AppData\Local\Temp\TmDbg64.dll
C:\Users\Dana\AppData\Local\Temp\uninst1.exe
C:\Users\Dana\AppData\Local\Temp\uninstall.exe
C:\Users\Dana\AppData\Local\Temp\{596D5194-9CAA-482E-8E10-4609E6972F88}-27.0.1453.116_27.0.1453.110_chrome_updater.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-30 16:11

==================== End Of Log ============================

 

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Dana at 2014-03-31 20:50:04
Running from C:\Users\Dana\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.08.08 - ASUSTeK)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
ASUS VIBE (HKLM-x32\...\ASUS VIBE) (Version: 1.0.188 - Ecareme, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.50517 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{73414D7D-F23E-B9E2-3B21-1574C5DE36DC}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.2904 - AVG Technologies)
AVG 2013 (Version: 13.0.2904 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3209 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.0.5.292 - AVG Technologies)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
BitPim 1.0.7 (HKLM-x32\...\{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1) (Version: 1.0.7 - Joe Pham <[email protected]>)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - )
Canon MG3100 series User Registration (HKLM-x32\...\Canon MG3100 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0517.1742.29870 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help English (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help French (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help German (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
ccc-utility64 (Version: 2010.0517.1742.29870 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.00.25 - )
Gygan (HKLM-x32\...\{714DAA5E-803F-44A2-8512-64F26E681030}_is1) (Version:  - Gygan Inc)
HP LaserJet P1000 series (HKLM-x32\...\HP LaserJet P1000 series) (Version:  - )
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417011FF}) (Version: 7.0.110 - Oracle)
Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Expression Design 3 (HKLM-x32\...\Design_6.0.1739.0) (Version: 6.0.1739.0 - Microsoft Corporation)
Microsoft Expression Design 3 (x32 Version: 6.0.1739.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 3 (HKLM-x32\...\Encoder_3.0.1332.0) (Version: 3.0.1332.0 - Microsoft Corporation)
Microsoft Expression Encoder 3 (x32 Version: 3.0.1332.0 - Microsoft Corporation) Hidden
Microsoft Expression Web 3 (HKLM-x32\...\Web_3.0.3813.0) (Version: 3.0.3813.0 - Microsoft Corporation)
Microsoft Expression Web 3 (x32 Version: 3.0.3813.0 - Microsoft Corporation) Hidden
Microsoft Expression Web 3 SP1 (HKLM-x32\...\{752E90AC-3F11-4EA3-88EA-96441047EC31}) (Version:  - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

25-03-2014 07:38:43 Windows Update
26-03-2014 07:00:14 Windows Update
30-03-2014 14:13:59 Windows Update
30-03-2014 21:59:00 avast! antivirus system restore point
30-03-2014 22:12:13 Removed iTunes
31-03-2014 07:06:58 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {3A1AF923-F677-4F32-A758-AC86F38086A5} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {3C27510E-C366-4062-9283-E2F36728D624} - System32\Tasks\{D4178C12-8E93-4D1D-90BB-9A104151C826} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {43E545AD-79B4-43EE-A302-02B6209C2161} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2009-12-29] (ASUSTeK Computer Inc.)
Task: {44EC718B-0A00-4E1A-B723-0F81B8B02433} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {53504425-836E-432C-861E-06C64D1B9857} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\AsBackupWizard\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)
Task: {5BFBF21B-F5D1-4074-B401-55B21F7F9216} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-30] (AVAST Software)
Task: {847F7311-8AB0-4549-81CE-DCCADE2FB8F3} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2009-06-04] ()
Task: {959C28E2-E416-49DE-A79F-4EB1EEE6F127} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C5CF148C-D3C0-4DC9-B2B1-D888BC2839F7} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {E50FBEDA-AEF0-4005-9D95-A94B483E7959} - System32\Tasks\4553 => Wscript.exe C:\Users\Dana\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {F558DD39-A22A-4830-BC9E-E6CECD8DFAC0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-23] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-01-24 21:40 - 2011-02-07 12:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-11-30 15:07 - 2011-07-28 18:06 - 00297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2014-03-24 09:58 - 2014-03-24 09:57 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
2010-07-28 18:34 - 2009-06-04 18:10 - 05777408 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
2013-11-30 15:07 - 2011-07-28 18:06 - 08247264 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
2010-07-28 18:33 - 2009-05-07 20:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-07-28 18:33 - 2009-05-07 20:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-07-28 18:33 - 2008-01-18 18:50 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-07-28 18:33 - 2009-07-10 14:48 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2013-07-01 11:55 - 2014-03-24 09:57 - 02544664 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2010-04-08 13:23 - 2010-04-08 13:23 - 00430080 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-17 18:40 - 2010-05-17 18:40 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-31 16:31 - 2014-03-31 16:31 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14033101\algo.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-30 15:07 - 2011-07-27 12:53 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2014-03-24 09:58 - 2014-03-24 09:57 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
2010-07-28 18:34 - 2009-01-15 17:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2010-07-28 18:34 - 2009-03-25 19:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2013-11-30 15:07 - 2009-08-28 17:50 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
2014-03-30 17:59 - 2014-03-30 17:59 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Dana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Dana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============

Name: AVG AVI Loader Driver
Description: AVG AVI Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Avgldx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2014 07:17:08 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (03/31/2014 07:15:51 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (03/31/2014 07:14:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2014 07:14:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2014 07:13:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2014 07:13:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2014 04:03:19 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2014 04:03:19 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2014 04:03:05 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2014 04:03:05 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (03/31/2014 07:13:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx64

Error: (03/31/2014 07:12:52 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated with service-specific error %%-536805315.

Error: (03/31/2014 07:12:47 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error: (03/31/2014 03:14:18 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx64

Error: (03/31/2014 03:14:07 AM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated with service-specific error %%-536805315.

Error: (03/31/2014 03:14:02 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error: (03/31/2014 03:03:29 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx64

Error: (03/31/2014 03:03:17 AM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated with service-specific error %%-536805315.

Error: (03/31/2014 03:03:15 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error: (03/30/2014 07:20:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx64

Microsoft Office Sessions:
=========================
Error: (03/31/2014 07:17:08 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (03/31/2014 07:15:51 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (03/31/2014 07:14:28 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (03/31/2014 07:14:28 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (03/31/2014 07:13:39 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (03/31/2014 07:13:39 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (03/31/2014 04:03:19 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (03/31/2014 04:03:19 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (03/31/2014 04:03:05 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (03/31/2014 04:03:05 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 7935.18 MB
Available physical RAM: 4053.21 MB
Total Pagefile: 15868.53 MB
Available Pagefile: 12239.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:912.93 GB) (Free:793.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Recovery) (Fixed) (Total:18.58 GB) (Free:7.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: CB5BD2B2)

Partition: GPT Partition Type.

==================== End Of Log ============================

[pystryker]

I have performed the scan as requested. Below are the results of the scan. As a side note, I have the repair disk I created from my computer, but I do not have an option to reformat the computer to factory settings. I hope it doesn't come to that!

Hi We will do our very best to try and make sure it doesn't come to that.

We have some work to do, so let's get started.

Warnings

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

That being said, we do clean this infection all the time here without having to reformat and reinstall. If I had it on my machine, I would still use my machine after it had been cleaned of the infection without a reformat and reinstall.



Multiple Anti-Virus Programs Installed

Your log indicates you have 2 or more anti-virus programs installed on your machine. They are Avast and AVG.

• Research shows that having multiple anti-virus programs installed is not a good idea. This is a case of more is not better. They will often conflict with each, provide false positives, and additional problems.
• Please uninstall AVG, however, please wait until the end of the steps to do it. I have to unhide it in Add/Remove Programs so you can see if to remove it. I'll post about it again at the end of the fix.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable it after you have completed the steps.


Step 1: Program Uninstall and Chrome Changes

Please uninstall the following program from your computer: AVG SafeGuard Toolbar


Changing Chrome's Search Provider

We need to change your default Search Provider in Chrome. Please follow the instructions below.

• Open Chrome and type this in the address bar: chrome:settings
• When the Settings page opens, look under Search and then click the box that has your current search provider listed. Change it from the malware related search engine to another (Such as Google.)
• Once you have changed it, click on Manage Search Engines and delete Delta Searchfrom the list.
• Once you have removed it, close the window.

Remove Chrome Extensions

There is an extension in Chrome that need to be removed, please follow the instructions below to remove it.

Start Chrome and type this into the address bar: chrome:extensions

This will display a page of all the installed extensions. Please remove the extension listed below by clicking the trash can icon beside it


AVG SafeGuard Toolbar Extension



Step 2: FRST Fix

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt

Start
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\AVG SafeGuard toolbar
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2544664 2014-03-24] ()
HKU\S-1-5-21-1411355380-1723163232-578121940-1001\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1411355380-1723163232-578121940-1001\$a2d8084dc4fd0a56dcb82a0e980e3c62\n. ATTENTION! ====> ZeroAccess?
C:\$Recycle.Bin\S-1-5-21-1411355380-1723163232-578121940-1001\$a2d8084dc4fd0a56dcb82a0e980e3c62
GroupPolicyUsers\S-1-5-21-1411355380-1723163232-578121940-1003\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...119351&tsp=4930
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...119351&tsp=4930
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={345EEFE3-C4A6-48CB-B886-1EB7AA0FC137}&mid=4ba1fa16b57147d3aacbf1867657351a-2cbe18b840d333e81a7c8dbb65bfbe12f44b7b80&lang=en&ds=AVG&pr=pr&d=2013-07-01 11:56:23&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
cmd: netsh winsock reset
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.2.0.8\avg.crx [2013-06-02]
R2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-24] (AVG Secure Search)
2014-03-29 18:23 - 2014-03-29 18:23 - 00000000 ____D () C:\5e1876c3cb9b5f12525acddf8e27c2
2014-03-29 18:16 - 2014-03-29 18:16 - 00000000 ____D () C:\Users\Dana\AppData\Local\SearchProtect
2014-03-29 18:16 - 2014-03-29 18:16 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-24 09:58 - 2014-03-24 09:58 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-31 18:41 - 2013-03-02 15:55 - 00000000 ____D () C:\Program Files (x86)\Yontoo
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
Task: {E50FBEDA-AEF0-4005-9D95-A94B483E7959} - System32\Tasks\4553 => Wscript.exe C:\Users\Dana\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
AVG 2013 (Version: 13.0.2904 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3209 - AVG Technologies) Hidden
Task: {C5CF148C-D3C0-4DC9-B2B1-D888BC2839F7} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Once you have run this fix, you should be able to find and uninstall AVG 2013 in the Add/Remove Programs window.


Step 2: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop

• Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
• Close any open windows or browsers.
• Pause your Anti-Virus program if it is running.
• Once it starts, click on the Scan button.
• Let the scan complete itself. This may take a few minutes.
• Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
• When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
  This report is also saved at C:\AdwCleaner[R0].txt

Step 3: Junkware Removal Tool


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 4: Temporary File Cleaner

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 5: TDSSKiller


Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Put a checkmark beside loaded modules.
  
  
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.
• Click the Start Scan button.
  
  
• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Things I need to see in your next post:

Fixlog.txt Log

AdwCleaner Log

Junkware Removal Tool Log

TDSSKiller Log

[dsu1979]

So here's a problem. I can't uninstall Avg 2013 our Avg SafeGuard Toolbar. I go into add/remove programs and I see it listed there. I click to uninstall and nothing happens. I cannot open the program either. :-(

[dsu1979]

I also do not have Chrome listed anywhere on my programs.

[dsu1979]

Another update. . A restart of my computer and doing the Fixlist procedure it appears that Avg SafeGuard Toolbar is removed.

I had to reinstall chrome to remove Delta search, however the Avg SafeGuard Toolbar is not listed as an extension to delete it.

 

I try to uninstall AVG 2013 through add/remove programs and it doesn't do anything.  If I try clicking to remove again I'm prompted to wait until the last program is uninstalled.

 

Here is the information from Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014

Ran by Dana at 2014-04-01 17:36:30 Run:1

Running from C:\Users\Dana\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe

C:\Program Files (x86)\Common Files\AVG Secure Search

() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe

() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

C:\Program Files (x86)\AVG SafeGuard toolbar

HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2544664 2014-03-24] ()

HKU\S-1-5-21-1411355380-1723163232-578121940-1001\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1411355380-1723163232-578121940-1001\$a2d8084dc4fd0a56dcb82a0e980e3c62\n. ATTENTION! ====> ZeroAccess?

C:\$Recycle.Bin\S-1-5-21-1411355380-1723163232-578121940-1001\$a2d8084dc4fd0a56dcb82a0e980e3c62

GroupPolicyUsers\S-1-5-21-1411355380-1723163232-578121940-1003\User: Group Policy restriction detected <======= ATTENTION

SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...119351&tsp=4930

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...119351&tsp=4930

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={345EEFE3-C4A6-48CB-B886-1EB7AA0FC137}&mid=4ba1fa16b57147d3aacbf1867657351a-2cbe18b840d333e81a7c8dbb65bfbe12f44b7b80&lang=en&ds=AVG&pr=pr&d=2013-07-01 11:56:23&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms} 

BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)

BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)

Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

cmd: netsh winsock reset

CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.2.0.8\avg.crx [2013-06-02]

R2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-24] (AVG Secure Search)

2014-03-29 18:23 - 2014-03-29 18:23 - 00000000 ____D () C:\5e1876c3cb9b5f12525acddf8e27c2

2014-03-29 18:16 - 2014-03-29 18:16 - 00000000 ____D () C:\Users\Dana\AppData\Local\SearchProtect

2014-03-29 18:16 - 2014-03-29 18:16 - 00000000 ____D () C:\Program Files (x86)\SearchProtect

2014-03-24 09:58 - 2014-03-24 09:58 - 00000000 ____D () C:\ProgramData\AVG Secure Search

2014-03-31 18:41 - 2013-03-02 15:55 - 00000000 ____D () C:\Program Files (x86)\Yontoo

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

Task: {E50FBEDA-AEF0-4005-9D95-A94B483E7959} - System32\Tasks\4553 => Wscript.exe C:\Users\Dana\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

AVG 2013 (Version: 13.0.2904 - AVG Technologies) Hidden

AVG 2013 (Version: 13.0.3209 - AVG Technologies) Hidden

Task: {C5CF148C-D3C0-4DC9-B2B1-D888BC2839F7} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION

End

 

*****************

 

[3696] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe => Process closed successfully.

C:\Program Files (x86)\Common Files\AVG Secure Search => Moved successfully.

[3804] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe => Process closed successfully.

C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe => No running process found

C:\Program Files (x86)\AVG SafeGuard toolbar => Moved successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value deleted successfully.

HKU\S-1-5-21-1411355380-1723163232-578121940-1001\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.

C:\$Recycle.Bin\S-1-5-21-1411355380-1723163232-578121940-1001\$a2d8084dc4fd0a56dcb82a0e980e3c62 => Moved successfully.

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1411355380-1723163232-578121940-1003\User => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.

HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.

HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value deleted successfully.

HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll

Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll

 

=========  netsh winsock reset =========

 

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

========= End of CMD: =========

 

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Key deleted successfully.

C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.2.0.8\avg.crx => Moved successfully.

vToolbarUpdater18.0.5 => Service deleted successfully.

C:\5e1876c3cb9b5f12525acddf8e27c2 => Moved successfully.

C:\Users\Dana\AppData\Local\SearchProtect => Moved successfully.

C:\Program Files (x86)\SearchProtect => Moved successfully.

C:\ProgramData\AVG Secure Search => Moved successfully.

C:\Program Files (x86)\Yontoo => Moved successfully.

C:\Windows\system32\Drivers\etc\hosts => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E50FBEDA-AEF0-4005-9D95-A94B483E7959} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E50FBEDA-AEF0-4005-9D95-A94B483E7959} => Key deleted successfully.

C:\Windows\System32\Tasks\4553 => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4553 => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG\\SystemComponent => Value not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG\\SystemComponent => Value not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5CF148C-D3C0-4DC9-B2B1-D888BC2839F7} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5CF148C-D3C0-4DC9-B2B1-D888BC2839F7} => Key deleted successfully.

C:\Windows\System32\Tasks\0 => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

Edited by dsu1979, 01 April 2014 - 03:46 PM.

[pystryker]

Another update. . A restart of my computer and doing the Fixlist procedure it appears that Avg SafeGuard Toolbar is removed.

Good I put the AVG files and such in the fixlist to ensure removal of them just in case there is a problem when trying to uninstall it.

I had to reinstall chrome to remove Delta search, however the Avg SafeGuard Toolbar is not listed as an extension to delete it.

Ok, we'll make sure it's not in the new install of Chrome when I get some scans later on.

I try to uninstall AVG 2013 through add/remove programs and it doesn't do anything. If I try clicking to remove again I'm prompted to wait until the last program is uninstalled.

Try to uninstall it one more time. If we get the same results, AVG has a removal tool I'll provide that will remove it.

Please execute and post the logs from the remaining steps and we'll proceed.

[dsu1979]

Here is the information from  AdwCleaner:

 

# AdwCleaner v3.023 - Report created 01/04/2014 at 17:52:25

# Updated 01/04/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Dana - DANA-PC

# Running from : C:\Users\Dana\Desktop\adwcleaner (1).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\apn

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Program Files (x86)\AOL Toolbar

Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin

Folder Deleted : C:\Users\Dana\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Dana\AppData\Local\Temp\BabylonToolbar

Folder Deleted : C:\Users\Dana\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Dana\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Dana\AppData\LocalLow\Delta

Folder Deleted : C:\Users\Dana\AppData\Roaming\DSite

Folder Deleted : C:\Users\Dana\AppData\Roaming\Systweak

Folder Deleted : C:\Users\Joey\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Joey\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

File Deleted : C:\END

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Users\Dana\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage

File Deleted : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\ae8fdbe23fba49

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\BabSolution

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKCU\Software\SocialBit

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause

Key Deleted : HKLM\Software\AVG SafeGuard toolbar

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\firstsearch

Key Deleted : HKLM\Software\InstallIQ

Key Deleted : HKLM\Software\systweak

Key Deleted : HKLM\Software\Uniblue

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16521

 

 

-\\ Google Chrome v33.0.1750.154

 

[ File : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [11822 octets] - [01/04/2014 17:51:26]

AdwCleaner[S0].txt - [11680 octets] - [01/04/2014 17:52:25]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11741 octets] ##########

[pystryker]

Looking good, please post the last 2 logs at your convenience.

[dsu1979]

I started the TFC scan right after my last post. It's still going. I think this could be part of my problem. . There are an extremely high number of temporary files. I'll probably *hopefully* have that log in the morning and maybe the other depending on how long it takes for that one.

[pystryker]

I started the TFC scan right after my last post. It's still going. I think this could be part of my problem. . There are an extremely high number of temporary files. I'll probably *hopefully* have that log in the morning and maybe the other depending on how long it takes for that one.

 

That's perfectly fine   That TFC scan can take quite a while, and we need to get rid of all of them.  Post when ever is convenient for you, as we'll do this in a time frame that works best for you.

[dsu1979]

I'm glad I didn't wait up for it yo finish before I went to bed. It's still going! Hopefully it's done when I get home from work this evening.

[pystryker]

I'm glad I didn't wait up for it yo finish before I went to bed. It's still going! Hopefully it's done when I get home from work this evening.

 

[dsu1979]

Try this again.. I'm having trouble accessing the forums and posting my logs. I think I may be trying to post too much at once so I'll break it up.  I have the JRT.txt log as well as 2 TDSSKiller logs.  I only scanned once, but there are 2 logs in my file now.

 

JRT.txt log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.3 (03.23.2014:1)

OS: Windows 7 Home Premium x64

Ran by Dana on Tue 04/01/2014 at 18:04:08.89

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1411355380-1723163232-578121940-1001\Software\sweetim

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"

Successfully deleted: [Folder] "C:\Users\Dana\appdata\local\best buy pc app"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 04/01/2014 at 18:16:25.71

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~