Jump to content

Ran Malwarebytes now network connection but no internet connection,


Recommended Posts

Hello, I'm trying to save my Daughter's Boyfriend's computer so he can use it for college. I ran Malwarebytes and it came up with 2000+ PUP items. I managed to quarantine the items instead of following my tendency to automatically delete everything, so, hopefully I can restore them if I need to as I see by reading other posts that I've been jumping around the removal process with really no rhyme or reason. The quarantine cut off internet access to his machine, but it will connect to home network. Since the scan I've also uninstalled some programs and updated his Windows 7 with Windows Update, which still connects for some reason. I've decided to ask for help before I get too out of hand with my haphazard procedure.I will do nothing further until instructed by you. Thank you very much for your time and effort, here are my FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Elvita (administrator) on ELVITA-HP on 19-05-2014 07:41:47
Running from C:\Users\Elvita\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Facebook Inc.) C:\Users\Elvita\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1956058397-3388249811-2426527803-1000\...\Run: [Facebook Update] => C:\Users\Elvita\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-11] (Facebook Inc.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\movies~1\datamngr\mgrldr.dll => "c:\progra~2\movies~1\datamngr\mgrldr.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\optimi~1\optpro~1.dll => "c:\progra~2\optimi~1\optpro~1.dll" File Not Found
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-514&v=n9854-158&t=4
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll No File
Winsock: Catalog9 01 C:\Windows\system32\webmakerplus.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\webmakerplus.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\webmakerplus.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\webmakerplus.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\webmakerplus.dll File Not found ()
Winsock: Catalog9-x64 01 C:\Windows\system32\webmakerplus64.dll [430080] (Sweesh LTD)
Winsock: Catalog9-x64 02 C:\Windows\system32\webmakerplus64.dll [430080] (Sweesh LTD)
Winsock: Catalog9-x64 03 C:\Windows\system32\webmakerplus64.dll [430080] (Sweesh LTD)
Winsock: Catalog9-x64 04 C:\Windows\system32\webmakerplus64.dll [430080] (Sweesh LTD)
Winsock: Catalog9-x64 15 C:\Windows\system32\webmakerplus64.dll [430080] (Sweesh LTD)
Tcpip\Parameters: [DhcpNameServer] 69.145.232.30 69.144.49.28 69.146.17.5
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll No File
FF Plugin-x32: @ei.Retrogamer_4w.com/Plugin - C:\Program Files (x86)\Retrogamer_4wEI\Installr\1.bin\NP4wEISB.dll (Retrogamer)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: TorchVLC - C:\Users\Elvita\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Elvita\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: No Name - C:\Users\Elvita\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-11-24]
FF Extension: HDvid Codec 3 - C:\Users\Elvita\AppData\Roaming\Mozilla\Firefox\profiles\extensions\hdvc3@hdvidcodec.com.xpi [2013-06-30]
 
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Elvita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnllcmllkjofnojidnaknldfehfhehoo [2013-11-19]
CHR Extension: (No Name) - C:\Users\Elvita\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimjncgpflkpkhbnnblhblobjjjhjhd [2014-02-05]
CHR Extension: (No Name) - C:\Users\Elvita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - C:\Program Files (x86)\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [ljkcijnbckdflhifmbnfnkjacokloacf] - C:\Program Files (x86)\qualitink\ljkcijnbckdflhifmbnfnkjacokloacf.crx [2013-10-26]
 
==================== Services (Whitelisted) =================
 
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe" [X]
S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-23] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 ghsdiagMDM; C:\Windows\System32\DRIVERS\ghsdiagMDM.sys [122496 2011-11-28] (HS Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-19 07:41 - 2014-05-19 07:42 - 00019560 _____ () C:\Users\Elvita\Desktop\FRST.txt
2014-05-19 07:39 - 2014-05-19 07:41 - 00000000 ____D () C:\FRST
2014-05-19 07:35 - 2014-05-18 22:09 - 02067456 _____ (Farbar) C:\Users\Elvita\Desktop\FRST64.exe
2014-05-18 19:13 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-05-18 19:13 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-05-18 19:13 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-05-18 19:13 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-05-18 19:03 - 2014-05-18 19:03 - 00770556 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-18 18:55 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-05-18 18:47 - 2014-05-18 18:47 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-18 18:47 - 2014-05-18 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-18 18:47 - 2014-05-18 18:47 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-18 18:47 - 2014-05-18 18:47 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-18 18:47 - 2014-05-18 18:47 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-18 18:47 - 2014-05-18 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-18 18:47 - 2014-05-18 18:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-18 18:47 - 2014-05-18 18:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-18 18:47 - 2014-05-18 18:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-18 18:47 - 2014-05-18 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-18 18:47 - 2014-05-18 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-18 18:44 - 2014-05-18 18:56 - 00007945 _____ () C:\Windows\IE11_main.log
2014-05-18 18:37 - 2014-05-18 18:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-18 18:37 - 2014-05-18 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-18 16:46 - 2014-02-06 19:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-05-18 15:55 - 2014-05-09 00:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-18 15:55 - 2014-05-09 00:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-18 15:55 - 2014-03-24 20:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-18 15:55 - 2014-03-24 20:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-18 15:55 - 2014-01-28 20:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-05-18 15:55 - 2014-01-28 20:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-05-18 15:55 - 2014-01-27 20:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-05-18 15:55 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-05-18 15:55 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-05-18 15:55 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-05-18 15:55 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-05-18 15:55 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-05-18 15:55 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-05-18 15:54 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-05-18 15:54 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-05-18 15:54 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-05-18 15:54 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-05-18 15:54 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-05-18 15:54 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-05-18 15:54 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-05-18 15:54 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-05-18 15:51 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-05-18 15:51 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-05-18 15:51 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-05-18 15:51 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-05-18 15:51 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-05-18 15:51 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-05-18 15:51 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-05-18 15:51 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-05-18 15:51 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-05-18 15:51 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-05-18 15:51 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-05-18 15:51 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-05-18 15:51 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-05-18 15:51 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-05-18 15:51 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-05-18 15:51 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-05-18 15:51 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-05-18 15:51 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-05-18 15:51 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-05-18 15:51 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-05-18 15:51 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-05-18 15:50 - 2014-04-11 20:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-18 15:50 - 2014-04-11 20:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-18 15:50 - 2014-03-04 03:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-18 15:50 - 2014-03-04 03:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-18 15:50 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-18 15:50 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-18 15:50 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-18 15:50 - 2014-03-04 03:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-18 15:50 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-18 15:49 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-18 15:49 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-18 15:49 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-18 15:49 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-18 15:49 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-18 15:49 - 2014-04-11 20:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-18 15:49 - 2014-04-11 20:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-05-18 15:49 - 2014-03-04 03:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-18 15:49 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-18 15:49 - 2014-03-04 03:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-18 15:49 - 2014-03-04 03:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-18 15:49 - 2014-03-04 03:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-18 15:49 - 2014-03-04 03:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-18 15:49 - 2014-03-04 03:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-18 15:49 - 2014-03-04 02:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-18 15:49 - 2014-03-04 02:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-18 15:49 - 2014-02-03 20:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-05-18 15:49 - 2014-02-03 20:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-05-18 15:49 - 2014-02-03 20:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-05-18 15:49 - 2014-02-03 20:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-05-18 15:49 - 2014-02-03 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-05-18 15:49 - 2014-02-03 20:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-05-18 15:49 - 2014-02-03 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-05-18 15:49 - 2014-01-23 20:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-05-18 15:49 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-05-18 15:49 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-05-18 15:49 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-05-18 15:49 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-05-18 15:49 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-05-18 15:42 - 2014-02-03 20:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-05-18 15:42 - 2014-02-03 20:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-05-18 15:42 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-05-18 15:42 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-05-18 15:42 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-05-18 15:42 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-05-18 15:42 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-05-18 15:42 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-05-18 15:42 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-05-18 15:42 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\inetpub
2014-05-17 21:36 - 2014-05-17 21:36 - 00000000 __SHD () C:\Users\Elvita\AppData\Local\EmieUserList
2014-05-17 21:36 - 2014-05-17 21:36 - 00000000 __SHD () C:\Users\Elvita\AppData\Local\EmieSiteList
2014-05-17 21:29 - 2014-05-17 21:29 - 00000000 ____D () C:\Users\Elvita\AppData\Roaming\InstallShield
2014-05-17 21:22 - 2014-05-18 17:55 - 00000000 ____D () C:\Windows\pss
2014-05-17 20:39 - 2014-05-18 19:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-17 18:05 - 2014-05-18 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-17 18:05 - 2014-05-17 18:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 18:05 - 2014-05-17 18:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-17 18:05 - 2014-05-17 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 18:05 - 2014-05-17 18:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 18:05 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-17 18:05 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-17 18:05 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-17 18:03 - 2014-05-17 18:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Elvita\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-17 17:49 - 2014-05-17 17:49 - 00000000 ____D () C:\Users\Elvita\AppData\Local\BrowserSafeguard
 
==================== One Month Modified Files and Folders =======
 
2014-05-19 07:42 - 2014-05-19 07:41 - 00019560 _____ () C:\Users\Elvita\Desktop\FRST.txt
2014-05-19 07:41 - 2014-05-19 07:39 - 00000000 ____D () C:\FRST
2014-05-19 07:41 - 2013-10-26 12:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-19 07:34 - 2009-07-13 23:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-19 07:33 - 2014-01-01 05:17 - 00003876 _____ () C:\Windows\setupact.log
2014-05-19 07:26 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-19 07:26 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-19 07:22 - 2012-01-27 12:45 - 01184985 _____ () C:\Windows\WindowsUpdate.log
2014-05-19 07:18 - 2013-10-26 12:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-19 07:18 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 23:50 - 2013-09-11 17:45 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000UA.job
2014-05-18 23:50 - 2013-09-01 14:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-18 22:09 - 2014-05-19 07:35 - 02067456 _____ (Farbar) C:\Users\Elvita\Desktop\FRST64.exe
2014-05-18 19:48 - 2013-08-31 18:02 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA0E8969-9015-46E9-8B94-C60B6C5B2B90}
2014-05-18 19:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-18 19:28 - 2013-08-31 18:02 - 00001417 _____ () C:\Users\Elvita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-18 19:28 - 2013-08-31 18:02 - 00000000 ___RD () C:\Users\Elvita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 19:28 - 2013-08-31 18:02 - 00000000 ___RD () C:\Users\Elvita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 19:28 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-18 19:24 - 2013-09-03 20:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-18 19:24 - 2013-09-03 20:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-18 19:24 - 2010-11-20 21:47 - 01726578 _____ () C:\Windows\PFRO.log
2014-05-18 19:24 - 2009-07-13 22:45 - 00416712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-18 19:21 - 2014-05-17 20:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-18 19:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-18 19:03 - 2014-05-18 19:03 - 00770556 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-18 18:56 - 2014-05-18 18:44 - 00007945 _____ () C:\Windows\IE11_main.log
2014-05-18 18:47 - 2014-05-18 18:47 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-18 18:47 - 2014-05-18 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-18 18:47 - 2014-05-18 18:47 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-18 18:47 - 2014-05-18 18:47 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-18 18:47 - 2014-05-18 18:47 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-18 18:47 - 2014-05-18 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-18 18:47 - 2014-05-18 18:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-18 18:47 - 2014-05-18 18:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-18 18:47 - 2014-05-18 18:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-18 18:47 - 2014-05-18 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-18 18:47 - 2014-05-18 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-18 18:37 - 2014-05-18 18:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-18 18:37 - 2014-05-18 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-18 18:37 - 2013-10-15 21:06 - 00000000 ____D () C:\ProgramData\Skype
2014-05-18 18:26 - 2013-09-01 13:57 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-18 18:26 - 2013-09-01 13:56 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-18 18:26 - 2013-09-01 13:55 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-18 18:26 - 2013-09-01 13:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-18 18:15 - 2013-08-31 19:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-18 18:09 - 2013-08-31 21:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-18 18:04 - 2013-09-03 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-18 17:55 - 2014-05-17 21:22 - 00000000 ____D () C:\Windows\pss
2014-05-18 17:50 - 2013-09-11 17:45 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000Core.job
2014-05-18 17:50 - 2013-09-02 17:18 - 00000000 ____D () C:\Users\Elvita\AppData\Local\CrashDumps
2014-05-18 17:48 - 2013-08-31 18:02 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForElvita.job
2014-05-18 17:36 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-05-18 17:28 - 2013-08-31 18:02 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForElvita
2014-05-18 17:28 - 2013-08-31 17:58 - 00000000 ____D () C:\Users\Elvita
2014-05-18 15:24 - 2009-07-13 21:20 - 00000000 __RSD () C:\Windows\Media
2014-05-18 15:24 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\schemas
2014-05-18 15:24 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-05-18 15:23 - 2014-05-17 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 15:23 - 2014-03-23 14:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-18 15:23 - 2014-03-23 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-18 15:23 - 2014-03-23 14:52 - 00000000 ____D () C:\ProgramData\Avira
2014-05-18 15:23 - 2014-03-23 14:52 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-18 15:23 - 2013-12-19 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-18 15:23 - 2013-12-19 20:31 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-05-18 15:23 - 2013-12-19 20:29 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-18 15:23 - 2013-12-11 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-05-18 15:23 - 2013-11-24 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2014-05-18 15:23 - 2013-11-24 15:08 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-05-18 15:23 - 2013-11-12 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Internet Explorer 10
2014-05-18 15:23 - 2013-11-12 21:07 - 00000000 ____D () C:\Program Files (x86)\Download Internet Explorer 10
2014-05-18 15:23 - 2013-10-26 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-18 15:23 - 2013-10-26 12:24 - 00000000 ____D () C:\Users\Elvita\AppData\Local\Google
2014-05-18 15:23 - 2013-10-26 12:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-18 15:23 - 2012-01-27 12:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-18 15:23 - 2011-07-12 21:32 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-05-18 15:23 - 2011-07-12 21:32 - 00000000 ____D () C:\Program Files (x86)\Roxio
2014-05-18 15:23 - 2011-07-12 21:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-05-18 15:23 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 15:23 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-18 15:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-18 15:22 - 2012-01-27 13:39 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-18 15:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-05-18 15:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-05-18 15:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-05-18 15:09 - 2012-01-27 12:45 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-18 15:09 - 2011-07-12 21:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-18 15:09 - 2011-07-12 21:24 - 00000000 ____D () C:\Program Files (x86)\K-NFB Reading Technology Inc
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\inetpub
2014-05-18 13:15 - 2014-03-23 14:39 - 00000000 ____D () C:\Users\Elvita\Documents\Optimizer Pro
2014-05-17 21:36 - 2014-05-17 21:36 - 00000000 __SHD () C:\Users\Elvita\AppData\Local\EmieUserList
2014-05-17 21:36 - 2014-05-17 21:36 - 00000000 __SHD () C:\Users\Elvita\AppData\Local\EmieSiteList
2014-05-17 21:29 - 2014-05-17 21:29 - 00000000 ____D () C:\Users\Elvita\AppData\Roaming\InstallShield
2014-05-17 20:56 - 2013-11-24 15:08 - 00000000 ____D () C:\Users\Elvita\AppData\Roaming\Open Download Manager
2014-05-17 18:45 - 2014-03-23 14:32 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-17 18:44 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-17 18:38 - 2014-03-23 14:31 - 00000000 ____D () C:\Users\Elvita\AppData\Local\Conduit
2014-05-17 18:38 - 2014-03-23 14:31 - 00000000 ____D () C:\Program Files\Conduit
2014-05-17 18:38 - 2014-03-23 14:31 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-05-17 18:38 - 2013-11-24 15:12 - 00000000 ____D () C:\Users\Elvita\AppData\Roaming\52926c31e56da1a935000c10
2014-05-17 18:38 - 2013-11-06 02:58 - 00000000 ____D () C:\ProgramData\Wincert
2014-05-17 18:38 - 2013-11-06 02:57 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar
2014-05-17 18:34 - 2013-11-06 18:25 - 00000000 ____D () C:\ProgramData\Big Fish
2014-05-17 18:34 - 2013-11-06 18:07 - 00000000 ____D () C:\BigFishCache
2014-05-17 18:10 - 2014-05-17 18:05 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 18:05 - 2014-05-17 18:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-17 18:05 - 2014-05-17 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 18:05 - 2014-05-17 18:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 18:03 - 2014-05-17 18:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Elvita\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-17 17:49 - 2014-05-17 17:49 - 00000000 ____D () C:\Users\Elvita\AppData\Local\BrowserSafeguard
2014-05-15 01:19 - 2013-09-15 15:50 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-15 01:19 - 2013-09-01 13:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-09 00:14 - 2014-05-18 15:55 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 00:11 - 2014-05-18 15:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-04 17:12 - 2013-08-31 19:05 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-01 00:15 - 2013-08-31 18:13 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForELVITA-HP$
2014-05-01 00:15 - 2013-08-31 18:13 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForELVITA-HP$.job
 
Some content of TEMP:
====================
C:\Users\Elvita\AppData\Local\Temp\avgnt.exe
C:\Users\Elvita\AppData\Local\Temp\BackupSetup.exe
C:\Users\Elvita\AppData\Local\Temp\Cloud_Backup_Setup.exe
C:\Users\Elvita\AppData\Local\Temp\D2M-Precheck.exe
C:\Users\Elvita\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Elvita\AppData\Local\Temp\Impressioner.exe
C:\Users\Elvita\AppData\Local\Temp\installer.exe
C:\Users\Elvita\AppData\Local\Temp\Installer_cr.exe
C:\Users\Elvita\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Elvita\AppData\Local\Temp\ose00000.exe
C:\Users\Elvita\AppData\Local\Temp\sp64126.exe
C:\Users\Elvita\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Elvita\AppData\Local\Temp\System.Data.SQLite15273.dll
C:\Users\Elvita\AppData\Local\Temp\System.Data.SQLite18194.dll
C:\Users\Elvita\AppData\Local\Temp\System.Data.SQLite20847.dll
C:\Users\Elvita\AppData\Local\Temp\System.Data.SQLite28714.dll
C:\Users\Elvita\AppData\Local\Temp\System.Data.SQLite29109.dll
C:\Users\Elvita\AppData\Local\Temp\System.Data.SQLite38244.dll
C:\Users\Elvita\AppData\Local\Temp\System.Data.SQLite39623.dll
C:\Users\Elvita\AppData\Local\Temp\System.Data.SQLite46028.dll
C:\Users\Elvita\AppData\Local\Temp\System.Data.SQLite55467.dll
C:\Users\Elvita\AppData\Local\Temp\System.Data.SQLite63341.dll
C:\Users\Elvita\AppData\Local\Temp\System.Data.SQLite68484.dll
C:\Users\Elvita\AppData\Local\Temp\System.Data.SQLite70482.dll
C:\Users\Elvita\AppData\Local\Temp\System.Data.SQLite87033.dll
C:\Users\Elvita\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Elvita\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Elvita\AppData\Local\Temp\WindowShopper.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2014-05-18 15:50] - [2014-03-04 03:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-18 12:28
 
==================== End Of Log ============================
 
 
Link to post
Share on other sites

Continuing Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Elvita at 2014-05-19 07:43:10
Running from C:\Users\Elvita\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: AVG AntiVirus 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4259 - AVG Technologies)
AVG 2014 (Version: 14.0.3681 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.0.5.292 - AVG Technologies)
Avira (HKLM-x32\...\{628220ce-1d5b-48fe-8fc8-73b111141180}) (Version: 1.0.5197.30752 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.0.5197.30752 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.4119 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F2CE207D-C146-4BFD-A1C2-219483C58819}) (Version:  - Microsoft)
Download Internet Explorer 10 10.0.01 (HKLM-x32\...\{D745D5CB-3FF0-4066-A7A8-418E25DF3FE0}_is1) (Version: 10.0.01 - Download Internet Explorer 10)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Connection Manager (HKLM-x32\...\{5E63C0AB-19B0-47D4-842E-6B324EB0614B}) (Version: 4.1.23.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 1.0.057 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Open Downloader Manager (HKLM-x32\...\OpenDownloaderManager) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Torch (HKCU\...\Torch) (Version: 29.0.0.6058 - Torch Media, Inc) <==== ATTENTION
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
18-05-2014 23:59:55 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {051B6369-2C34-45D9-A7F2-23C101486CB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {109E3145-B548-4A04-AAF3-4E1DFA709C4C} - System32\Tasks\Plus-HD-1.3-codedownloader => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe <==== ATTENTION
Task: {1ABA8A41-577E-418B-ADF6-D328E02B5E4A} - System32\Tasks\Plus-HD-1.3-updater => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe <==== ATTENTION
Task: {1CE40254-AC10-48F1-B930-0DE858BA38B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {1E547AA5-C590-4D30-AB20-245BFEB547EC} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-27] ()
Task: {21AA18BC-146B-43F3-AB52-AE28A32A9836} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3124465C-96E6-488A-9082-2CFD21AA4E96} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26] (Google Inc.)
Task: {3420C19F-343E-46E0-AB58-BA2B6168D85B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {47DFA771-0471-48BD-A69D-16FEE4FBD434} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {4B88C8A9-1B6F-4D26-957B-269FDF01EF90} - System32\Tasks\Plus-HD-1.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe <==== ATTENTION
Task: {5769CB5F-5339-487E-A16E-877BFAF95DBF} - System32\Tasks\HDvid Codec V1-enabler => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-enabler.exe <==== ATTENTION
Task: {6C526D56-D63E-4451-8014-BCB4CFF050EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {7041661E-1184-46C5-8CC9-E0118D2380FA} - System32\Tasks\Plus-HD-1.3-enabler => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe <==== ATTENTION
Task: {7A91F8DE-CDB8-4FCF-B1C9-2EA92F2FE60D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {7DC7D6A2-8EAB-400E-AEC4-4F72A981F1B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-21] (Adobe Systems Incorporated)
Task: {8D233275-F528-4624-BCD3-39B18BF647FB} - System32\Tasks\HDvid Codec V1-updater => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-updater.exe <==== ATTENTION
Task: {9BC27759-1912-43C9-A166-C136AE704C7B} - System32\Tasks\HDvid Codec V1-codedownloader => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-codedownloader.exe <==== ATTENTION
Task: {AC5F7650-95A9-47ED-9951-F7FA000826CC} - System32\Tasks\HPCeeScheduleForELVITA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B2A0E9F7-B7DC-4C1E-BBF7-6C04D8D6275A} - System32\Tasks\Plus-HD-1.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe <==== ATTENTION
Task: {B5DE9803-16CB-4789-8165-142E2B358626} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000UA => C:\Users\Elvita\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-11] (Facebook Inc.)
Task: {CABDEC80-3367-48AC-8EE5-D8F3F8880131} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26] (Google Inc.)
Task: {D3CEE00D-D3BD-4B0B-823E-AF336857A2EF} - System32\Tasks\HPCeeScheduleForElvita => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {D448A72F-5F45-4B60-AF31-82CCDF5E4F9F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000Core => C:\Users\Elvita\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-11] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000Core.job => C:\Users\Elvita\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000UA.job => C:\Users\Elvita\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForELVITA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForElvita.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-18 19:56 - 2014-05-18 19:56 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll
2012-01-27 12:45 - 2010-09-13 20:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:1663E41B
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\webmakerplus => ""="service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^Users^Elvita^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk => C:\Windows\pss\ZooskMessenger.lnk.Startup
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPConnectionManager => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: iLivid => "C:\Users\Elvita\AppData\Local\iLivid\iLivid.exe" -autorun
MSCONFIG\startupreg: Open Download Manager => C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/19/2014 07:34:20 AM) (Source: Google Update) (EventID: 20) (User: Elvita-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (05/19/2014 07:20:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2014 07:20:00 AM) (Source: Google Update) (EventID: 20) (User: Elvita-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (05/19/2014 07:19:59 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.CompositionException
Stack:
   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   at System.ComponentModel.Composition.Primitives.Export.get_Value()
   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   at Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (05/19/2014 07:19:47 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.CompositionException
Stack:
   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   at System.ComponentModel.Composition.Primitives.Export.get_Value()
   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   at Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (05/19/2014 07:19:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgwdsvc.exe, version: 14.0.0.4204, time stamp: 0x5240cfb0
Faulting module name: avgwd.dll, version: 14.0.0.4259, time stamp: 0x528a807d
Exception code: 0xc0000005
Fault offset: 0x0008b465
Faulting process id: 0x4e8
Faulting application start time: 0xavgwdsvc.exe0
Faulting application path: avgwdsvc.exe1
Faulting module path: avgwdsvc.exe2
Report Id: avgwdsvc.exe3
 
Error: (05/19/2014 07:19:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.CompositionException
Stack:
   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   at System.ComponentModel.Composition.Primitives.Export.get_Value()
   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   at Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (05/18/2014 11:50:26 PM) (Source: Google Update) (EventID: 20) (User: Elvita-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (05/18/2014 10:44:34 PM) (Source: Google Update) (EventID: 20) (User: Elvita-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (05/18/2014 08:50:29 PM) (Source: Google Update) (EventID: 20) (User: Elvita-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
 
System errors:
=============
Error: (05/19/2014 07:19:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (05/19/2014 07:19:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/19/2014 07:19:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/19/2014 07:19:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/19/2014 07:19:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.0.5 service failed to start due to the following error: 
%%2
 
Error: (05/19/2014 07:19:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVGIDSAgent service failed to start due to the following error: 
%%2
 
Error: (05/19/2014 07:19:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira Real-Time Protection service failed to start due to the following error: 
%%1053
 
Error: (05/19/2014 07:19:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Real-Time Protection service to connect.
 
Error: (05/19/2014 07:19:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.
 
Error: (05/19/2014 07:18:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira Scheduler service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (05/19/2014 07:34:20 AM) (Source: Google Update) (EventID: 20) (User: Elvita-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (05/19/2014 07:20:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/19/2014 07:20:00 AM) (Source: Google Update) (EventID: 20) (User: Elvita-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (05/19/2014 07:19:59 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.CompositionException
Stack:
   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   at System.ComponentModel.Composition.Primitives.Export.get_Value()
   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   at Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (05/19/2014 07:19:47 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.CompositionException
Stack:
   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   at System.ComponentModel.Composition.Primitives.Export.get_Value()
   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   at Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (05/19/2014 07:19:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgwdsvc.exe14.0.0.42045240cfb0avgwd.dll14.0.0.4259528a807dc00000050008b4654e801cf7364efaaf962C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exeC:\Program Files (x86)\AVG\AVG2014\avgwd.dll36a8a715-df58-11e3-9bd2-ec9a74f3304c
 
Error: (05/19/2014 07:19:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.CompositionException
Stack:
   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   at System.ComponentModel.Composition.Primitives.Export.get_Value()
   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   at Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (05/18/2014 11:50:26 PM) (Source: Google Update) (EventID: 20) (User: Elvita-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (05/18/2014 10:44:34 PM) (Source: Google Update) (EventID: 20) (User: Elvita-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (05/18/2014 08:50:29 PM) (Source: Google Update) (EventID: 20) (User: Elvita-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 3947.86 MB
Available physical RAM: 2775.23 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 6358.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:279.47 GB) (Free:234.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.46 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive g: (ROD'S STICK) (Removable) (Total:1.89 GB) (Free:1.42 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E9B0A126)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Staff

Hello gjcab09 and welcome to Malwarebytes. :)

We first need to deal with the multiple Anti Virus programs on this machine. While it may seem to be added protection, in fact the opposite is true as they will all conflict with one another. Additionally, they can cause system slow downs and odd behavior.

Please choose and run only 1 of the AV's listed below and uninstall the others via Start>Control Panel>Programs and features>Uninstall a program.

AVG 2014 (If you choose to uninstall AVG, also uninstall the AVG SafeGuard toolbar)

Avira Free Antivirus

Microsoft Security Essentials

Reboot when done, then please download ComboFix.exe from here http://download.bleepingcomputer.com/sUBs/ComboFix.exe and save it to your desktop.

Next, disable your AntiVirus as it will interfere with the tool and any removals that may need to be done. If you are unsure how to disable those programs, see this link for instructions on disabling the various protective programs --> http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html

Double click on Combofix.exe and follow the prompts. During the course of the scan your desktop may disappear - this is normal, and it will return.

When finished, it shall produce a log for you. Please **attach** the C:\ComboFix.txt to your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion.." and no programs will run - please just reboot the machine and that will resolve that error.

Link to post
Share on other sites

Thank you for responding.

 

Re: your request to remove the AV programs...My attempt to remove AVG 2014 and AVG Safeguard Toolbar with the Uninstall a Program feature results in this message from AVG "An error occured while trying to uninstall AVG 2014. It may have already been uninstalled. Would you like to remove AVG 2014 from the Programs and Features list?" I left it alone for now while awaiting instruction from you.

 

While attempting to uninstall the Avira Free Antivirus I received the following error message: "​Setup could not determine the feature control file or was not able to read it correctly [error code:7]

 

I do not see anything running in Task Manager that is obviously related to either Program under applications or processes.

 

Microsoft Security Essentials appears to be the only AV actually running on this machine should I proceed with the download of combo fix?

Link to post
Share on other sites

  • Staff

Hi gjcab09,

 

The problem is that I see Services and drivers still on the machine for both AVG and Avira.

 

You mentioned you performed some uninstalls, were these 2 programs involved and if so, were the uninstalls done before, or after you ran FRST and posted this log?  I'm trying to establish if this log is actually the current state of the machine.

 

 

 

 

Link to post
Share on other sites

I attempted to uninstall both Avira and AVG prior to contacting this forum. The message has always been the same for AVG (since the machine has been in my possession), I thought that I had a clean uninstall for AVIRA but then did a system restore to a point between running Malwarebytes and uninstalling the AV's when I discovered no internet access for the machine. The FRST log was the very last thing that I did once discovering this forum, so, to answer your question directly, yes, I attempted uninstalls on both programs before running the FRST log. I believe that there are bits and pieces of things on this machine, but have no idea the proper way to get at and remove them.

 

Thank you again, I know this is a pain. 

Link to post
Share on other sites

  • Staff

You're welcome.  :)

These leftovers can affect the machine, so let's get rid of those first.

Use the working machine to download and run AVG's uninstaller from here http://www.avg.com/us-en/utilities

You want the AVG Remover(64-bit) 2014. Make sure you reboot after it has finished.

Next, download AppRemover Free version from here to uninstall Avira http://www.appremover.com

Again, be sure to reboot when done. After you've run those, please run a new scan with FRST64.exe and post the contents of the FRST.txt.

Link to post
Share on other sites

OK, some interesting things happened...

 

On AVG uninstall the AVG appears to have been removed, but the AVG Safeguard Toolbar still shows up in the add/remove programs dialogue. It also created 2 txt files which I have attached to this post.

 

On installation of Appremover, it was unable to discover AVIRA and reported Windows Security Essentials as the only anti-virus to uninstall (or something to that effect)

 

The re-run of FRST is here also, I  apparently now have internet access with his machine:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Elvita (administrator) on ELVITA-HP on 22-05-2014 10:12:43
Running from C:\Users\Elvita\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll No File
Tcpip\Parameters: [DhcpNameServer] 69.145.232.30 69.144.49.28 69.146.17.5
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll No File
FF Plugin-x32: @ei.Retrogamer_4w.com/Plugin - C:\Program Files (x86)\Retrogamer_4wEI\Installr\1.bin\NP4wEISB.dll (Retrogamer)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: TorchVLC - C:\Users\Elvita\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Elvita\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: No Name - C:\Users\Elvita\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-11-24]
FF Extension: HDvid Codec 3 - C:\Users\Elvita\AppData\Roaming\Mozilla\Firefox\profiles\extensions\hdvc3@hdvidcodec.com.xpi [2013-06-30]
 
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Elvita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnllcmllkjofnojidnaknldfehfhehoo [2013-11-19]
CHR Extension: (No Name) - C:\Users\Elvita\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimjncgpflkpkhbnnblhblobjjjhjhd [2014-02-05]
CHR Extension: (No Name) - C:\Users\Elvita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - C:\Program Files (x86)\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [ljkcijnbckdflhifmbnfnkjacokloacf] - C:\Program Files (x86)\qualitink\ljkcijnbckdflhifmbnfnkjacokloacf.crx [2013-10-26]
 
==================== Services (Whitelisted) =================
 
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain
S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-23] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 ghsdiagMDM; C:\Windows\System32\DRIVERS\ghsdiagMDM.sys [122496 2011-11-28] (HS Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-22 10:12 - 2014-05-22 10:12 - 00016279 _____ () C:\Users\Elvita\Desktop\FRST.txt
2014-05-22 10:11 - 2014-05-22 10:12 - 00000000 ____D () C:\Users\Elvita\Desktop\AVGstuff
2014-05-22 10:10 - 2014-05-22 10:11 - 00000000 ____D () C:\Users\Elvita\Desktop\FRSTstuff
2014-05-22 10:04 - 2014-05-22 10:04 - 11519096 _____ (OPSWAT, Inc.) C:\Users\Elvita\Desktop\AppRemover.exe
2014-05-22 09:51 - 2014-05-22 09:51 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Elvita\Desktop\avg_remover_stf_x64_2014_4116.exe
2014-05-22 07:51 - 2014-05-05 22:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-22 07:51 - 2014-05-05 21:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-22 07:51 - 2014-05-05 20:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-22 07:50 - 2014-05-05 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-22 07:50 - 2014-05-05 21:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-22 07:50 - 2014-05-05 21:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-22 07:29 - 2014-05-22 07:29 - 00024389 _____ () C:\ComboFix.txt
2014-05-22 07:03 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-22 07:03 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-22 07:03 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-22 07:03 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-22 07:03 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-22 07:03 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-22 07:03 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-22 07:03 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-22 07:02 - 2014-05-22 07:29 - 00000000 ____D () C:\Qoobox
2014-05-22 07:02 - 2014-05-22 07:27 - 00000000 ____D () C:\Windows\erdnt
2014-05-22 06:46 - 2014-05-22 06:44 - 05200426 ____R (Swearware) C:\Users\Elvita\Desktop\ComboFix.exe
2014-05-22 06:25 - 2014-02-28 22:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-22 06:17 - 2014-05-22 06:17 - 00001076 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-19 07:39 - 2014-05-22 10:12 - 00000000 ____D () C:\FRST
2014-05-19 07:35 - 2014-05-18 22:09 - 02067456 _____ (Farbar) C:\Users\Elvita\Desktop\FRST64.exe
2014-05-18 19:13 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-05-18 19:13 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-05-18 19:13 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-05-18 19:13 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-05-18 19:03 - 2014-05-22 07:45 - 00774052 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-18 18:55 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-05-18 18:47 - 2014-05-18 18:47 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-18 18:47 - 2014-05-18 18:47 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-18 18:47 - 2014-05-18 18:47 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-18 18:47 - 2014-05-18 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-18 18:47 - 2014-05-18 18:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-18 18:47 - 2014-05-18 18:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-18 18:47 - 2014-05-18 18:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-18 18:47 - 2014-05-18 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-18 18:47 - 2014-05-18 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-18 18:44 - 2014-05-18 18:56 - 00007945 _____ () C:\Windows\IE11_main.log
2014-05-18 18:37 - 2014-05-18 18:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-18 18:37 - 2014-05-18 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-18 16:46 - 2014-02-06 19:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-05-18 15:55 - 2014-05-09 00:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-18 15:55 - 2014-05-09 00:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-18 15:55 - 2014-03-24 20:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-18 15:55 - 2014-03-24 20:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-18 15:55 - 2014-01-28 20:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-05-18 15:55 - 2014-01-28 20:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-05-18 15:55 - 2014-01-27 20:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-05-18 15:55 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-05-18 15:55 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-05-18 15:55 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-05-18 15:55 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-05-18 15:55 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-05-18 15:55 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-05-18 15:54 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-05-18 15:54 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-05-18 15:54 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-05-18 15:54 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-05-18 15:54 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-05-18 15:54 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-05-18 15:54 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-05-18 15:54 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-05-18 15:51 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-05-18 15:51 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-05-18 15:51 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-05-18 15:51 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-05-18 15:51 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-05-18 15:51 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-05-18 15:51 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-05-18 15:51 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-05-18 15:51 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-05-18 15:51 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-05-18 15:51 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-05-18 15:51 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-05-18 15:51 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-05-18 15:51 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-05-18 15:51 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-05-18 15:51 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-05-18 15:51 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-05-18 15:51 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-05-18 15:51 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-05-18 15:51 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-05-18 15:51 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-05-18 15:50 - 2014-04-11 20:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-18 15:50 - 2014-04-11 20:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-18 15:50 - 2014-03-04 03:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-18 15:50 - 2014-03-04 03:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-18 15:50 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-18 15:50 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-18 15:50 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-18 15:50 - 2014-03-04 03:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-18 15:50 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-18 15:49 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-18 15:49 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-18 15:49 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-18 15:49 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-18 15:49 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-18 15:49 - 2014-04-11 20:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-18 15:49 - 2014-04-11 20:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-05-18 15:49 - 2014-03-04 03:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-18 15:49 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-18 15:49 - 2014-03-04 03:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-18 15:49 - 2014-03-04 03:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-18 15:49 - 2014-03-04 03:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-18 15:49 - 2014-03-04 03:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-18 15:49 - 2014-03-04 03:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-18 15:49 - 2014-03-04 02:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-18 15:49 - 2014-03-04 02:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-18 15:49 - 2014-02-03 20:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-05-18 15:49 - 2014-02-03 20:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-05-18 15:49 - 2014-02-03 20:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-05-18 15:49 - 2014-02-03 20:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-05-18 15:49 - 2014-02-03 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-05-18 15:49 - 2014-02-03 20:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-05-18 15:49 - 2014-02-03 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-05-18 15:49 - 2014-01-23 20:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-05-18 15:49 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-05-18 15:49 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-05-18 15:49 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-05-18 15:49 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-05-18 15:49 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-05-18 15:42 - 2014-02-03 20:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-05-18 15:42 - 2014-02-03 20:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-05-18 15:42 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-05-18 15:42 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-05-18 15:42 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-05-18 15:42 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-05-18 15:42 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-05-18 15:42 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-05-18 15:42 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-05-18 15:42 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\inetpub
2014-05-17 21:36 - 2014-05-17 21:36 - 00000000 __SHD () C:\Users\Elvita\AppData\Local\EmieUserList
2014-05-17 21:36 - 2014-05-17 21:36 - 00000000 __SHD () C:\Users\Elvita\AppData\Local\EmieSiteList
2014-05-17 21:29 - 2014-05-17 21:29 - 00000000 ____D () C:\Users\Elvita\AppData\Roaming\InstallShield
2014-05-17 21:22 - 2014-05-18 17:55 - 00000000 ____D () C:\Windows\pss
2014-05-17 20:39 - 2014-05-18 19:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-17 18:05 - 2014-05-18 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-17 18:05 - 2014-05-17 18:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 18:05 - 2014-05-17 18:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-17 18:05 - 2014-05-17 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 18:05 - 2014-05-17 18:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 18:05 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-17 18:05 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-17 18:05 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-17 18:03 - 2014-05-17 18:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Elvita\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-17 17:49 - 2014-05-17 17:49 - 00000000 ____D () C:\Users\Elvita\AppData\Local\BrowserSafeguard
 
==================== One Month Modified Files and Folders =======
 
2014-05-22 10:13 - 2014-05-22 10:12 - 00016279 _____ () C:\Users\Elvita\Desktop\FRST.txt
2014-05-22 10:12 - 2014-05-22 10:11 - 00000000 ____D () C:\Users\Elvita\Desktop\AVGstuff
2014-05-22 10:12 - 2014-05-19 07:39 - 00000000 ____D () C:\FRST
2014-05-22 10:11 - 2014-05-22 10:10 - 00000000 ____D () C:\Users\Elvita\Desktop\FRSTstuff
2014-05-22 10:07 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-22 10:07 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 10:05 - 2012-01-27 12:45 - 01364878 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 10:04 - 2014-05-22 10:04 - 11519096 _____ (OPSWAT, Inc.) C:\Users\Elvita\Desktop\AppRemover.exe
2014-05-22 09:59 - 2014-01-01 05:17 - 00004156 _____ () C:\Windows\setupact.log
2014-05-22 09:59 - 2013-10-26 12:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-22 09:59 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 09:54 - 2010-11-20 21:47 - 01728046 _____ () C:\Windows\PFRO.log
2014-05-22 09:51 - 2014-05-22 09:51 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Elvita\Desktop\avg_remover_stf_x64_2014_4116.exe
2014-05-22 09:50 - 2013-09-01 14:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 07:50 - 2013-09-01 14:50 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-22 07:50 - 2013-09-01 14:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-22 07:50 - 2011-07-12 21:24 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-22 07:45 - 2014-05-18 19:03 - 00774052 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-22 07:45 - 2009-07-13 23:13 - 00774052 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-22 07:39 - 2013-10-26 12:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-22 07:29 - 2014-05-22 07:29 - 00024389 _____ () C:\ComboFix.txt
2014-05-22 07:29 - 2014-05-22 07:02 - 00000000 ____D () C:\Qoobox
2014-05-22 07:27 - 2014-05-22 07:02 - 00000000 ____D () C:\Windows\erdnt
2014-05-22 07:22 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-22 06:44 - 2014-05-22 06:46 - 05200426 ____R (Swearware) C:\Users\Elvita\Desktop\ComboFix.exe
2014-05-22 06:22 - 2013-08-31 18:02 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA0E8969-9015-46E9-8B94-C60B6C5B2B90}
2014-05-22 06:17 - 2014-05-22 06:17 - 00001076 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-22 06:17 - 2014-03-23 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-22 06:17 - 2014-03-23 14:52 - 00000000 ____D () C:\ProgramData\Avira
2014-05-22 06:17 - 2014-03-23 14:52 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-19 08:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-05-18 23:50 - 2013-09-11 17:45 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000UA.job
2014-05-18 22:09 - 2014-05-19 07:35 - 02067456 _____ (Farbar) C:\Users\Elvita\Desktop\FRST64.exe
2014-05-18 19:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-18 19:28 - 2013-08-31 18:02 - 00001417 _____ () C:\Users\Elvita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-18 19:28 - 2013-08-31 18:02 - 00000000 ___RD () C:\Users\Elvita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 19:28 - 2013-08-31 18:02 - 00000000 ___RD () C:\Users\Elvita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 19:28 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-18 19:24 - 2013-09-03 20:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-18 19:24 - 2013-09-03 20:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-18 19:24 - 2009-07-13 22:45 - 00416712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-18 19:21 - 2014-05-17 20:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-18 19:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-18 18:56 - 2014-05-18 18:44 - 00007945 _____ () C:\Windows\IE11_main.log
2014-05-18 18:47 - 2014-05-18 18:47 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-18 18:47 - 2014-05-18 18:47 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-18 18:47 - 2014-05-18 18:47 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-18 18:47 - 2014-05-18 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-18 18:47 - 2014-05-18 18:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-18 18:47 - 2014-05-18 18:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-18 18:47 - 2014-05-18 18:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-18 18:47 - 2014-05-18 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-18 18:47 - 2014-05-18 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-18 18:37 - 2014-05-18 18:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-18 18:37 - 2014-05-18 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-18 18:37 - 2013-10-15 21:06 - 00000000 ____D () C:\ProgramData\Skype
2014-05-18 18:26 - 2013-09-01 13:57 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-18 18:26 - 2013-09-01 13:56 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-18 18:26 - 2013-09-01 13:55 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-18 18:26 - 2013-09-01 13:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-18 18:15 - 2013-08-31 19:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-18 18:09 - 2013-08-31 21:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-18 18:04 - 2013-09-03 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-18 17:55 - 2014-05-17 21:22 - 00000000 ____D () C:\Windows\pss
2014-05-18 17:50 - 2013-09-11 17:45 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000Core.job
2014-05-18 17:50 - 2013-09-02 17:18 - 00000000 ____D () C:\Users\Elvita\AppData\Local\CrashDumps
2014-05-18 17:48 - 2013-08-31 18:02 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForElvita.job
2014-05-18 17:28 - 2013-08-31 18:02 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForElvita
2014-05-18 17:28 - 2013-08-31 17:58 - 00000000 ____D () C:\Users\Elvita
2014-05-18 15:24 - 2009-07-13 21:20 - 00000000 __RSD () C:\Windows\Media
2014-05-18 15:24 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\schemas
2014-05-18 15:24 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-05-18 15:23 - 2014-05-17 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 15:23 - 2013-12-11 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-05-18 15:23 - 2013-11-24 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2014-05-18 15:23 - 2013-11-24 15:08 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-05-18 15:23 - 2013-11-12 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Internet Explorer 10
2014-05-18 15:23 - 2013-11-12 21:07 - 00000000 ____D () C:\Program Files (x86)\Download Internet Explorer 10
2014-05-18 15:23 - 2013-10-26 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-18 15:23 - 2013-10-26 12:24 - 00000000 ____D () C:\Users\Elvita\AppData\Local\Google
2014-05-18 15:23 - 2013-10-26 12:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-18 15:23 - 2012-01-27 12:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-18 15:23 - 2011-07-12 21:32 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-05-18 15:23 - 2011-07-12 21:32 - 00000000 ____D () C:\Program Files (x86)\Roxio
2014-05-18 15:23 - 2011-07-12 21:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-05-18 15:23 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 15:23 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-18 15:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-18 15:22 - 2012-01-27 13:39 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-18 15:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-05-18 15:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-05-18 15:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-05-18 15:09 - 2012-01-27 12:45 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-18 15:09 - 2011-07-12 21:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-18 15:09 - 2011-07-12 21:24 - 00000000 ____D () C:\Program Files (x86)\K-NFB Reading Technology Inc
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\inetpub
2014-05-18 13:15 - 2014-03-23 14:39 - 00000000 ____D () C:\Users\Elvita\Documents\Optimizer Pro
2014-05-17 21:36 - 2014-05-17 21:36 - 00000000 __SHD () C:\Users\Elvita\AppData\Local\EmieUserList
2014-05-17 21:36 - 2014-05-17 21:36 - 00000000 __SHD () C:\Users\Elvita\AppData\Local\EmieSiteList
2014-05-17 21:29 - 2014-05-17 21:29 - 00000000 ____D () C:\Users\Elvita\AppData\Roaming\InstallShield
2014-05-17 20:56 - 2013-11-24 15:08 - 00000000 ____D () C:\Users\Elvita\AppData\Roaming\Open Download Manager
2014-05-17 18:45 - 2014-03-23 14:32 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-17 18:44 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-17 18:38 - 2014-03-23 14:31 - 00000000 ____D () C:\Users\Elvita\AppData\Local\Conduit
2014-05-17 18:38 - 2014-03-23 14:31 - 00000000 ____D () C:\Program Files\Conduit
2014-05-17 18:38 - 2014-03-23 14:31 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-05-17 18:38 - 2013-11-24 15:12 - 00000000 ____D () C:\Users\Elvita\AppData\Roaming\52926c31e56da1a935000c10
2014-05-17 18:38 - 2013-11-06 02:58 - 00000000 ____D () C:\ProgramData\Wincert
2014-05-17 18:38 - 2013-11-06 02:57 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar
2014-05-17 18:34 - 2013-11-06 18:25 - 00000000 ____D () C:\ProgramData\Big Fish
2014-05-17 18:34 - 2013-11-06 18:07 - 00000000 ____D () C:\BigFishCache
2014-05-17 18:10 - 2014-05-17 18:05 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 18:05 - 2014-05-17 18:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-17 18:05 - 2014-05-17 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 18:05 - 2014-05-17 18:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 18:03 - 2014-05-17 18:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Elvita\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-17 17:49 - 2014-05-17 17:49 - 00000000 ____D () C:\Users\Elvita\AppData\Local\BrowserSafeguard
2014-05-15 01:19 - 2013-09-15 15:50 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-15 01:19 - 2013-09-01 13:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-09 00:14 - 2014-05-18 15:55 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 00:11 - 2014-05-18 15:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-05 22:40 - 2014-05-22 07:51 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 22:17 - 2014-05-22 07:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 21:25 - 2014-05-22 07:50 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 21:07 - 2014-05-22 07:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 21:00 - 2014-05-22 07:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 20:10 - 2014-05-22 07:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 17:12 - 2013-08-31 19:05 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-01 00:15 - 2013-08-31 18:13 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForELVITA-HP$
2014-05-01 00:15 - 2013-08-31 18:13 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForELVITA-HP$.job
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2014-05-18 15:50] - [2014-03-04 03:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-19 08:08
 
==================== End Of Log ============================

avgremover.log

avgremover_msilog.txt

Link to post
Share on other sites

Yes, I did run Combofix, prior to the latest AVG uninstall attempt, then got sidetracked and forgot about it. Here is that log...interestingly, I cannot seem to copy and paste it into this reply from the machine that we're working on, although it will access this forum:

 

ComboFix 14-05-19.01 - Elvita 05/22/2014   7:05.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3948.2691 [GMT -6:00]
Running from: c:\users\Elvita\Desktop\ComboFix.exe
AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Elvita\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FE8BA825-DFFD-4EBC-A91C-0DC971F17955}.xps
c:\users\Elvita\AppData\Local\Microsoft\Windows\Temporary Internet Files\qualitink_iels
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-22 to 2014-05-22  )))))))))))))))))))))))))))))))
.
.
2014-05-22 12:29 . 2014-05-18 21:51 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EB78407-4E22-45E0-AFCA-176D5224EA15}\gapaengine.dll
2014-05-22 12:29 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F498E646-44C1-485B-89E7-C16BA8566127}\mpengine.dll
2014-05-19 13:39 . 2014-05-19 13:43 -------- d-----w- C:\FRST
2014-05-19 01:13 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-05-19 01:13 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-05-19 01:13 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-05-19 01:13 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-05-19 01:13 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-05-19 01:00 . 2014-05-19 01:00 -------- d-----w- c:\windows\Migration
2014-05-19 00:55 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-05-19 00:37 . 2014-05-19 00:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-05-19 00:37 . 2014-05-19 00:37 -------- d-----r- c:\program files (x86)\Skype
2014-05-18 22:46 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-05-18 21:55 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-05-18 21:55 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-05-18 21:55 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-05-18 21:55 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-18 21:55 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-18 21:55 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-18 21:55 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-05-18 21:55 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-05-18 21:55 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-05-18 21:55 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-05-18 21:54 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-05-18 21:54 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-05-18 21:54 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-05-18 21:54 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-05-18 21:54 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-05-18 21:54 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-05-18 21:54 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-05-18 21:54 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-05-18 21:50 . 2014-04-12 02:19 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-18 21:49 . 2014-04-12 02:22 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-05-18 21:42 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2014-05-18 21:42 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2014-05-18 21:42 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2014-05-18 21:42 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2014-05-18 21:42 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2014-05-18 21:42 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2014-05-18 21:42 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2014-05-18 21:42 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2014-05-18 21:42 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-05-18 21:42 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-05-18 19:48 . 2014-05-18 19:48 -------- d-----w- c:\windows\SysWow64\BestPractices
2014-05-18 19:48 . 2014-05-18 19:48 -------- d-----w- c:\windows\system32\BestPractices
2014-05-18 19:48 . 2014-05-18 19:48 -------- d-----w- C:\inetpub
2014-05-18 06:21 . 2014-05-18 22:48 -------- d-----w- c:\users\Elvita\AppData\Local\ElevatedDiagnostics
2014-05-18 04:07 . 2014-05-18 04:07 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2014-05-18 03:36 . 2014-05-18 03:36 -------- d-sh--w- c:\users\Elvita\AppData\Local\EmieUserList
2014-05-18 03:36 . 2014-05-18 03:36 -------- d-sh--w- c:\users\Elvita\AppData\Local\EmieSiteList
2014-05-18 03:29 . 2014-05-18 03:29 -------- d-----w- c:\users\Elvita\AppData\Roaming\InstallShield
2014-05-18 02:39 . 2014-05-19 01:21 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-18 00:05 . 2014-05-18 00:10 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-18 00:05 . 2014-05-18 00:05 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-18 00:05 . 2014-05-18 00:05 -------- d-----w- c:\programdata\Malwarebytes
2014-05-18 00:05 . 2014-04-03 15:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-18 00:05 . 2014-04-03 15:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 00:05 . 2014-04-03 15:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-17 23:49 . 2014-05-17 23:49 -------- d-----w- c:\users\Elvita\AppData\Local\BrowserSafeguard
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-18 21:51 . 2013-09-06 02:36 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-05-04 23:12 . 2013-09-01 01:05 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-03-24 09:18 . 2014-03-24 09:19 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-03-23 15:09 . 2013-12-20 02:31 49952 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-03-21 13:50 . 2013-09-01 20:50 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-21 13:50 . 2011-07-13 03:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 15:52 . 2013-06-19 03:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:17 . 2014-05-18 21:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-25 17:41 . 2014-03-23 21:01 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-02-25 17:41 . 2014-03-23 21:01 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-02-25 17:41 . 2014-03-23 21:01 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 70e6ca8c;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 ghsdiagMDM;Handset Diagnostic Port;c:\windows\system32\DRIVERS\ghsdiagMDM.sys;c:\windows\SYSNATIVE\DRIVERS\ghsdiagMDM.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-14 14:40 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-01 13:50]
.
2014-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000Core.job
- c:\users\Elvita\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-11 23:45]
.
2014-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000UA.job
- c:\users\Elvita\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-11 23:45]
.
2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26 18:24]
.
2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26 18:24]
.
2014-05-01 c:\windows\Tasks\HPCeeScheduleForELVITA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2014-05-18 c:\windows\Tasks\HPCeeScheduleForElvita.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
IE: Download all with Open Download Manager - file://c:\program files (x86)\OpenDownloaderManager\dlall.htm
IE: Download selected with Open Download Manager - file://c:\program files (x86)\OpenDownloaderManager\dlselected.htm
IE: Download video with Open Download Manager - file://c:\program files (x86)\OpenDownloaderManager\dlfvideo.htm
IE: Download with Open Download Manager - file://c:\program files (x86)\OpenDownloaderManager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 69.145.232.30 69.144.49.28 69.146.17.5
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - 
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AVG SafeGuard toolbar - c:\program files (x86)\AVG SafeGuard toolbar\UNINSTALL.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-05-22  07:29:37 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-22 13:29
.
Pre-Run: 251,047,784,448 bytes free
Post-Run: 251,653,197,824 bytes free
.
- - End Of File - - 33B4F26698C4F1DB814071C2293CF1A3
Link to post
Share on other sites

  • Staff

Thanks. :-)

First we'll get rid of the remnant AV services and drivers and the one malware Service and driver. After this there will be a bit more to do to rid the machine of the unwanted search hooks.

Download the attached CFScript.txt and save it in the same location as ComboFix.exe

Next, disable your AntiVirus as it may interfere with the tool and the removals that need to be done. If you are unsure how to disable those programs, see this link for instructions on disabling the various protective programs --> http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html

To execute the CFScript, you're going to drag and drop it into ComboFix.exe. If you're not familiar with how to drag and drop, left click the cfscript.txt and continuing to hold down that left click button on the mouse, drag the cfscript.txt onto ComboFix.exe and let go. Refer to this image if further clarification is needed ==> http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

When finished, it shall produce a log for you. Please attach the C:\ComboFix.txt in your next reply so I can verify the script executed as planned.

CFScript.txt

Link to post
Share on other sites

That was cool! Here's the .txt file:

 

 

 

ComboFix 14-05-19.01 - Elvita 05/22/2014   7:05.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3948.2691 [GMT -6:00]
Running from: c:\users\Elvita\Desktop\ComboFix.exe
AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Elvita\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FE8BA825-DFFD-4EBC-A91C-0DC971F17955}.xps
c:\users\Elvita\AppData\Local\Microsoft\Windows\Temporary Internet Files\qualitink_iels
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-22 to 2014-05-22  )))))))))))))))))))))))))))))))
.
.
2014-05-22 12:29 . 2014-05-18 21:51 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EB78407-4E22-45E0-AFCA-176D5224EA15}\gapaengine.dll
2014-05-22 12:29 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F498E646-44C1-485B-89E7-C16BA8566127}\mpengine.dll
2014-05-19 13:39 . 2014-05-19 13:43 -------- d-----w- C:\FRST
2014-05-19 01:13 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-05-19 01:13 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-05-19 01:13 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-05-19 01:13 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-05-19 01:13 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-05-19 01:00 . 2014-05-19 01:00 -------- d-----w- c:\windows\Migration
2014-05-19 00:55 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-05-19 00:37 . 2014-05-19 00:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-05-19 00:37 . 2014-05-19 00:37 -------- d-----r- c:\program files (x86)\Skype
2014-05-18 22:46 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-05-18 21:55 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-05-18 21:55 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-05-18 21:55 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-05-18 21:55 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-18 21:55 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-18 21:55 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-18 21:55 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-05-18 21:55 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-05-18 21:55 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-05-18 21:55 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-05-18 21:54 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-05-18 21:54 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-05-18 21:54 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-05-18 21:54 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-05-18 21:54 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-05-18 21:54 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-05-18 21:54 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-05-18 21:54 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-05-18 21:50 . 2014-04-12 02:19 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-18 21:49 . 2014-04-12 02:22 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-05-18 21:42 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2014-05-18 21:42 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2014-05-18 21:42 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2014-05-18 21:42 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2014-05-18 21:42 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2014-05-18 21:42 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2014-05-18 21:42 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2014-05-18 21:42 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2014-05-18 21:42 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-05-18 21:42 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-05-18 19:48 . 2014-05-18 19:48 -------- d-----w- c:\windows\SysWow64\BestPractices
2014-05-18 19:48 . 2014-05-18 19:48 -------- d-----w- c:\windows\system32\BestPractices
2014-05-18 19:48 . 2014-05-18 19:48 -------- d-----w- C:\inetpub
2014-05-18 06:21 . 2014-05-18 22:48 -------- d-----w- c:\users\Elvita\AppData\Local\ElevatedDiagnostics
2014-05-18 04:07 . 2014-05-18 04:07 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2014-05-18 03:36 . 2014-05-18 03:36 -------- d-sh--w- c:\users\Elvita\AppData\Local\EmieUserList
2014-05-18 03:36 . 2014-05-18 03:36 -------- d-sh--w- c:\users\Elvita\AppData\Local\EmieSiteList
2014-05-18 03:29 . 2014-05-18 03:29 -------- d-----w- c:\users\Elvita\AppData\Roaming\InstallShield
2014-05-18 02:39 . 2014-05-19 01:21 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-18 00:05 . 2014-05-18 00:10 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-18 00:05 . 2014-05-18 00:05 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-18 00:05 . 2014-05-18 00:05 -------- d-----w- c:\programdata\Malwarebytes
2014-05-18 00:05 . 2014-04-03 15:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-18 00:05 . 2014-04-03 15:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 00:05 . 2014-04-03 15:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-17 23:49 . 2014-05-17 23:49 -------- d-----w- c:\users\Elvita\AppData\Local\BrowserSafeguard
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-18 21:51 . 2013-09-06 02:36 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-05-04 23:12 . 2013-09-01 01:05 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-03-24 09:18 . 2014-03-24 09:19 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-03-23 15:09 . 2013-12-20 02:31 49952 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-03-21 13:50 . 2013-09-01 20:50 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-21 13:50 . 2011-07-13 03:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 15:52 . 2013-06-19 03:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:17 . 2014-05-18 21:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-25 17:41 . 2014-03-23 21:01 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-02-25 17:41 . 2014-03-23 21:01 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-02-25 17:41 . 2014-03-23 21:01 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 70e6ca8c;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 ghsdiagMDM;Handset Diagnostic Port;c:\windows\system32\DRIVERS\ghsdiagMDM.sys;c:\windows\SYSNATIVE\DRIVERS\ghsdiagMDM.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-14 14:40 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-01 13:50]
.
2014-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000Core.job
- c:\users\Elvita\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-11 23:45]
.
2014-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000UA.job
- c:\users\Elvita\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-11 23:45]
.
2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26 18:24]
.
2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26 18:24]
.
2014-05-01 c:\windows\Tasks\HPCeeScheduleForELVITA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2014-05-18 c:\windows\Tasks\HPCeeScheduleForElvita.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
IE: Download all with Open Download Manager - file://c:\program files (x86)\OpenDownloaderManager\dlall.htm
IE: Download selected with Open Download Manager - file://c:\program files (x86)\OpenDownloaderManager\dlselected.htm
IE: Download video with Open Download Manager - file://c:\program files (x86)\OpenDownloaderManager\dlfvideo.htm
IE: Download with Open Download Manager - file://c:\program files (x86)\OpenDownloaderManager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 69.145.232.30 69.144.49.28 69.146.17.5
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - 
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AVG SafeGuard toolbar - c:\program files (x86)\AVG SafeGuard toolbar\UNINSTALL.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-05-22  07:29:37 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-22 13:29
.
Pre-Run: 251,047,784,448 bytes free
Post-Run: 251,653,197,824 bytes free
.
- - End Of File - - 33B4F26698C4F1DB814071C2293CF1A3
Link to post
Share on other sites

Duh...must be time to go to bed...

 

ComboFix 14-05-19.01 - Elvita 05/22/2014  15:17:52.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3948.2468 [GMT -6:00]
Running from: c:\users\Elvita\Desktop\ComboFix.exe
Command switches used :: c:\users\Elvita\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\DRIVERS\avgntflt.sys"
"c:\windows\system32\drivers\avgtpx64.sys"
"c:\windows\System32\DRIVERS\avipbb.sys"
"c:\windows\System32\DRIVERS\avkmgr.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Avira
c:\program files (x86)\Avira\AntiVir Desktop\aebb.dll
c:\program files (x86)\Avira\AntiVir Desktop\aecore.dll
c:\program files (x86)\Avira\AntiVir Desktop\aeemu.dll
c:\program files (x86)\Avira\AntiVir Desktop\aeexp.dll
c:\program files (x86)\Avira\AntiVir Desktop\aegen.dll
c:\program files (x86)\Avira\AntiVir Desktop\aehelp.dll
c:\program files (x86)\Avira\AntiVir Desktop\aeheur.dll
c:\program files (x86)\Avira\AntiVir Desktop\aeoffice.dll
c:\program files (x86)\Avira\AntiVir Desktop\aepack.dll
c:\program files (x86)\Avira\AntiVir Desktop\aerdl.dll
c:\program files (x86)\Avira\AntiVir Desktop\aesbx.dll
c:\program files (x86)\Avira\AntiVir Desktop\aescn.dll
c:\program files (x86)\Avira\AntiVir Desktop\aescript.dll
c:\program files (x86)\Avira\AntiVir Desktop\aevdf.dll
c:\program files (x86)\Avira\AntiVir Desktop\apcfile.dll
c:\program files (x86)\Avira\AntiVir Desktop\avacl.dll
c:\program files (x86)\Avira\AntiVir Desktop\avadmin.exe
c:\program files (x86)\Avira\AntiVir Desktop\avarkt.dll
c:\program files (x86)\Avira\AntiVir Desktop\avbb.dll
c:\program files (x86)\Avira\AntiVir Desktop\avcenter.exe
c:\program files (x86)\Avira\AntiVir Desktop\avconfig.cpl
c:\program files (x86)\Avira\AntiVir Desktop\avconfig.dll
c:\program files (x86)\Avira\AntiVir Desktop\avconfig.exe
c:\program files (x86)\Avira\AntiVir Desktop\avconfigrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\avesvc.dll
c:\program files (x86)\Avira\AntiVir Desktop\avesvcr.dll
c:\program files (x86)\Avira\AntiVir Desktop\avevtlog.dll
c:\program files (x86)\Avira\AntiVir Desktop\avevtrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\avgio.dll
c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe
c:\program files (x86)\Avira\AntiVir Desktop\avgntflt.cat
c:\program files (x86)\Avira\AntiVir Desktop\avgntflt.inf
c:\program files (x86)\Avira\AntiVir Desktop\avgntflt.sys
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Avira\AntiVir Desktop\avinet.dll
c:\program files (x86)\Avira\AntiVir Desktop\avipbb.cat
c:\program files (x86)\Avira\AntiVir Desktop\avipbb.inf
c:\program files (x86)\Avira\AntiVir Desktop\avipbb.sys
c:\program files (x86)\Avira\AntiVir Desktop\avipc.dll
c:\program files (x86)\Avira\AntiVir Desktop\avipc64.dll
c:\program files (x86)\Avira\AntiVir Desktop\avira-sparberater-win.msi
c:\program files (x86)\Avira\AntiVir Desktop\avkmgr.cat
c:\program files (x86)\Avira\AntiVir Desktop\avkmgr.inf
c:\program files (x86)\Avira\AntiVir Desktop\avkmgr.sys
c:\program files (x86)\Avira\AntiVir Desktop\avlode.dll
c:\program files (x86)\Avira\AntiVir Desktop\avmres.dll
c:\program files (x86)\Avira\AntiVir Desktop\avnetflt.cat
c:\program files (x86)\Avira\AntiVir Desktop\avnetflt.inf
c:\program files (x86)\Avira\AntiVir Desktop\avnetflt.sys
c:\program files (x86)\Avira\AntiVir Desktop\avnotify.dll
c:\program files (x86)\Avira\AntiVir Desktop\avnotify.exe
c:\program files (x86)\Avira\AntiVir Desktop\avpref.dll
c:\program files (x86)\Avira\AntiVir Desktop\avreg.dll
c:\program files (x86)\Avira\AntiVir Desktop\avrep.dll
c:\program files (x86)\Avira\AntiVir Desktop\avrestart.exe
c:\program files (x86)\Avira\AntiVir Desktop\avscan.exe
c:\program files (x86)\Avira\AntiVir Desktop\avscanrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\avscplr.dll
c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
c:\program files (x86)\Avira\AntiVir Desktop\avsda64.dll
c:\program files (x86)\Avira\AntiVir Desktop\avshadow.exe
c:\program files (x86)\Avira\AntiVir Desktop\avsmtp.dll
c:\program files (x86)\Avira\AntiVir Desktop\avupgsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe
c:\program files (x86)\Avira\AntiVir Desktop\avwebgrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
c:\program files (x86)\Avira\AntiVir Desktop\avwebloader.dll
c:\program files (x86)\Avira\AntiVir Desktop\avwebloader.exe
c:\program files (x86)\Avira\AntiVir Desktop\avwebloadergui.dll
c:\program files (x86)\Avira\AntiVir Desktop\avwinll.dll
c:\program files (x86)\Avira\AntiVir Desktop\avwmi.dll
c:\program files (x86)\Avira\AntiVir Desktop\avwsc.exe
c:\program files (x86)\Avira\AntiVir Desktop\ccavscanex.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccavscanexrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccev.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccevrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccevw.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccfwmgt.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccfwmgtrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccgen.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccgenrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccgenw.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccgrdrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccgrdw.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccguard.dll
c:\program files (x86)\Avira\AntiVir Desktop\cchips.dll
c:\program files (x86)\Avira\AntiVir Desktop\cchipsrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\cclic.dll
c:\program files (x86)\Avira\AntiVir Desktop\cclicrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\cclicw.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccmainrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccmsg.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccmsgrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccprofil.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccquamgr.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccquarc.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccquaw.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccreporc.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccreport.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccrepow.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccscanrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccscanw.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccsched.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccschedw.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccscherc.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccuac.exe
c:\program files (x86)\Avira\AntiVir Desktop\ccupdate.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccupdrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccupdw.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccwebtabs.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccwebtabsrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccwgrd.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccwgrdrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccwgrdw.dll
c:\program files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll
c:\program files (x86)\Avira\AntiVir Desktop\cfglib.dll
c:\program files (x86)\Avira\AntiVir Desktop\cfgprofile.dll
c:\program files (x86)\Avira\AntiVir Desktop\checkt.exe
c:\program files (x86)\Avira\AntiVir Desktop\defaults.ini
c:\program files (x86)\Avira\AntiVir Desktop\extdlgfw.dll
c:\program files (x86)\Avira\AntiVir Desktop\fact.exe
c:\program files (x86)\Avira\AntiVir Desktop\factrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aebb.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aecore.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aeemu.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aeexp.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aegen.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aehelp.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aeheur.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aeoffice.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aepack.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aerdl.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aesbx.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aescn.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aescript.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aevdf.dll
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\unacev2.dll
c:\program files (x86)\Avira\AntiVir Desktop\firewall.dll
c:\program files (x86)\Avira\AntiVir Desktop\gavidb.dll
c:\program files (x86)\Avira\AntiVir Desktop\gpavgio.dll
c:\program files (x86)\Avira\AntiVir Desktop\gpevtlog.dll
c:\program files (x86)\Avira\AntiVir Desktop\gpgavid.dll
c:\program files (x86)\Avira\AntiVir Desktop\gpgen.dll
c:\program files (x86)\Avira\AntiVir Desktop\gpgenrep.dll
c:\program files (x86)\Avira\AntiVir Desktop\gpgrd.dll
c:\program files (x86)\Avira\AntiVir Desktop\gpgui.dll
c:\program files (x86)\Avira\AntiVir Desktop\gpipc.dll
c:\program files (x86)\Avira\AntiVir Desktop\gplegacy.dll
c:\program files (x86)\Avira\AntiVir Desktop\gpschd.dll
c:\program files (x86)\Avira\AntiVir Desktop\grdcore.dll
c:\program files (x86)\Avira\AntiVir Desktop\guardgui.exe
c:\program files (x86)\Avira\AntiVir Desktop\guardmsg.dll
c:\program files (x86)\Avira\AntiVir Desktop\inssda64.exe
c:\program files (x86)\Avira\AntiVir Desktop\ipmgui.exe
c:\program files (x86)\Avira\AntiVir Desktop\libapr-1.dll
c:\program files (x86)\Avira\AntiVir Desktop\libapriconv-1.dll
c:\program files (x86)\Avira\AntiVir Desktop\libaprutil-1.dll
c:\program files (x86)\Avira\AntiVir Desktop\libcurl.dll
c:\program files (x86)\Avira\AntiVir Desktop\libdb44.dll
c:\program files (x86)\Avira\AntiVir Desktop\libdb53.dll
c:\program files (x86)\Avira\AntiVir Desktop\libeay32.dll
c:\program files (x86)\Avira\AntiVir Desktop\licmgr.dll
c:\program files (x86)\Avira\AntiVir Desktop\licmgr.exe
c:\program files (x86)\Avira\AntiVir Desktop\luke.dll
c:\program files (x86)\Avira\AntiVir Desktop\lukeres.dll
c:\program files (x86)\Avira\AntiVir Desktop\mgrs.dll
c:\program files (x86)\Avira\AntiVir Desktop\msgclient.dll
c:\program files (x86)\Avira\AntiVir Desktop\netnt.dll
c:\program files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe
c:\program files (x86)\Avira\AntiVir Desktop\onlcfg.dll
c:\program files (x86)\Avira\AntiVir Desktop\productutilities.dll
c:\program files (x86)\Avira\AntiVir Desktop\rchelp.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcimage.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcnwload_ar.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcnwload_de.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcnwload_en.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcnwload_es.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcnwload_fr.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcnwload_it.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcnwload_jp.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcnwload_ko.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcnwload_nl.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcnwload_pt.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcnwload_ru.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcnwload_tr.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcnwload_zhcn.dll
c:\program files (x86)\Avira\AntiVir Desktop\rcnwload_zhtw.dll
c:\program files (x86)\Avira\AntiVir Desktop\rctext.dll
c:\program files (x86)\Avira\AntiVir Desktop\rdf.dll
c:\program files (x86)\Avira\AntiVir Desktop\repair.dll
c:\program files (x86)\Avira\AntiVir Desktop\restartrc.dll
c:\program files (x86)\Avira\AntiVir Desktop\scewxmlw.dll
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\schedr.dll
c:\program files (x86)\Avira\AntiVir Desktop\setup.dll
c:\program files (x86)\Avira\AntiVir Desktop\setup.exe
c:\program files (x86)\Avira\AntiVir Desktop\setuppending.exe
c:\program files (x86)\Avira\AntiVir Desktop\shlext64.dll
c:\program files (x86)\Avira\AntiVir Desktop\sqlite3.dll
c:\program files (x86)\Avira\AntiVir Desktop\ssleay32.dll
c:\program files (x86)\Avira\AntiVir Desktop\systemutilities.dll
c:\program files (x86)\Avira\AntiVir Desktop\unacev2.dll
c:\program files (x86)\Avira\AntiVir Desktop\update.dll
c:\program files (x86)\Avira\AntiVir Desktop\update.exe
c:\program files (x86)\Avira\AntiVir Desktop\updaterc.dll
c:\program files (x86)\Avira\AntiVir Desktop\updext.dll
c:\program files (x86)\Avira\AntiVir Desktop\updgui.dll
c:\program files (x86)\Avira\AntiVir Desktop\updguirc.dll
c:\program files (x86)\Avira\AntiVir Desktop\updrgui.exe
c:\program files (x86)\Avira\AntiVir Desktop\win32apiwrapper.dll
c:\program files (x86)\Avira\AntiVir Desktop\wksstats.dll
c:\program files (x86)\Avira\AntiVir Desktop\wsctool.exe
c:\program files (x86)\Common Files\AVG Secure Search
c:\program files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\SiteSafety.dll
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGTP
-------\Legacy_AVKMGR
-------\Service_70e6ca8c
-------\Service_AntiVirSchedulerService
-------\Service_AntiVirWebService
-------\Service_avgtp
-------\Service_avkmgr
-------\Service_vToolbarUpdater18.0.5
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-22 to 2014-05-22  )))))))))))))))))))))))))))))))
.
.
2014-05-22 21:29 . 2014-05-22 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-22 17:52 . 2014-03-06 08:15 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-22 13:51 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-22 13:51 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-22 13:50 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-22 13:50 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-22 13:40 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4810F58-5E22-41C6-B71D-A62C5CCA8B99}\mpengine.dll
2014-05-22 12:29 . 2014-05-18 21:51 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EB78407-4E22-45E0-AFCA-176D5224EA15}\gapaengine.dll
2014-05-19 13:39 . 2014-05-22 16:14 -------- d-----w- C:\FRST
2014-05-19 01:13 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-05-19 01:13 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-05-19 01:13 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-05-19 01:13 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-05-19 01:13 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-05-19 01:00 . 2014-05-19 01:00 -------- d-----w- c:\windows\Migration
2014-05-19 00:55 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-05-19 00:37 . 2014-05-19 00:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-05-19 00:37 . 2014-05-19 00:37 -------- d-----r- c:\program files (x86)\Skype
2014-05-18 22:46 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-05-18 21:55 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-05-18 21:55 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-05-18 21:55 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-05-18 21:55 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-18 21:55 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-18 21:55 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-18 21:55 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-05-18 21:55 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-05-18 21:55 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-05-18 21:55 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-05-18 21:54 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-05-18 21:54 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-05-18 21:54 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-05-18 21:54 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-05-18 21:54 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-05-18 21:54 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-05-18 21:54 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-05-18 21:54 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-05-18 21:50 . 2014-04-12 02:19 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-18 21:49 . 2014-04-12 02:22 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-05-18 21:42 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2014-05-18 21:42 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2014-05-18 21:42 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2014-05-18 21:42 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2014-05-18 21:42 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2014-05-18 21:42 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2014-05-18 21:42 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2014-05-18 21:42 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2014-05-18 21:42 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-05-18 21:42 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-05-18 19:48 . 2014-05-18 19:48 -------- d-----w- c:\windows\SysWow64\BestPractices
2014-05-18 19:48 . 2014-05-18 19:48 -------- d-----w- c:\windows\system32\BestPractices
2014-05-18 19:48 . 2014-05-18 19:48 -------- d-----w- C:\inetpub
2014-05-18 06:21 . 2014-05-18 22:48 -------- d-----w- c:\users\Elvita\AppData\Local\ElevatedDiagnostics
2014-05-18 04:07 . 2014-05-18 04:07 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2014-05-18 03:36 . 2014-05-18 03:36 -------- d-sh--w- c:\users\Elvita\AppData\Local\EmieUserList
2014-05-18 03:36 . 2014-05-18 03:36 -------- d-sh--w- c:\users\Elvita\AppData\Local\EmieSiteList
2014-05-18 03:29 . 2014-05-18 03:29 -------- d-----w- c:\users\Elvita\AppData\Roaming\InstallShield
2014-05-18 02:39 . 2014-05-19 01:21 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-18 00:05 . 2014-05-18 00:10 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-18 00:05 . 2014-05-18 00:05 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-18 00:05 . 2014-05-18 00:05 -------- d-----w- c:\programdata\Malwarebytes
2014-05-18 00:05 . 2014-04-03 15:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-18 00:05 . 2014-04-03 15:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 00:05 . 2014-04-03 15:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-17 23:49 . 2014-05-17 23:49 -------- d-----w- c:\users\Elvita\AppData\Local\BrowserSafeguard
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-22 13:50 . 2013-09-01 20:50 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-22 13:50 . 2011-07-13 03:24 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-18 21:51 . 2013-09-06 02:36 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-05-04 23:12 . 2013-09-01 01:05 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-03-24 09:18 . 2014-03-24 09:19 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-03-23 15:09 . 2013-12-20 02:31 49952 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-03-11 15:52 . 2013-06-19 03:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:17 . 2014-05-18 21:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-25 17:41 . 2014-03-23 21:01 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-02-25 17:41 . 2014-03-23 21:01 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-02-25 17:41 . 2014-03-23 21:01 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 ghsdiagMDM;Handset Diagnostic Port;c:\windows\system32\DRIVERS\ghsdiagMDM.sys;c:\windows\SYSNATIVE\DRIVERS\ghsdiagMDM.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-22 18:45 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-01 13:50]
.
2014-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000Core.job
- c:\users\Elvita\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-11 23:45]
.
2014-05-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000UA.job
- c:\users\Elvita\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-11 23:45]
.
2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26 18:24]
.
2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26 18:24]
.
2014-05-01 c:\windows\Tasks\HPCeeScheduleForELVITA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2014-05-22 c:\windows\Tasks\HPCeeScheduleForElvita.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
IE: Download all with Open Download Manager - file://c:\program files (x86)\OpenDownloaderManager\dlall.htm
IE: Download selected with Open Download Manager - file://c:\program files (x86)\OpenDownloaderManager\dlselected.htm
IE: Download video with Open Download Manager - file://c:\program files (x86)\OpenDownloaderManager\dlfvideo.htm
IE: Download with Open Download Manager - file://c:\program files (x86)\OpenDownloaderManager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 69.145.232.30 69.144.49.28 69.146.17.5
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - 
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AVG SafeGuard toolbar - c:\program files (x86)\AVG SafeGuard toolbar\UNINSTALL.exe
AddRemove-Avira AntiVir Desktop - c:\program files (x86)\Avira\AntiVir Desktop\setup.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-05-22  15:38:16 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-22 21:38
ComboFix2.txt  2014-05-22 13:29
.
Pre-Run: 249,420,619,776 bytes free
Post-Run: 248,946,503,680 bytes free
.
- - End Of File - - D3454EDECD7B36CE940B8F45F973F66A
Link to post
Share on other sites

  • Staff

You and she are quite welcome. :)

 

Moving along, and we're almost done here, please download AdwCleaner from this link http://www.bleepingcomputer.com/download/adwcleaner/dl/125/ and save it to your desktop.

Double click on AdwCleaner.exe to run the tool.

Click on Scan.

When it has finished, click the Report button and a log will automatically open. Please attach that log in your reply.

You can also find the log file at C:\AdwCleaner\AdwCleaner[Rn].txt ('n' is the scan order number).

Link to post
Share on other sites

I downloaded the AdwCleaner which came bundled and now there's junk all over the computer again...optimizer pro is there and Internet Explorer is not behaving correctly...here's the log:

 

# AdwCleaner v3.210 - Report created 24/05/2014 at 02:04:26
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Elvita - ELVITA-HP
# Running from : C:\Users\Elvita\AppData\Local\Temp\Temp1_84a30e08725b063010cf5d68a19853fd_adwcleaner_3.210.zip\adwcleaner_3.210.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : 70e6ca8c
Service Found : CltMngSvc
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Elvita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
File Found : C:\Users\Elvita\Desktop\HDVidCodec.lnk
File Found : C:\Users\Elvita\Desktop\Optimizer Pro.lnk
File Found : C:\Windows\System32\Tasks\hdvid codec v1-codedownloader
File Found : C:\Windows\System32\Tasks\LaunchApp
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Movies Toolbar
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\BitGuard
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Found : C:\ProgramData\wincert
Folder Found : C:\Users\Elvita\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Elvita\AppData\Local\BrowserSafeguard
Folder Found : C:\Users\Elvita\AppData\Local\Conduit
Folder Found : C:\Users\Elvita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnllcmllkjofnojidnaknldfehfhehoo
Folder Found : C:\Users\Elvita\AppData\Local\SearchProtect
Folder Found : C:\Users\Elvita\AppData\Local\torch
Folder Found : C:\Users\Elvita\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Elvita\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Elvita\AppData\LocalLow\ilividmoviestoolbarha
Folder Found : C:\Users\Elvita\AppData\LocalLow\searchresultstb
Folder Found : C:\Users\Elvita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Found : C:\Users\Elvita\AppData\Roaming\Optimizer Pro
Folder Found : C:\Users\Elvita\AppData\Roaming\ValueApps
Folder Found : C:\Users\Elvita\AppData\Roaming\xVidly
Folder Found : C:\Users\Elvita\Documents\Optimizer Pro
 
***** [ Shortcuts ] *****
 
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle\Soft-Now bundle.lnk ( "C:\Program Files (x86)\sweetpacks bundle uninstaller_AdwCleaner_1548942\uninstaller.exe" "/appName=Soft-Now bundle" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/" "/searchProviderApp=Soft-Now" "/searchProvider=a different" )
 
***** [ Registry ] *****
 
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~2.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\APN DTX
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\torch
Key Found : [x64] HKCU\Software\APN DTX
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\torch
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatequalitink_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatequalitink_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\TorchVLC
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\torch
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v35.0.1916.114
 
*************************
 
AdwCleaner[R0].txt - [11803 octets] - [24/05/2014 02:04:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11864 octets] ##########
Link to post
Share on other sites

  • Staff

AdwCleaner is a clean download. The installer would have shown up at the bottom of the screen asking you if you want to Run or Save. Did you click some other Download button on the page?

Before you clean with AdwCleaner, it's best if we first uninstall properly, what new junk programs got on your machine. Launch FRST64.exe and when it opens, place a check in the box next to 'Addition.txt'

Click Scan, then please send me both logs it creates:

FRST.txt

Addition.txt

Link to post
Share on other sites

I don't know, I was on my way to bed and noticed your reply. I should've left it for in the morning.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-05-2014 1
Ran by Elvita (administrator) on ELVITA-HP on 24-05-2014 15:25:21
Running from C:\Users\Elvita\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1956058397-3388249811-2426527803-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135112 2014-05-22] (PC Utilities Software Limited)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-14] (Client Connect LTD)
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2720144 2014-05-24] ()
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-14] (Client Connect LTD)
AppInit_DLLs-x32:  c:\progra~2\optimi~1\optpro~2.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3620296 2014-05-24] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll No File
Tcpip\Parameters: [DhcpNameServer] 69.145.232.30 69.144.49.28 69.146.17.5
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll No File
FF Plugin-x32: @ei.Retrogamer_4w.com/Plugin - C:\Program Files (x86)\Retrogamer_4wEI\Installr\1.bin\NP4wEISB.dll (Retrogamer)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: TorchVLC - C:\Users\Elvita\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Elvita\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Elvita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnllcmllkjofnojidnaknldfehfhehoo [2013-11-19]
CHR Extension: (No Name) - C:\Users\Elvita\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimjncgpflkpkhbnnblhblobjjjhjhd [2014-02-05]
CHR Extension: (No Name) - C:\Users\Elvita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - C:\Program Files (x86)\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [ljkcijnbckdflhifmbnfnkjacokloacf] - C:\Program Files (x86)\qualitink\ljkcijnbckdflhifmbnfnkjacokloacf.crx [2013-10-26]
 
==================== Services (Whitelisted) =================
 
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3620296 2014-05-24] ()
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2496832 2014-05-14] (Client Connect LTD)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 ghsdiagMDM; C:\Windows\System32\DRIVERS\ghsdiagMDM.sys [122496 2011-11-28] (HS Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-24 15:25 - 2014-05-24 15:25 - 00000000 ____D () C:\Users\Elvita\Desktop\FRST-OlderVersion
2014-05-24 02:15 - 2014-05-24 02:19 - 00000000 ____D () C:\Users\Elvita\Documents\Adwcleaner
2014-05-24 02:15 - 2014-05-24 02:15 - 00000000 ____D () C:\Users\Elvita\Documents\New folder
2014-05-24 02:04 - 2014-05-24 02:04 - 00000000 ____D () C:\AdwCleaner
2014-05-24 02:04 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-24 02:02 - 2014-05-24 02:02 - 00001066 _____ () C:\Users\Elvita\Desktop\Optimizer Pro.lnk
2014-05-24 02:02 - 2014-05-24 02:02 - 00000000 ____D () C:\Users\Elvita\AppData\Roaming\Optimizer Pro
2014-05-24 02:02 - 2014-05-24 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-24 02:02 - 2014-05-24 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-05-24 02:02 - 2014-05-24 02:02 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-05-24 02:01 - 2014-05-24 02:01 - 00000000 ____D () C:\Users\Elvita\Desktop\AdwCleaner_TSV49ECGG
2014-05-24 02:01 - 2014-05-24 02:01 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-24 02:00 - 2014-05-24 02:00 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_AdwCleaner_1548942
2014-05-24 01:59 - 2014-05-24 01:59 - 00644320 _____ (© 2014 ClientConnect Ltd.) C:\Users\Elvita\Desktop\AdwCleaner_TSV49ECGG.exe
2014-05-22 15:38 - 2014-05-22 15:38 - 00035837 _____ () C:\ComboFix.txt
2014-05-22 11:52 - 2014-03-06 02:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-22 10:12 - 2014-05-24 15:25 - 00016747 _____ () C:\Users\Elvita\Desktop\FRST.txt
2014-05-22 10:11 - 2014-05-22 10:12 - 00000000 ____D () C:\Users\Elvita\Desktop\AVGstuff
2014-05-22 10:10 - 2014-05-22 10:11 - 00000000 ____D () C:\Users\Elvita\Desktop\FRSTstuff
2014-05-22 10:04 - 2014-05-22 10:04 - 11519096 _____ (OPSWAT, Inc.) C:\Users\Elvita\Desktop\AppRemover.exe
2014-05-22 09:51 - 2014-05-22 09:51 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Elvita\Desktop\avg_remover_stf_x64_2014_4116.exe
2014-05-22 07:51 - 2014-05-05 22:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-22 07:51 - 2014-05-05 21:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-22 07:51 - 2014-05-05 20:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-22 07:50 - 2014-05-05 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-22 07:50 - 2014-05-05 21:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-22 07:50 - 2014-05-05 21:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-22 07:03 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-22 07:03 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-22 07:03 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-22 07:03 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-22 07:03 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-22 07:03 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-22 07:03 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-22 07:03 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-22 07:02 - 2014-05-22 15:38 - 00000000 ____D () C:\Qoobox
2014-05-22 07:02 - 2014-05-22 15:30 - 00000000 ____D () C:\Windows\erdnt
2014-05-22 06:46 - 2014-05-22 06:44 - 05200426 ____R (Swearware) C:\Users\Elvita\Desktop\ComboFix.exe
2014-05-22 06:17 - 2014-05-22 06:17 - 00001076 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-19 07:39 - 2014-05-24 15:25 - 00000000 ____D () C:\FRST
2014-05-19 07:35 - 2014-05-24 15:25 - 02066432 _____ (Farbar) C:\Users\Elvita\Desktop\FRST64.exe
2014-05-18 19:13 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-05-18 19:13 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-05-18 19:13 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-05-18 19:13 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-05-18 19:03 - 2014-05-22 07:45 - 00774052 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-18 18:55 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-05-18 18:47 - 2014-05-18 18:47 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-18 18:47 - 2014-05-18 18:47 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-18 18:47 - 2014-05-18 18:47 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-18 18:47 - 2014-05-18 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-18 18:47 - 2014-05-18 18:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-18 18:47 - 2014-05-18 18:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-18 18:47 - 2014-05-18 18:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-18 18:47 - 2014-05-18 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-18 18:47 - 2014-05-18 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-18 18:44 - 2014-05-18 18:56 - 00007945 _____ () C:\Windows\IE11_main.log
2014-05-18 18:37 - 2014-05-18 18:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-18 18:37 - 2014-05-18 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-18 16:46 - 2014-02-06 19:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-05-18 15:55 - 2014-05-09 00:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-18 15:55 - 2014-05-09 00:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-18 15:55 - 2014-03-24 20:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-18 15:55 - 2014-03-24 20:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-18 15:55 - 2014-01-28 20:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-05-18 15:55 - 2014-01-28 20:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-05-18 15:55 - 2014-01-27 20:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-05-18 15:55 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-05-18 15:55 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-05-18 15:55 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-05-18 15:55 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-05-18 15:55 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-05-18 15:55 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-05-18 15:54 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-05-18 15:54 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-05-18 15:54 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-05-18 15:54 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-05-18 15:54 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-05-18 15:54 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-05-18 15:54 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-05-18 15:54 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-05-18 15:51 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-05-18 15:51 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-05-18 15:51 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-05-18 15:51 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-05-18 15:51 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-05-18 15:51 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-05-18 15:51 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-05-18 15:51 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-05-18 15:51 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-05-18 15:51 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-05-18 15:51 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-05-18 15:51 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-05-18 15:51 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-05-18 15:51 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-05-18 15:51 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-05-18 15:51 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-05-18 15:51 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-05-18 15:51 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-05-18 15:51 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-05-18 15:51 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-05-18 15:51 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-05-18 15:51 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-05-18 15:50 - 2014-04-11 20:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-18 15:50 - 2014-04-11 20:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-18 15:50 - 2014-03-04 03:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-18 15:50 - 2014-03-04 03:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-18 15:50 - 2014-03-04 03:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-18 15:50 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-18 15:50 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-18 15:50 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-18 15:50 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-18 15:50 - 2014-03-04 03:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-18 15:50 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-18 15:50 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-18 15:49 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-18 15:49 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-18 15:49 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-18 15:49 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-18 15:49 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-18 15:49 - 2014-04-11 20:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-18 15:49 - 2014-04-11 20:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-05-18 15:49 - 2014-03-04 03:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-05-18 15:49 - 2014-03-04 03:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-18 15:49 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-18 15:49 - 2014-03-04 03:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-18 15:49 - 2014-03-04 03:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-18 15:49 - 2014-03-04 03:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-18 15:49 - 2014-03-04 03:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-18 15:49 - 2014-03-04 03:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-18 15:49 - 2014-03-04 02:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-18 15:49 - 2014-03-04 02:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-18 15:49 - 2014-02-03 20:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-05-18 15:49 - 2014-02-03 20:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-05-18 15:49 - 2014-02-03 20:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-05-18 15:49 - 2014-02-03 20:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-05-18 15:49 - 2014-02-03 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-05-18 15:49 - 2014-02-03 20:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-05-18 15:49 - 2014-02-03 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-05-18 15:49 - 2014-01-23 20:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-05-18 15:49 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-05-18 15:49 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-05-18 15:49 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-05-18 15:49 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-05-18 15:49 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-05-18 15:42 - 2014-02-03 20:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-05-18 15:42 - 2014-02-03 20:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-05-18 15:42 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-05-18 15:42 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-05-18 15:42 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-05-18 15:42 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-05-18 15:42 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-05-18 15:42 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-05-18 15:42 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-05-18 15:42 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\inetpub
2014-05-17 21:36 - 2014-05-17 21:36 - 00000000 __SHD () C:\Users\Elvita\AppData\Local\EmieUserList
2014-05-17 21:36 - 2014-05-17 21:36 - 00000000 __SHD () C:\Users\Elvita\AppData\Local\EmieSiteList
2014-05-17 21:29 - 2014-05-17 21:29 - 00000000 ____D () C:\Users\Elvita\AppData\Roaming\InstallShield
2014-05-17 21:22 - 2014-05-18 17:55 - 00000000 ____D () C:\Windows\pss
2014-05-17 20:39 - 2014-05-18 19:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-17 18:05 - 2014-05-18 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-17 18:05 - 2014-05-17 18:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 18:05 - 2014-05-17 18:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-17 18:05 - 2014-05-17 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 18:05 - 2014-05-17 18:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 18:05 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-17 18:05 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-17 18:05 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-17 18:03 - 2014-05-17 18:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Elvita\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-17 17:49 - 2014-05-17 17:49 - 00000000 ____D () C:\Users\Elvita\AppData\Local\BrowserSafeguard
 
==================== One Month Modified Files and Folders =======
 
2014-05-24 15:25 - 2014-05-24 15:25 - 00000000 ____D () C:\Users\Elvita\Desktop\FRST-OlderVersion
2014-05-24 15:25 - 2014-05-22 10:12 - 00016747 _____ () C:\Users\Elvita\Desktop\FRST.txt
2014-05-24 15:25 - 2014-05-19 07:39 - 00000000 ____D () C:\FRST
2014-05-24 15:25 - 2014-05-19 07:35 - 02066432 _____ (Farbar) C:\Users\Elvita\Desktop\FRST64.exe
2014-05-24 15:24 - 2013-10-26 12:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-24 15:23 - 2014-01-01 05:17 - 00004492 _____ () C:\Windows\setupact.log
2014-05-24 15:23 - 2013-08-31 18:02 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForElvita.job
2014-05-24 15:23 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-24 13:39 - 2012-01-27 12:45 - 01451586 _____ () C:\Windows\WindowsUpdate.log
2014-05-24 13:29 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-24 13:29 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-24 13:26 - 2013-08-31 18:02 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForElvita
2014-05-24 13:21 - 2010-11-20 21:47 - 01729168 _____ () C:\Windows\PFRO.log
2014-05-24 02:19 - 2014-05-24 02:15 - 00000000 ____D () C:\Users\Elvita\Documents\Adwcleaner
2014-05-24 02:15 - 2014-05-24 02:15 - 00000000 ____D () C:\Users\Elvita\Documents\New folder
2014-05-24 02:04 - 2014-05-24 02:04 - 00000000 ____D () C:\AdwCleaner
2014-05-24 02:02 - 2014-05-24 02:02 - 00001066 _____ () C:\Users\Elvita\Desktop\Optimizer Pro.lnk
2014-05-24 02:02 - 2014-05-24 02:02 - 00000000 ____D () C:\Users\Elvita\AppData\Roaming\Optimizer Pro
2014-05-24 02:02 - 2014-05-24 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-24 02:02 - 2014-05-24 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-05-24 02:02 - 2014-05-24 02:02 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-05-24 02:02 - 2014-03-23 14:39 - 00000000 ____D () C:\Users\Elvita\Documents\Optimizer Pro
2014-05-24 02:01 - 2014-05-24 02:01 - 00000000 ____D () C:\Users\Elvita\Desktop\AdwCleaner_TSV49ECGG
2014-05-24 02:01 - 2014-05-24 02:01 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-24 02:00 - 2014-05-24 02:00 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_AdwCleaner_1548942
2014-05-24 01:59 - 2014-05-24 01:59 - 00644320 _____ (© 2014 ClientConnect Ltd.) C:\Users\Elvita\Desktop\AdwCleaner_TSV49ECGG.exe
2014-05-24 01:57 - 2013-08-31 18:02 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA0E8969-9015-46E9-8B94-C60B6C5B2B90}
2014-05-24 01:50 - 2013-09-01 14:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 15:44 - 2013-10-26 12:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-22 15:38 - 2014-05-22 15:38 - 00035837 _____ () C:\ComboFix.txt
2014-05-22 15:38 - 2014-05-22 07:02 - 00000000 ____D () C:\Qoobox
2014-05-22 15:31 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-22 15:30 - 2014-05-22 07:02 - 00000000 ____D () C:\Windows\erdnt
2014-05-22 15:30 - 2009-07-13 20:34 - 72613888 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-22 15:30 - 2009-07-13 20:34 - 14942208 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-22 15:30 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-22 15:30 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-22 15:30 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-22 14:50 - 2013-09-11 17:45 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000UA.job
2014-05-22 12:39 - 2013-10-26 12:24 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-22 12:39 - 2013-10-26 12:24 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-22 10:12 - 2014-05-22 10:11 - 00000000 ____D () C:\Users\Elvita\Desktop\AVGstuff
2014-05-22 10:11 - 2014-05-22 10:10 - 00000000 ____D () C:\Users\Elvita\Desktop\FRSTstuff
2014-05-22 10:04 - 2014-05-22 10:04 - 11519096 _____ (OPSWAT, Inc.) C:\Users\Elvita\Desktop\AppRemover.exe
2014-05-22 09:51 - 2014-05-22 09:51 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Elvita\Desktop\avg_remover_stf_x64_2014_4116.exe
2014-05-22 07:50 - 2013-09-01 14:50 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-22 07:50 - 2013-09-01 14:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-22 07:50 - 2011-07-12 21:24 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-22 07:45 - 2014-05-18 19:03 - 00774052 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-22 07:45 - 2009-07-13 23:13 - 00774052 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-22 06:44 - 2014-05-22 06:46 - 05200426 ____R (Swearware) C:\Users\Elvita\Desktop\ComboFix.exe
2014-05-22 06:17 - 2014-05-22 06:17 - 00001076 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-22 06:17 - 2014-03-23 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-22 06:17 - 2014-03-23 14:52 - 00000000 ____D () C:\ProgramData\Avira
2014-05-19 08:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-05-18 19:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-18 19:28 - 2013-08-31 18:02 - 00001417 _____ () C:\Users\Elvita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-18 19:28 - 2013-08-31 18:02 - 00000000 ___RD () C:\Users\Elvita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 19:28 - 2013-08-31 18:02 - 00000000 ___RD () C:\Users\Elvita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 19:28 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-18 19:24 - 2013-09-03 20:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-18 19:24 - 2013-09-03 20:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-18 19:24 - 2009-07-13 22:45 - 00416712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-18 19:21 - 2014-05-17 20:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-18 19:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-18 18:56 - 2014-05-18 18:44 - 00007945 _____ () C:\Windows\IE11_main.log
2014-05-18 18:47 - 2014-05-18 18:47 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-18 18:47 - 2014-05-18 18:47 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-18 18:47 - 2014-05-18 18:47 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-18 18:47 - 2014-05-18 18:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-18 18:47 - 2014-05-18 18:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-18 18:47 - 2014-05-18 18:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-18 18:47 - 2014-05-18 18:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-18 18:47 - 2014-05-18 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-18 18:47 - 2014-05-18 18:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-18 18:47 - 2014-05-18 18:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-18 18:47 - 2014-05-18 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-18 18:37 - 2014-05-18 18:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-18 18:37 - 2014-05-18 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-18 18:37 - 2013-10-15 21:06 - 00000000 ____D () C:\ProgramData\Skype
2014-05-18 18:26 - 2013-09-01 13:57 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-18 18:26 - 2013-09-01 13:56 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-18 18:26 - 2013-09-01 13:55 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-18 18:26 - 2013-09-01 13:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-18 18:15 - 2013-08-31 19:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-18 18:09 - 2013-08-31 21:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-18 18:04 - 2013-09-03 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-18 17:55 - 2014-05-17 21:22 - 00000000 ____D () C:\Windows\pss
2014-05-18 17:50 - 2013-09-11 17:45 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956058397-3388249811-2426527803-1000Core.job
2014-05-18 17:50 - 2013-09-02 17:18 - 00000000 ____D () C:\Users\Elvita\AppData\Local\CrashDumps
2014-05-18 17:28 - 2013-08-31 17:58 - 00000000 ____D () C:\Users\Elvita
2014-05-18 15:24 - 2009-07-13 21:20 - 00000000 __RSD () C:\Windows\Media
2014-05-18 15:24 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\schemas
2014-05-18 15:24 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-05-18 15:23 - 2014-05-17 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 15:23 - 2013-12-11 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-05-18 15:23 - 2013-11-24 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2014-05-18 15:23 - 2013-11-24 15:08 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-05-18 15:23 - 2013-11-12 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Internet Explorer 10
2014-05-18 15:23 - 2013-11-12 21:07 - 00000000 ____D () C:\Program Files (x86)\Download Internet Explorer 10
2014-05-18 15:23 - 2013-10-26 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-18 15:23 - 2013-10-26 12:24 - 00000000 ____D () C:\Users\Elvita\AppData\Local\Google
2014-05-18 15:23 - 2013-10-26 12:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-18 15:23 - 2012-01-27 12:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-18 15:23 - 2011-07-12 21:32 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-05-18 15:23 - 2011-07-12 21:32 - 00000000 ____D () C:\Program Files (x86)\Roxio
2014-05-18 15:23 - 2011-07-12 21:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-05-18 15:23 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 15:23 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-18 15:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-18 15:22 - 2012-01-27 13:39 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-18 15:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-05-18 15:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-05-18 15:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-05-18 15:09 - 2012-01-27 12:45 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-18 15:09 - 2011-07-12 21:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-18 15:09 - 2011-07-12 21:24 - 00000000 ____D () C:\Program Files (x86)\K-NFB Reading Technology Inc
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-05-18 13:48 - 2014-05-18 13:48 - 00000000 ____D () C:\inetpub
2014-05-17 21:36 - 2014-05-17 21:36 - 00000000 __SHD () C:\Users\Elvita\AppData\Local\EmieUserList
2014-05-17 21:36 - 2014-05-17 21:36 - 00000000 __SHD () C:\Users\Elvita\AppData\Local\EmieSiteList
2014-05-17 21:29 - 2014-05-17 21:29 - 00000000 ____D () C:\Users\Elvita\AppData\Roaming\InstallShield
2014-05-17 20:56 - 2013-11-24 15:08 - 00000000 ____D () C:\Users\Elvita\AppData\Roaming\Open Download Manager
2014-05-17 18:45 - 2014-03-23 14:32 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-17 18:44 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-17 18:38 - 2014-03-23 14:31 - 00000000 ____D () C:\Users\Elvita\AppData\Local\Conduit
2014-05-17 18:38 - 2014-03-23 14:31 - 00000000 ____D () C:\Program Files\Conduit
2014-05-17 18:38 - 2014-03-23 14:31 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-05-17 18:38 - 2013-11-24 15:12 - 00000000 ____D () C:\Users\Elvita\AppData\Roaming\52926c31e56da1a935000c10
2014-05-17 18:38 - 2013-11-06 02:58 - 00000000 ____D () C:\ProgramData\Wincert
2014-05-17 18:38 - 2013-11-06 02:57 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar
2014-05-17 18:34 - 2013-11-06 18:25 - 00000000 ____D () C:\ProgramData\Big Fish
2014-05-17 18:34 - 2013-11-06 18:07 - 00000000 ____D () C:\BigFishCache
2014-05-17 18:10 - 2014-05-17 18:05 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 18:05 - 2014-05-17 18:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-17 18:05 - 2014-05-17 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 18:05 - 2014-05-17 18:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 18:03 - 2014-05-17 18:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Elvita\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-17 17:49 - 2014-05-17 17:49 - 00000000 ____D () C:\Users\Elvita\AppData\Local\BrowserSafeguard
2014-05-15 01:19 - 2013-09-15 15:50 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-15 01:19 - 2013-09-01 13:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-09 00:14 - 2014-05-18 15:55 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 00:11 - 2014-05-18 15:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-05 22:40 - 2014-05-22 07:51 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 22:17 - 2014-05-22 07:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 21:25 - 2014-05-22 07:50 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 21:07 - 2014-05-22 07:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 21:00 - 2014-05-22 07:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 20:10 - 2014-05-22 07:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 17:12 - 2013-08-31 19:05 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-01 00:15 - 2013-08-31 18:13 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForELVITA-HP$
2014-05-01 00:15 - 2013-08-31 18:13 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForELVITA-HP$.job
 
Some content of TEMP:
====================
C:\Users\Elvita\AppData\Local\Temp\dlLogic.exe
C:\Users\Elvita\AppData\Local\Temp\nsk80A9.exe
C:\Users\Elvita\AppData\Local\Temp\nskA710.exe
C:\Users\Elvita\AppData\Local\Temp\nsp7AFD.exe
C:\Users\Elvita\AppData\Local\Temp\nsuAEED.exe
C:\Users\Elvita\AppData\Local\Temp\spstub.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-19 08:08
 
==================== End Of Log ============================
Link to post
Share on other sites