Jump to content

infected - trouble connecting to internet


Recommended Posts

Hello! Thanks beforehand for your help.

I'm posting from my phone because my laptop is having a lot of trouble connecting to or staying connected to the internet. About two weeks ago I installed some windows updates and my internet would no longer connect (about every 1-3 minutes shows that it's disconnected despite running fine on other computers). I thought the update was the problem and did a system restore, which seemed to work fine until last night. I've been struggling with this for a number of hours so hopefully I didn't mess anything up :/.

AVG found Trojan horse proxy.atqw, then with another scan found lots of win 32/Pepatch issues in a Panda Antivirus folder. Spybot s&d found oscardelta.toolbar and win32.downloader.Gen. malwarebytes found pup.optional.conduit.A. Panda has not found anything. I also ran checkdisk which seemed to spend a lot of time doing nothing. I hear I'm not supposed to use more than one antivirus but when one didn't help I got carried away. Malwarebytes was only able to connect for updates after spybot did its thing, and spybot only connected after avg removed that first trojan.

I'm running windows 7 on a Toshiba satellite. My laptop is mostly a glorified imgur viewer and I downloaded a Steam game two days ago- I have no idea where I would have picked up a virus.

I know the stickied thread says to run dds but I cannot get my computer to connect (it did connect to Dds.com but that was a dental site). Please help!

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

See if you can run the following:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

You can d/l on a spare PC and save to USB stick (flashdrive) and transfer to sick PC if easier for you...

Link to post
Share on other sites

Sorry for the wait, long day at work!

Thanks again for the help!

 

I did use utorrent with demonoid at one point, but that's been quite a while ago and I'm pretty sure everything is gone :S. Probably could use some cleaning up.

 

Couldn't for the life of me get addition.txt to upload (Upload Skipped, Error IO) so I will attach in the next post instead.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2013
Ran by Owner (administrator) on OWNER-PC on 02-12-2013 20:29:27
Running from C:\Users\Owner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\McciTrayApp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [ufSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022368 2010-06-14] (Trend Micro Inc.)
HKLM\...\Run: [ATT-SST_McciTrayApp] - C:\Program Files\ATT-SST\McciTrayApp.exe [3453440 2010-07-27] (Alcatel-Lucent)
HKLM-x32\...\Winlogon: [userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Run: [EADM] - C:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe [11857920 2011-04-03] (Electronic Arts)
HKCU\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\Owner\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=caa29c7d4c3247d3b1d6d16f2a88823e-965366a3d2573f498eff9201c0aee3840431226a /CMPID=1113a
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0
HKCU\...\Policies\Explorer: [NoLogOff] 0
MountPoints2: F - F:\AUTORUN.EXE
MountPoints2: {77dc9c82-c32a-11e0-9e6d-00266c6c6bcd} - H:\LaunchU3.exe -a
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [77824 2011-03-20] (Apple Computer, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PSUAMain] - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-05-28] (Panda Security, S.L.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2420248 2013-12-01] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={7F0E1C95-048A-4D69-8081-7761E4355052}&mid=caa29c7d4c3247d3b1d6d16f2a88823e-965366a3d2573f498eff9201c0aee3840431226a〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-01 20:53:51&v=17.1.2.1&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKCU - {DEA84515-0CAA-481A-8C7A-E8010F3B87D4} URL =
SearchScopes: HKCU - {F78C8B85-C6D8-4EF8-ACE8-0224FBBB95CA} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64fi9gbw.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search


FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64fi9gbw.default\searchplugins\utorrentcontrol2-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Weather Watcher Live - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64fi9gbw.default\Extensions\weatherwatcherlive@singerscreations.com
FF Extension: WOT - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64fi9gbw.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Green Fox - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64fi9gbw.default\Extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
FF Extension: noscript - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64fi9gbw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64fi9gbw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.2.1
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.2.1

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.1.2.1\avg.crx
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Owner\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-11-08] (Alcatel-Lucent)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-05-28] (Panda Security, S.L.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-06] (Microsoft Corporation)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-05-28] (Panda Security, S.L.)
S2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [836504 2010-11-10] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-06-14] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-06-14] (Trend Micro Inc.)
R2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [1734680 2013-12-01] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-12-01] (AVG Technologies)
S3 hitmanpro35; C:\windows\system32\drivers\hitmanpro36.sys [27424 2012-03-21] ()
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [91368 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [122088 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109288 2013-05-29] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [114920 2013-05-29] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-29] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69864 2013-05-29] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [119016 2013-05-29] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [305896 2013-05-29] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [118504 2013-05-29] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [114920 2013-05-29] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [246504 2013-05-29] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106216 2013-05-29] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [168680 2013-05-28] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [122088 2013-05-28] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205544 2013-05-28] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124648 2013-05-28] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [137448 2013-05-29] (Panda Security, S.L.)
S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [105704 2013-05-28] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58808 2013-04-29] (Panda Security, S.L.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42576 2010-07-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-06-14] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [309840 2010-07-30] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1988176 2010-07-30] (Trend Micro Inc.)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: iviVD -> No ServiceDLL Path.

==================== One Month Created Files and Folders ========

2013-12-02 20:29 - 2013-12-02 20:30 - 00023253 _____ C:\Users\Owner\Downloads\FRST.txt
2013-12-02 20:29 - 2013-12-02 20:29 - 00000000 ____D C:\FRST
2013-12-02 20:28 - 2013-12-02 20:28 - 01959402 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-12-01 23:33 - 2013-12-01 23:33 - 00028954 _____ C:\Users\Owner\Desktop\dds.txt
2013-12-01 23:33 - 2013-12-01 23:33 - 00012016 _____ C:\Users\Owner\Desktop\attach.txt
2013-12-01 23:30 - 2013-12-01 23:30 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2013-12-01 22:02 - 2013-12-01 22:02 - 00771440 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-12-01 21:53 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2013-12-01 21:53 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2013-12-01 21:53 - 2012-08-23 08:07 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2013-12-01 21:53 - 2012-08-23 07:47 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2013-12-01 21:53 - 2012-08-23 07:46 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2013-12-01 21:53 - 2012-08-23 07:41 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-12-01 21:53 - 2012-08-23 07:40 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-12-01 21:53 - 2012-08-23 07:24 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2013-12-01 21:53 - 2012-08-23 07:20 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2013-12-01 21:53 - 2012-08-23 07:18 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2013-12-01 21:53 - 2012-08-23 07:17 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2013-12-01 21:53 - 2012-08-23 07:06 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2013-12-01 21:53 - 2012-08-23 06:52 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2013-12-01 21:53 - 2012-08-23 05:20 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2013-12-01 21:53 - 2012-08-23 05:15 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2013-12-01 21:53 - 2012-08-23 05:14 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2013-12-01 21:53 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2013-12-01 21:53 - 2012-08-23 04:54 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2013-12-01 21:53 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2013-12-01 21:53 - 2012-08-23 04:39 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2013-12-01 21:53 - 2012-08-23 04:22 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2013-12-01 21:53 - 2012-08-23 03:51 - 03174912 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2013-12-01 21:53 - 2012-08-23 02:19 - 04916224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2013-12-01 21:53 - 2012-08-23 02:13 - 05773824 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2013-12-01 20:54 - 2013-12-01 20:54 - 00000000 ____D C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar
2013-12-01 20:54 - 2013-12-01 20:54 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2013-12-01 20:53 - 2013-12-01 20:54 - 00003740 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-12-01 20:53 - 2013-12-01 20:54 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-12-01 20:53 - 2013-12-01 20:53 - 00046368 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-12-01 20:53 - 2013-12-01 20:53 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-12-01 17:53 - 2013-12-01 18:36 - 00019985 _____ C:\Users\Owner\Desktop\avgrep.txt
2013-12-01 17:46 - 2013-12-01 17:46 - 00003624 ____N C:\bootsqm.dat
2013-12-01 01:56 - 2013-12-01 01:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 01:56 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-12-01 01:48 - 2013-12-01 02:33 - 00007598 _____ C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2013-12-01 01:39 - 2013-04-29 09:17 - 00058808 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
2013-12-01 01:31 - 2012-05-04 05:00 - 00366592 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2013-12-01 01:31 - 2012-05-04 03:59 - 00514560 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2013-11-30 20:40 - 2013-11-30 20:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVG2014
2013-11-30 20:38 - 2013-11-30 20:38 - 00003230 _____ C:\windows\System32\Tasks\SidebarExecute
2013-11-30 20:38 - 2013-11-30 20:38 - 00000976 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-11-30 20:38 - 2013-11-30 20:38 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software
2013-11-30 20:37 - 2013-11-30 20:38 - 00000000 ____D C:\ProgramData\AVG2014
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ___HD C:\$AVG
2013-11-30 20:35 - 2013-11-30 20:35 - 00000000 ____D C:\Program Files (x86)\AVG
2013-11-30 20:23 - 2013-12-02 18:55 - 00000000 ____D C:\ProgramData\MFAData
2013-11-30 20:23 - 2013-11-30 20:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg2014
2013-11-30 20:23 - 2013-11-30 20:23 - 00000000 ____D C:\Users\Owner\AppData\Local\MFAData
2013-11-28 18:51 - 2013-11-28 18:51 - 00000000 ____D C:\Users\Owner\AppData\Roaming\3909
2013-11-28 18:41 - 2013-11-28 18:41 - 00000222 _____ C:\Users\Owner\Desktop\Papers, Please.url
2013-11-21 10:22 - 2013-11-21 10:22 - 06244308 _____ C:\Users\Owner\Downloads\Chapter 17 - Reproduction.pptx
2013-11-20 12:26 - 2013-11-20 12:26 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-11-20 12:26 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_1.dll
2013-11-20 12:26 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_2.dll
2013-11-20 12:26 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll
2013-11-20 12:26 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll
2013-11-20 12:26 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll
2013-11-20 12:09 - 2013-11-20 12:26 - 00000000 __SHD C:\AI_RecycleBin
2013-11-20 12:07 - 2013-11-20 12:07 - 00000000 ____D C:\Users\Owner\AppData\Local\PackageAware
2013-11-20 12:03 - 2013-11-20 12:03 - 00002962 _____ C:\windows\System32\Tasks\{F24A88F9-D497-4999-8D1A-1B1DFA68570A}
2013-11-18 03:11 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2013-11-18 03:09 - 2013-11-18 03:09 - 23212032 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 17142784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 12995584 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 11220992 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 05765120 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 04240384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-18 03:09 - 2013-11-18 03:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-18 03:09 - 2013-11-18 03:09 - 02332160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 02166272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 01993728 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-18 03:09 - 2013-11-18 03:09 - 01926656 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-18 03:09 - 2013-11-18 03:09 - 01818112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 01394176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 01156608 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-18 03:09 - 2013-11-18 03:09 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-18 03:09 - 2013-11-18 03:09 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-18 03:09 - 2013-11-18 03:09 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-18 03:09 - 2013-11-18 03:09 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-18 03:09 - 2013-11-18 03:09 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-18 03:09 - 2013-11-18 03:09 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-18 03:06 - 2013-11-18 03:12 - 00007469 _____ C:\windows\IE11_main.log
2013-11-17 22:41 - 2013-12-01 20:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 22:29 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-17 22:29 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-17 22:26 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-17 22:26 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-17 22:26 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-17 22:26 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-17 22:26 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-17 22:26 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2013-11-17 22:26 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-17 22:25 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-17 22:25 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-17 22:25 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-17 22:25 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-17 22:25 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-17 22:25 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-17 22:25 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-17 22:25 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-17 22:25 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-11-17 22:25 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-17 22:25 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-11-17 22:25 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-11-17 22:25 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-17 22:25 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-17 22:24 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-17 22:24 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-17 22:24 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-17 22:24 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-11-17 22:24 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-11-17 22:24 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-17 22:24 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-07 10:22 - 2013-11-17 22:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Ventrilo
2013-11-07 10:21 - 2013-11-07 10:21 - 00000882 _____ C:\Users\Public\Desktop\Ventrilo.lnk
2013-11-07 10:21 - 2013-11-07 10:21 - 00000268 _____ C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2013-11-07 10:21 - 2013-11-07 10:21 - 00000000 ____D C:\Program Files (x86)\Ventrilo
2013-11-05 21:55 - 2013-11-05 21:55 - 00150808 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys
2013-11-04 21:52 - 2013-11-04 21:52 - 00240920 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys

==================== One Month Modified Files and Folders =======

2013-12-02 20:30 - 2013-12-02 20:29 - 00023253 _____ C:\Users\Owner\Downloads\FRST.txt
2013-12-02 20:29 - 2013-12-02 20:29 - 00000000 ____D C:\FRST
2013-12-02 20:28 - 2013-12-02 20:28 - 01959402 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-12-02 20:12 - 2012-08-15 17:06 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-02 18:55 - 2013-11-30 20:23 - 00000000 ____D C:\ProgramData\MFAData
2013-12-02 17:22 - 2010-05-24 22:58 - 01170464 _____ C:\windows\WindowsUpdate.log
2013-12-01 23:37 - 2009-07-13 23:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-01 23:33 - 2013-12-01 23:33 - 00028954 _____ C:\Users\Owner\Desktop\dds.txt
2013-12-01 23:33 - 2013-12-01 23:33 - 00012016 _____ C:\Users\Owner\Desktop\attach.txt
2013-12-01 23:30 - 2013-12-01 23:30 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2013-12-01 22:23 - 2009-07-13 22:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 22:23 - 2009-07-13 22:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 22:15 - 2013-06-05 00:04 - 00010748 _____ C:\windows\setupact.log
2013-12-01 22:15 - 2009-11-12 21:08 - 00555818 _____ C:\windows\PFRO.log
2013-12-01 22:15 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-01 22:13 - 2009-07-13 21:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-12-01 22:02 - 2013-12-01 22:02 - 00771440 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-12-01 20:54 - 2013-12-01 20:54 - 00000000 ____D C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar
2013-12-01 20:54 - 2013-12-01 20:54 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2013-12-01 20:54 - 2013-12-01 20:53 - 00003740 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-12-01 20:54 - 2013-12-01 20:53 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-12-01 20:54 - 2013-11-17 22:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-01 20:53 - 2013-12-01 20:53 - 00046368 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-12-01 20:53 - 2013-12-01 20:53 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-12-01 18:36 - 2013-12-01 17:53 - 00019985 _____ C:\Users\Owner\Desktop\avgrep.txt
2013-12-01 17:46 - 2013-12-01 17:46 - 00003624 ____N C:\bootsqm.dat
2013-12-01 02:43 - 2011-08-30 15:14 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-12-01 02:41 - 2010-06-14 19:11 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-01 02:33 - 2013-12-01 01:48 - 00007598 _____ C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2013-12-01 01:56 - 2013-12-01 01:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 01:41 - 2010-06-14 19:16 - 00119664 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-01 01:38 - 2009-07-13 22:45 - 00520592 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-01 01:20 - 2012-03-17 14:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-11-30 20:46 - 2013-11-30 20:23 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg2014
2013-11-30 20:40 - 2013-11-30 20:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVG2014
2013-11-30 20:38 - 2013-11-30 20:38 - 00003230 _____ C:\windows\System32\Tasks\SidebarExecute
2013-11-30 20:38 - 2013-11-30 20:38 - 00000976 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-11-30 20:38 - 2013-11-30 20:38 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software
2013-11-30 20:38 - 2013-11-30 20:37 - 00000000 ____D C:\ProgramData\AVG2014
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ___HD C:\$AVG
2013-11-30 20:35 - 2013-11-30 20:35 - 00000000 ____D C:\Program Files (x86)\AVG
2013-11-30 20:23 - 2013-11-30 20:23 - 00000000 ____D C:\Users\Owner\AppData\Local\MFAData
2013-11-30 20:16 - 2010-06-14 19:11 - 00000000 ____D C:\Users\Owner
2013-11-30 20:14 - 2013-07-15 09:21 - 00000000 ____D C:\ProgramData\PMB Files
2013-11-30 20:14 - 2013-06-02 18:54 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-30 20:14 - 2012-03-17 14:42 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-30 20:14 - 2010-06-14 23:32 - 00000000 ____D C:\Program Files\Trend Micro
2013-11-30 20:14 - 2009-07-13 21:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2013-11-30 20:14 - 2009-07-13 21:20 - 00000000 ____D C:\windows\registration
2013-11-30 20:13 - 2011-02-20 19:00 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-11-30 20:13 - 2010-06-14 23:32 - 00000000 ____D C:\ProgramData\Trend Micro
2013-11-28 18:51 - 2013-11-28 18:51 - 00000000 ____D C:\Users\Owner\AppData\Roaming\3909
2013-11-28 18:41 - 2013-11-28 18:41 - 00000222 _____ C:\Users\Owner\Desktop\Papers, Please.url
2013-11-28 04:19 - 2013-07-15 09:21 - 00000000 ____D C:\Users\Owner\AppData\Local\PMB Files
2013-11-26 10:33 - 2013-08-20 22:50 - 00000000 ____D C:\Users\Owner\Documents\Human Phys
2013-11-21 23:13 - 2009-07-13 23:08 - 00032626 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-11-21 10:22 - 2013-11-21 10:22 - 06244308 _____ C:\Users\Owner\Downloads\Chapter 17 - Reproduction.pptx
2013-11-20 12:26 - 2013-11-20 12:26 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-11-20 12:26 - 2013-11-20 12:09 - 00000000 __SHD C:\AI_RecycleBin
2013-11-20 12:26 - 2013-07-15 09:24 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
2013-11-20 12:14 - 2012-06-08 23:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-20 12:08 - 2010-05-24 23:33 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-20 12:08 - 2010-05-24 23:33 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-20 12:07 - 2013-11-20 12:07 - 00000000 ____D C:\Users\Owner\AppData\Local\PackageAware
2013-11-20 12:03 - 2013-11-20 12:03 - 00002962 _____ C:\windows\System32\Tasks\{F24A88F9-D497-4999-8D1A-1B1DFA68570A}
2013-11-18 22:52 - 2011-11-13 03:33 - 00000544 _____ C:\Users\Owner\Desktop\TV.txt
2013-11-18 18:40 - 2010-06-14 19:14 - 00001428 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-18 16:46 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2013-11-18 03:12 - 2013-11-18 03:06 - 00007469 _____ C:\windows\IE11_main.log
2013-11-18 03:09 - 2013-11-18 03:09 - 23212032 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 17142784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 12995584 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 11220992 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 05765120 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 04240384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-18 03:09 - 2013-11-18 03:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-18 03:09 - 2013-11-18 03:09 - 02332160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 02166272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 01993728 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-18 03:09 - 2013-11-18 03:09 - 01926656 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-18 03:09 - 2013-11-18 03:09 - 01818112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 01394176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 01156608 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-18 03:09 - 2013-11-18 03:09 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-18 03:09 - 2013-11-18 03:09 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-18 03:09 - 2013-11-18 03:09 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-18 03:09 - 2013-11-18 03:09 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-18 03:09 - 2013-11-18 03:09 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-18 03:09 - 2013-11-18 03:09 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-18 03:09 - 2013-11-18 03:09 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-18 03:09 - 2013-11-18 03:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-18 03:05 - 2013-08-14 02:02 - 00000000 ____D C:\windows\system32\MRT
2013-11-18 03:02 - 2010-06-14 22:18 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-17 22:43 - 2013-02-27 00:06 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-17 22:09 - 2013-11-07 10:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Ventrilo
2013-11-17 22:09 - 2009-07-13 21:20 - 00000000 __RSD C:\windows\Media
2013-11-17 22:09 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\NDF
2013-11-17 22:09 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-17 22:08 - 2009-07-14 01:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-17 22:01 - 2013-03-06 19:56 - 00000000 __RHD C:\MSOCache
2013-11-10 19:16 - 2009-11-12 20:49 - 00000000 ____D C:\ProgramData\Adobe
2013-11-10 19:15 - 2010-06-14 20:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2013-11-07 10:21 - 2013-11-07 10:21 - 00000882 _____ C:\Users\Public\Desktop\Ventrilo.lnk
2013-11-07 10:21 - 2013-11-07 10:21 - 00000268 _____ C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2013-11-07 10:21 - 2013-11-07 10:21 - 00000000 ____D C:\Program Files (x86)\Ventrilo
2013-11-05 21:55 - 2013-11-05 21:55 - 00150808 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys
2013-11-04 21:52 - 2013-11-04 21:52 - 00240920 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\rootsupd.exe
C:\Users\Owner\AppData\Local\Temp\VP6Install.exe
C:\Users\Owner\AppData\Local\Temp\VP6VFW.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2013-11-30 00:18

==================== End Of Log ============================

Link to post
Share on other sites

Addition.txt (since it won't attach)

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2013
Ran by Owner at 2013-12-02 20:30:54
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Panda Cloud Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Trend Micro AntiVirus (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Panda Cloud Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Trend Micro AntiVirus (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Cloud Antivirus Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.4.144)
AT&T Troubleshoot & Resolve Tool (x32)
ATI Catalyst Install Manager (Version: 3.0.732.0)
att.net Internet Mail (x32)
AVG 2014 (Version: 14.0.3629)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
AVG SafeGuard toolbar (x32 Version: 17.1.2.1)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0729.2238.38827)
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2238.38827)
Catalyst Control Center Localization All (x32 Version: 2009.0729.2238.38827)
CCC Help Chinese Standard (x32 Version: 2009.0729.2237.38827)
CCC Help Chinese Traditional (x32 Version: 2009.0729.2237.38827)
CCC Help Czech (x32 Version: 2009.0729.2237.38827)
CCC Help Danish (x32 Version: 2009.0729.2237.38827)
CCC Help Dutch (x32 Version: 2009.0729.2237.38827)
CCC Help English (x32 Version: 2009.0729.2237.38827)
CCC Help Finnish (x32 Version: 2009.0729.2237.38827)
CCC Help French (x32 Version: 2009.0729.2237.38827)
CCC Help German (x32 Version: 2009.0729.2237.38827)
CCC Help Greek (x32 Version: 2009.0729.2237.38827)
CCC Help Hungarian (x32 Version: 2009.0729.2237.38827)
CCC Help Italian (x32 Version: 2009.0729.2237.38827)
CCC Help Japanese (x32 Version: 2009.0729.2237.38827)
CCC Help Korean (x32 Version: 2009.0729.2237.38827)
CCC Help Norwegian (x32 Version: 2009.0729.2237.38827)
CCC Help Polish (x32 Version: 2009.0729.2237.38827)
CCC Help Portuguese (x32 Version: 2009.0729.2237.38827)
CCC Help Russian (x32 Version: 2009.0729.2237.38827)
CCC Help Spanish (x32 Version: 2009.0729.2237.38827)
CCC Help Swedish (x32 Version: 2009.0729.2237.38827)
CCC Help Thai (x32 Version: 2009.0729.2237.38827)
CCC Help Turkish (x32 Version: 2009.0729.2237.38827)
ccc-core-static (x32 Version: 2009.0729.2238.38827)
ccc-utility64 (Version: 2009.0729.2238.38827)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
EA Download Manager (x32 Version: 7.3.7.4)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Last.fm 1.5.4.27091 (x32)
League of Legends (x32 Version: 3.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2013 - en-us (Version: 15.0.4551.1005)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Works (x32 Version: 9.7.0621)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 14.0.1468.721)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1005)
Panda Cloud Antivirus (Version: 6.02.00.0000)
Panda Cloud Antivirus (x32 Version: 2.1.0)
Pando Media Booster (x32 Version: 2.6.0.7)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PowerISO (x32 Version: 4.7)
QuickTime (x32)
Realtek Ethernet Controller  Driver (x32 Version: 1.00.0008)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30101)
Realtek WLAN Driver (x32 Version: 2.00.0006)
Respondus LockDown Browser (x32 Version: 1.02.0001)
Roll (x32)
Roxio Burn (x32 Version: 1.2)
Roxio Express Labeler 3 (x32 Version: 3.2.1)
Roxio Roxio Burn (x32 Version: 1.0.0)
Roxio Update Manager (x32 Version: 6.0.0)
Skype™ 6.3 (x32 Version: 6.3.107)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
The Rosetta Stone (x32)
The Sims™ 2 Best of Business Collection (x32)
The Sims™ 2 Double Deluxe (x32)
Ticket to Ride (x32)
TOSHIBA Application Installer (x32 Version: 9.0.1.0)
TOSHIBA Assist (x32 Version: 3.00.10)
TOSHIBA Bulletin Board (Version: 1.5.05.64)
TOSHIBA Bulletin Board (x32 Version: 1.5.05.64)
TOSHIBA ConfigFree (x32 Version: 8.0.21)
TOSHIBA Disc Creator (Version: 2.1.0.1 for x64)
TOSHIBA DVD PLAYER (x32 Version: 3.01.0.07-A)
TOSHIBA eco Utility (Version: 1.1.7.64)
TOSHIBA eco Utility (x32 Version: 1.1.7.64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Extended Tiles for Windows Mobility Center (x32 Version: )
TOSHIBA Face Recognition (Version: 3.1.0.64)
TOSHIBA Face Recognition (x32 Version: 3.1.0.64)
TOSHIBA Hardware Setup (x32 Version: 2.00.11)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.0)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0)
TOSHIBA Media Controller (x32 Version: 1.0.65)
TOSHIBA PC Health Monitor (Version: 1.4.1.64)
TOSHIBA Quality Application (x32 Version: 1.0.1)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.5.07.64)
TOSHIBA ReelTime (x32 Version: 1.5.07.64)
TOSHIBA Service Station (x32 Version: 2.1.33)
TOSHIBA Speech System Applications (x32 Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (x32)
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (x32)
TOSHIBA Supervisor Password (x32 Version: 2.00.09)
TOSHIBA Value Added Package (Version: 1.2.26.64)
TOSHIBA Value Added Package (x32 Version: 1.2.26.64)
TOSHIBA Web Camera Application (x32 Version: 1.1.1.4)
ToshibaRegistration (x32 Version: 1.0.3)
Trend Micro AntiVirus (Version: 17.50)
Ventrilo Client (x32 Version: 3.0.8)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 2.0.1 (x32 Version: 2.0.1)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)
WinRAR archiver
Zuse version 1.9.7.3 (x32)

==================== Restore Points  =========================

28-11-2013 00:29:21 Scheduled Checkpoint
01-12-2013 02:08:32 Restore Operation
01-12-2013 02:35:11 Installed AVG 2014
01-12-2013 02:36:03 Installed AVG 2014
01-12-2013 07:31:54 Windows Update
01-12-2013 08:35:38 Removed OpenOffice.org 3.3
01-12-2013 08:40:11 Removed OpenOffice.org 3.3
02-12-2013 03:52:11 Windows Update

==================== Hosts content: ==========================

2012-03-17 15:35 - 2012-03-17 15:35 - 00440651 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0FFC50A5-C6F9-4A40-978E-628D88F13A3D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-06] (Microsoft Corporation)
Task: {432A6231-169F-4E5C-82B8-4AC3C3490B80} - System32\Tasks\{F24A88F9-D497-4999-8D1A-1B1DFA68570A} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-05-07] ()
Task: {4B784642-ABD2-45BD-8B7D-29316E2EB799} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2013-11-17] (Microsoft Corporation)
Task: {90306845-C7E2-4A05-832F-A006169DF8E4} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {A0AD49F3-0D9E-4A7F-A7A4-1527E45E7B9B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2013-11-17] (Microsoft Corporation)
Task: {D03E94FF-E210-4D34-B732-5D5211C3B175} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-11-17 22:32 - 2013-11-17 22:32 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-01-25 01:16 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2009-07-16 16:27 - 2009-07-16 16:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 16:27 - 2009-07-16 16:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-11-12 20:46 - 2009-06-22 17:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 19:38 - 2009-07-25 19:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-01-30 19:11 - 2009-01-30 19:11 - 01091072 _____ () C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll
2009-01-30 19:10 - 2009-01-30 19:10 - 01043456 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll
2009-01-30 19:11 - 2009-01-30 19:11 - 07861248 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll
2009-08-03 20:18 - 2009-08-03 20:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-12-01 20:53 - 2013-12-01 20:53 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll
2013-12-01 20:53 - 2013-12-01 20:53 - 00142360 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll
2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\SQLite3.dll
2013-11-17 22:42 - 2013-11-17 22:42 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-17 22:33 - 2013-11-17 22:33 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2012-03-17 14:42 - 2008-06-19 16:35 - 00333288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
2012-03-17 14:42 - 2008-03-04 13:52 - 00790392 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
2012-03-17 14:42 - 2008-03-05 08:34 - 00795520 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
2012-03-17 14:42 - 2008-02-26 10:04 - 00717176 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
2012-03-17 14:42 - 2007-12-24 00:05 - 00121344 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2013 04:34:59 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/01/2013 10:04:31 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003

Error: (12/01/2013 09:55:54 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/01/2013 06:38:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: avgscana.exe, version: 14.0.0.4110, time stamp: 0x5213dd87
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000008
Fault offset: 0x00000000000cd7e8
Faulting process id: 0x6f8
Faulting application start time: 0xavgscana.exe0
Faulting application path: avgscana.exe1
Faulting module path: avgscana.exe2
Report Id: avgscana.exe3

Error: (12/01/2013 03:11:15 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3bd8

Start Time: 01ceeed93fa80b32

Termination Time: 28

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 17dc40ab-5acd-11e3-a7e7-00266c6c6bcd

Error: (12/01/2013 02:13:27 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/01/2013 02:05:10 AM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b30

Start Time: 01ceee6aec122f7d

Termination Time: 17

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 0d06cfcb-5a5f-11e3-a7e7-00266c6c6bcd

Error: (12/01/2013 01:32:15 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service CloudAvUpdater2 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/30/2013 07:05:38 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (11/30/2013 00:32:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (12/02/2013 01:42:14 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F9AB3FE4-9662-4302-9DCA-1BEDBF828F5E} because another computer on the network has the same name.  The server could not start.

Error: (12/02/2013 01:38:31 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F9AB3FE4-9662-4302-9DCA-1BEDBF828F5E} because another computer on the network has the same name.  The server could not start.

Error: (12/01/2013 11:28:00 PM) (Source: Service Control Manager) (User: )
Description: The Panda Cloud Antivirus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (12/01/2013 10:15:08 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (12/01/2013 10:15:08 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (12/01/2013 08:57:01 PM) (Source: Service Control Manager) (User: )
Description: The Panda Cloud Antivirus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (12/01/2013 08:27:47 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (12/01/2013 08:27:47 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (12/01/2013 05:50:51 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/01/2013 05:50:10 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (12/02/2013 04:34:59 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (12/01/2013 10:04:31 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (12/01/2013 09:55:54 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (12/01/2013 06:38:02 PM) (Source: Application Error)(User: )
Description: avgscana.exe14.0.0.41105213dd87ntdll.dll6.1.7601.18247521eaf24c000000800000000000cd7e86f801ceeef083d95b9bC:\Program Files (x86)\AVG\AVG2014\avgscana.exeC:\windows\SYSTEM32\ntdll.dllff7162d2-5ae9-11e3-ad8f-ea9362172473

Error: (12/01/2013 03:11:15 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.13bd801ceeed93fa80b3228C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe17dc40ab-5acd-11e3-a7e7-00266c6c6bcd

Error: (12/01/2013 02:13:27 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (12/01/2013 02:05:10 AM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.11b3001ceee6aec122f7d17C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe0d06cfcb-5a5f-11e3-a7e7-00266c6c6bcd

Error: (12/01/2013 01:32:15 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service CloudAvUpdater2 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (11/30/2013 07:05:38 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (11/30/2013 00:32:36 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 3836.17 MB
Available physical RAM: 1556.79 MB
Total Pagefile: 7670.52 MB
Available Pagefile: 5084.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (TI105736W0B) (Fixed) (Total:287.61 GB) (Free:24.01 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: D6CF2304)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

==================== End Of Log ============================

Link to post
Share on other sites

Thanks for the logs, one issue that will need attention soon is your Security setup, having more than system with an AV component is bad news.Decide which one you prefer and UNinstall the other two.. You have AVG, TrendMicro and Panda....

 

For now run the following:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

 

Post the produced logs...

 

fixlist.txt

Link to post
Share on other sites

At "removing services and drivers" of the Trend uninstall, the screen flashed a few times and I got a "Setup Program Interrupted" message. So I guess that one's not going anywhere :/. It has been deactivated for some time anyway - came with the computer but I never upgraded when the free trial expired.

Could not get Malwarebytes to update. It would stick for a few minutes on the update screen, then give me a "0,0 host not found" error. It was last updated 12/01/13 so I ran it anyway (I don't recall how I got it to update yesterday). It detected one object - "PUP.Optional.Conduit.A" After removing that, it did connect to the internet and update successfully. No additional items were found.

FRST fixlog below:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2013
Ran by Owner at 2013-12-03 08:21:44 Run:1
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKCU - {DEA84515-0CAA-481A-8C7A-E8010F3B87D4} URL =
SearchScopes: HKCU - {F78C8B85-C6D8-4EF8-ACE8-0224FBBB95CA} URL =
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42576 2010-07-30] (Trend Micro Inc.)
C:\Windows\System32\DRIVERS\tmpreflt.sys
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
NETSVC: iviVD -> No ServiceDLL Path
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\rootsupd.exe
C:\Users\Owner\AppData\Local\Temp\VP6Install.exe
C:\Users\Owner\AppData\Local\Temp\VP6VFW.dll
DeleteJunctionsIndirectory: C:\Windows\system64
End



*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DEA84515-0CAA-481A-8C7A-E8010F3B87D4} => Key deleted successfully.
HKCR\CLSID\{DEA84515-0CAA-481A-8C7A-E8010F3B87D4} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F78C8B85-C6D8-4EF8-ACE8-0224FBBB95CA} => Key deleted successfully.
HKCR\CLSID\{F78C8B85-C6D8-4EF8-ACE8-0224FBBB95CA} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
tmpreflt => Service not found.
"C:\Windows\System32\DRIVERS\tmpreflt.sys" => File/Directory not found.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
RtsUIR => Service deleted successfully.
USBCCID => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs iviVD => Deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\rootsupd.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\VP6Install.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\VP6VFW.dll => Moved successfully.
"C:\Windows\system64" => Deleting reparse point and unlocking started.
"C:\Windows\system64" => Deleting reparse point and unlocking done.
"C:\Windows\system64" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====

Link to post
Share on other sites

Adwcleaner log below.

 

# AdwCleaner v3.014 - Report created 03/12/2013 at 20:17:56
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Partner Service
Service Deleted : vToolbarUpdater17.1.2

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64fi9gbw.default\ConduitCommon
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64fi9gbw.default\Smartbar
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64fi9gbw.default\prefs.js ]

Line Deleted : user_pref("CT3072253_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1385958468125,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl2 Customized Web Search");

Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3072253");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

Line Deleted : user_pref("smartbar.machineId", "3IK5RHRXEK8SLPGBPW4XOCSDZ6WMYLQVUJ7XTGI+NFEPULAA7OL5++XZB31NPI0NBKCN/4BFXQEMBJLQ1PKJFG");

*************************

AdwCleaner[R0].txt - [9264 octets] - [03/12/2013 20:11:06]
AdwCleaner[s0].txt - [9184 octets] - [03/12/2013 20:17:56]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9244 octets] ##########

Link to post
Share on other sites

Having old security systems on your system can give problems, even when not in use there are drivers that will be running. Always best option is to full uninstall and remove all traces...

 

Trend Micro have specific removal tools for different versions, go here: http://esupport.trendmicro.com/Pages/How-do-I-remove-old-or-new-versions-of-Trend-Micro-products-in-my-comp.aspx d/l and run the tool for your version.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Finally,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin

Link to post
Share on other sites

Computer is running SO much better! Wow! Thank you so much :).

 

Got Trend uninstalled. ESET found no threats.

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

That is good news, just what we like to hear, we continue:

 

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Uninstall adwcleaner.exe (unless you want to keep it)

 

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Next,

 

Delete Security Checks and any produced logs,

 

Next,

 

Create a new restore point:

 

   1. Right-click on Computer and go to Properties.

   2. Next click on the System Protection link.

   3. The System Properties dialog screen opens up and you will want to click on Create.

   4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.

   5. You should see the message "The restore point was created successfully

 

To remove all but the most recent restore point do the following:

 

   1.      Open Disk Cleanup by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.

   2.      If prompted, select the drive that you want to clean up, and then click OK.

   3.      In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

   4.      If prompted, select the drive that you want to clean up, and then click OK.

   5.      Click the More Options tab, under System Restore and Shadow Copies, click Clean up.

   6.      In the Disk Cleanup dialog box, click Delete.

   7.      Click Delete Files, and then click OK. Re-Boot your PC.

 

Let me know if those steps complete, also if any remaining issues or concerns...

 

Finally,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

 

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.