Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91699 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can download but cannot install -- still infected? [Solved]

Painfully Slow

  • This topic is locked This topic is locked
91 replies to this topic

#1 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 14 April 2014 - 09:12 AM

Hello all,

 

I have been trying to post the logs here to get my topic started but have been so far unsuccessful and I wanted to see if I can get any insights so that I may.

 

A neighbor has asked me to look at their computer.  It was totally locked up and not able to do anything.

 

It has windows vista, intel centrino and I believe 4gb ram. AVG

 

I am hoping it will not need a reformatting.

 

I was able to delete alot of their start ups (except TuneUp something.....I can't find it in add/remove nor in startup file.) This helped with boot.

 

I deleled ERROR End, a program they wanted to keep.  I felt it was causing issues and looked into it and was validated. Once this was gone speed picked up a little and got on the web (but painfullyslow to open).

 

I downloaded Malwarebytes and ran it.  It got rid of a couple issues. AVG and Malwarebytes come back clean.  I ran CCleaner and that helped clear out some items as well. Also was able to run Glary.  I was unsuccessful at running ESET (error 101 on dl of database) or Kaspersky online scanner (Failed to install). Things were able to be downloaded but not installed. (I think I saw a brief flash once regarding an windows intaller failed message????)

 

I tried to run Hijack This so I could open a topic. But I keep getting an install error when I try to run HJT. Finally, I went back here and noticed OLT. I started running that last night about 7 pmish and it was still going this am.  I stupidly noticed I did not check the boxes.

I shut it all down and started the scan over fresh about 7:15 am this morning.  It was still running at 8:30 am when I unfortunately had to leave for work.  I am hoping it will be done so I can post the logs when I get back. 

Just wanted the background noted and was hoping for some insight into options (Especially if the scan fails.)

Any help would be greatly appreciated,

Thanks ,

mickey7


    Advertisements

Register to Remove


#2 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 14 April 2014 - 05:06 PM

 The logs were in fact done. Here is the Extras.txt:

 

OTL Extras logfile created on: 4/14/2014 7:09:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\viccherry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.96 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 54.54% Memory free
8.10 Gb Paging File | 6.00 Gb Available in Paging File | 74.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 104.43 Gb Free Space | 47.86% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 6.58 Gb Free Space | 44.92% Space Free | Partition Type: NTFS
 
Computer Name: VICCHERRY-PC | User Name: viccherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 1F E0 E5 F8 96 93 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002E9FDD-853D-49A8-BAEC-58F749B17CE8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1621B1AD-32B5-47F4-9FA8-03DBE11C6E58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1D1EE6CC-F156-45BE-8383-D96888A92183}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{1ECA3C5D-60CE-4BFE-8C3A-90138A3C7347}" = lport=10243 | protocol=6 | dir=in | app=system |
"{203521B6-8BBF-4907-8008-67DBF5A7F6D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{28DA8244-2005-4AF6-B0F3-4FBC8CE350D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{31C92242-43F4-4C16-8E1A-AEC4A0FE8274}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{3BF0511A-86EC-4C49-A5BC-7F585FCB277B}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{66A29EB8-B3EA-4871-8F26-EA79D2EA22C1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6F528F62-7904-4708-B381-85A731D87ABA}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{7DED0327-A407-442E-AF7C-FC8E0CD91A2F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{8B3907F7-51CE-4C67-ACF4-2B737E600789}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8CBAF75E-F0D4-4708-A362-DD73F0CA0916}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{940F6A13-57F4-42EA-A86C-6F1AF7091BC2}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{9B2E9550-8B0D-4D8C-B19D-1443C3EB03F3}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{B90E76E9-08CE-4F60-8F80-9D97411B8E5F}" = lport=5900 | protocol=6 | dir=in | name=ultravnc server |
"{D0B8261B-ED4D-448A-AA47-74C773948B71}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E2F870CC-CE70-4055-B761-2E2445EC89F1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E3FCB1EF-6555-43BE-AE1E-4E1D03DFD968}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FA88EC03-737A-4967-8481-3E039608193E}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A9271F-FBDB-4763-8B19-3EB0101C9217}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{12E53E17-BB46-4218-AE7C-3B45615F0804}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
"{15E6B7D4-323D-420F-8892-6EE6862C5617}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{1CAEFF7B-64FD-44B1-8D91-5CDE1A493C75}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{1FB32D5E-2557-4A9F-83EC-03E34CA24668}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{25B4AAD4-AC61-4E0A-A308-DF637D7A9FBE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{276BAFAA-33FD-4A9F-B7A9-D96784B9ACF4}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{2A9F9CC6-0299-48F5-B5E3-4821CF46C959}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{2D0D04F1-5CD3-4134-8E7A-6EC127459D32}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{2E1CA6CE-C799-40C7-B4DF-E8023BF67CAB}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{34F501F6-877D-4069-991B-7FB80BD523E8}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{35DECB9E-8EBC-4613-B89A-06E6F3209EC2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{3D0AF7DD-2CBC-476E-A9EB-D036B844B633}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{424D2280-A635-427D-9680-CA9B3CBC8DB6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{458A0391-AE37-4F87-AEB4-1365C1431B46}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{4B4F9542-9839-4D52-BE12-81F2778435C9}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{4C10D70F-A84B-4A44-9B53-5FAEFB3F0836}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{4FA4E594-5076-48DB-8678-957B7594F3AB}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{571A634D-7170-4F3B-B3B8-1E7264A9A5C8}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{5726F802-AA21-47C4-89CE-60FDD8976B4D}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{6037EE93-66BF-4659-A4F4-A8E0244A1AB6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{64779C45-0230-4396-9A7D-440E69EFBDB3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{68DBCBDF-58C8-47A9-B2B1-BD06FB604095}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6AAF58AA-146D-4AE4-B1E1-52C4CC4BBFF1}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{6B98BEBC-A462-434A-B516-851BC396F2CF}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{6C5895F8-ED24-4C4F-9308-5D298861D82B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
"{6E49C7FA-5F44-46C4-9E2A-E37D2DB9A69B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6F3465A7-CA48-4EA4-AB4A-BD489BBA3180}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
"{75A29450-DB2A-47CA-A07C-8905E25DEE81}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{76F714D5-4F37-47AB-B7F9-88F442C367DF}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{7CC6B7C3-850C-49A8-9D20-8BB16634AA20}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{7D7D1EDF-9555-4553-96B4-68CECC262B3C}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{7DF607C9-BFE8-4174-9D58-61E5769D664F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{8BA9F8EA-B8C8-46BB-82F6-1DDE8E6CC084}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{8DDA636C-BEC9-42E8-B7BC-70A7A99C5F03}" = protocol=6 | dir=out | app=system |
"{9285AE12-4E19-4940-BE3E-666C85FBF4FD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
"{95B946AB-3BB8-4E97-B206-D580B5F241CB}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{978E9AF9-C1EA-464A-BA75-D486574A47EC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9A9A01DD-CBD7-43A3-92BA-2B99ABA8A664}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9B366E92-3E7F-4B72-9158-465403C3C3D7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{9FF0F4D1-4FB0-48FC-B9F9-FEE4B70B0332}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A0CCD2A2-9F49-4293-8DD6-632FD89A2701}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{A4C716BE-0F8E-422F-B9FF-C85A71AF0E3A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A8D9B1B7-ADC3-43FC-8F3C-AB263F247DBD}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{AE597A0A-CE2A-4352-83EC-482F62C896F5}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{B5C76ECD-28AB-47DE-B24E-0305B99A4395}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{B5F46DC6-E8CB-40E8-8652-0EF2F82DC27D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BB85639A-9A71-4416-A3C5-560D3912CC77}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{BEA44DBC-BFA2-430F-A704-8CA14D382BC7}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{C0022FD1-0F30-4684-B1E5-FE14B6740E8A}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{C32E36E5-FF09-404A-BF57-8D83FA5970FE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{C4333A3E-BE7D-4C84-8B52-229D3457F10C}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{CBF82B76-A2A3-4483-BAC7-D6F9F9E0577E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{CD129B34-37B8-45FD-B700-6A79F2753FDA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{CD244029-DDA3-4C49-8A54-79DA76B46939}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{CFA486AE-AD9C-4AA8-A7F6-ED37CF9D63F2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
"{D1AA7905-7C45-4A17-9DF1-1A1F258181B7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{D2366752-67B1-49ED-80B1-22A92EFC16D1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{D3E23B38-E2A3-419D-9FAA-DC3A6B27CFD1}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D5AFAFBC-248E-494F-BD2E-22BF2FFC20C9}" = protocol=17 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
"{E444CF82-DB91-4688-90DD-30DE61C1F77E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{E79973D8-C742-4765-9845-DA9661F8DCEC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E92E91C1-35B8-48B8-B42B-CD214A724DEB}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v310-v510 series\dleafax.exe |
"{EC681771-C302-4916-8DBA-73226378DB60}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v310-v510 series\dleafax.exe |
"{F5AE45D1-FAD2-4F08-AFE6-1CA6A968C914}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
"{F5D8A8B0-5944-4566-B387-5D64798AEBF0}" = protocol=6 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
"{F6D9A786-F4AC-4BA2-9279-2A05A7931836}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
"{FB6F92EB-A6C0-4CF7-BDDA-547608EA036D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{FB775EA8-9055-414A-ACCF-1524D060A630}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
"{FD498021-6842-4A1C-A216-D49AFA56BB9A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{FEFE941B-AF62-47AE-B9D9-0D404DFE29D4}" = dir=in | app=c:\windows\system32\dleacoms.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8CE63B30-E812-4E58-9698-8C571BDA6162}" = AVG 2013
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EF13DB20-03BE-4EDD-9C48-05ED03E3E852}" = AVG 2013
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
"AVG" = AVG 2013
"CCleaner" = CCleaner
"Dell V310-V510 Series" = Dell V310-V510 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13BBBB38-22D8-4BF1-80CA-7D54152C2980}" = WebSlingPlayer ActiveX
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}" = Apple Application Support
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.5
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{51FC5315-20D4-4B6D-89B4-8776DC5A12CA}" = H&R Block Pennsylvania 2009
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B9D627D-4100-403C-961B-6C67B63DA224}" = H&R Block Pennsylvania 2011
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1" = AtHomeConnect version 1.0.1.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Deluxe + Efile + State 2012
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F6E3FF9-51FB-4C97-B277-5505D91F675C}" = H&R Block Pennsylvania 2010
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8DD8C86-E233-4AE4-BB8A-C52D36D7756D}" = H&R Block Pennsylvania 2012
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"AVG Secure Search" = AVG Security Toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pdf995" = Pdf995 (installed by H&R Block)
"PdfEdit995" = PdfEdit995 (installed by H&R Block)
"Registry Repair" = Registry Repair 4.1.0.388
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" =  Updater
"Move Media Player" = Move Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/14/2014 7:00:03 AM | Computer Name = viccherry-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 4/14/2014 7:00:23 AM | Computer Name = viccherry-PC | Source = profsvc | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system.      DETAIL - Access is denied.
 
Error - 4/14/2014 7:00:39 AM | Computer Name = viccherry-PC | Source = profsvc | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system.      DETAIL - Access is denied.
 
Error - 4/14/2014 8:51:15 AM | Computer Name = viccherry-PC | Source = Windows Search Service | ID = 3100
Description =
 
Error - 4/14/2014 8:59:55 AM | Computer Name = viccherry-PC | Source = VSS | ID = 13
Description =
 
Error - 4/14/2014 8:59:55 AM | Computer Name = viccherry-PC | Source = VSS | ID = 8193
Description =
 
Error - 4/14/2014 9:00:00 AM | Computer Name = viccherry-PC | Source = System Restore | ID = 8193
Description =
 
Error - 4/14/2014 12:04:36 PM | Computer Name = viccherry-PC | Source = Windows Search Service | ID = 3100
Description =
 
Error - 4/14/2014 2:03:45 PM | Computer Name = viccherry-PC | Source = Windows Search Service | ID = 3100
Description =
 
Error - 4/14/2014 2:18:39 PM | Computer Name = viccherry-PC | Source = Windows Search Service | ID = 3100
Description =
 
[ System Events ]
Error - 4/14/2014 9:46:08 AM | Computer Name = viccherry-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 4/14/2014 9:57:47 AM | Computer Name = viccherry-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 4/14/2014 9:57:47 AM | Computer Name = viccherry-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 4/14/2014 2:46:23 PM | Computer Name = viccherry-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 4/14/2014 2:46:26 PM | Computer Name = viccherry-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 4/14/2014 3:47:12 PM | Computer Name = viccherry-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 4/14/2014 3:47:12 PM | Computer Name = viccherry-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 4/14/2014 4:25:19 PM | Computer Name = viccherry-PC | Source = DCOM | ID = 10010
Description =
 
Error - 4/14/2014 4:47:13 PM | Computer Name = viccherry-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 4/14/2014 4:47:13 PM | Computer Name = viccherry-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
 



#3 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 14 April 2014 - 05:07 PM

and here is the OTL.txt log:

 

OTL logfile created on: 4/14/2014 7:09:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\viccherry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.96 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 54.54% Memory free
8.10 Gb Paging File | 6.00 Gb Available in Paging File | 74.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 104.43 Gb Free Space | 47.86% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 6.58 Gb Free Space | 44.92% Space Free | Partition Type: NTFS
 
Computer Name: VICCHERRY-PC | User Name: viccherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\viccherry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
PRC - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
PRC - C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()
PRC - C:\Program Files (x86)\Common Files\Dell\apache\php.exe (The PHP Group)
PRC - C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\ProgramData\UltraVNC\winvnc.exe (UltraVNC)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
MOD - C:\Program Files (x86)\Common Files\Dell\apache\ioncube_loader_win_5.2.dll ()
MOD - C:\Program Files (x86)\Common Files\Dell\apache\libmysql.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadrs.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\DLEAcfg.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll ()
MOD - C:\Windows\SysWOW64\DLEAsmr.dll ()
MOD - C:\Windows\SysWOW64\DLEAsm.dll ()
MOD - C:\Program Files (x86)\Common Files\Dell\apache\bin\zlib1.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater18.0.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (hnmsvc) -- C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (dsl-fs-sync) -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
SRV - (dleaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (dlea_device) -- C:\Windows\SysWOW64\dleacoms.exe ( )
SRV - (dsl-db) -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Apache2.2) -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uvnc_service) -- C:\ProgramData\UltraVNC\winvnc.exe (UltraVNC)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys ()
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (Packet) -- C:\Windows\SysWOW64\drivers\packet.sys (SingleClick Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {79EBD815-735B-4501-9798-B6FB68628A71}
IE:64bit: - HKLM\..\SearchScopes\{79EBD815-735B-4501-9798-B6FB68628A71}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {B5DE1913-E399-483E-9FCA-3DDF85011525}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...1-0023AE234BC6}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{3A706E37-3768-44F8-89D1-B96B6011B6EB}: "URL" = http://search.yahoo....&fr=chr-gl-gen1
IE - HKCU\..\SearchScopes\{5A11508C-7E5E-446B-929C-03197C40EE40}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={5B884C15-13DB-4B51-A87E-F12B2D439BE7}&mid=58547acb9f7f4519162bd2354df15e1c-e92b75959ee62bfb6234d3af093a7ba4758ac9a1&lang=en&ds=AVG&pr=pr&d=2012-04-22 20:57:01&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AE71F40B-123D-49B7-8990-8AD85DD59C9E}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{B5DE1913-E399-483E-9FCA-3DDF85011525}: "URL" = http://search.condui...7534550287&UM=2
IE - HKCU\..\SearchScopes\{C18EA064-B948-4077-BD6A-AB94630083C1}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...006.10042&st=23
IE - HKCU\..\SearchScopes\{F8DEEF26-329F-4DCB-B7D9-27759FB661FB}: "URL" = http://websearch.ask...CE-900758F3A54C
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fp-yie9"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\viccherry\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\viccherry\AppData\Roaming\Move Networks [2014/03/29 10:49:31 | 000,000,000 | ---D | M]
 
[2014/04/09 20:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\viccherry\AppData\Roaming\Mozilla\Extensions
[2014/04/11 18:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\viccherry\AppData\Roaming\Mozilla\Firefox\Profiles\n5jkhikp.default\extensions
[2014/04/07 21:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/07 21:35:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Docs = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (Unit) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - Reg Error: Value error. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\RunOnce: [Uninstall C:\Users\viccherry\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\viccherry\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\viccherry\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\viccherry\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{002E2311-6495-440E-A2F9-05B194EBE752}: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F45EBB82-E1FA-408C-9131-9C41D02B34E6}: DhcpNameServer = 192.168.2.113 4.2.2.2
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\viccherry\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\viccherry\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bc0f12f5-a300-11e2-8e76-0023ae234bc6}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/13 20:53:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\viccherry\Desktop\OTL.exe
[2014/04/12 19:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2014/04/11 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\iolo
[2014/04/11 18:49:30 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\GlarySoft
[2014/04/11 18:35:03 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
[2014/04/11 18:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glarysoft
[2014/04/09 21:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/09 21:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/04/09 20:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2014/04/09 20:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iolo
[2014/04/09 20:10:14 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\Mozilla
[2014/04/09 20:10:11 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\Mozilla
[2014/04/09 19:33:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/04/09 19:33:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/04/09 19:33:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/09 19:33:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/09 19:33:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/09 19:33:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/09 19:33:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/04/09 19:33:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/04/09 19:33:10 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/09 19:33:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/09 19:33:10 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/09 19:33:09 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/09 19:33:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/04/09 19:33:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/04/09 19:33:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/09 19:13:24 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/09 18:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/04/09 18:44:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/07 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/04/07 21:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/04/07 21:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/07 20:12:02 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{38B8547E-9B0A-47BA-95CA-CA6A46906379}
[2014/04/07 19:53:15 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/07 19:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/07 19:53:03 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/07 19:53:03 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/07 19:53:03 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/07 19:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/07 19:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/07 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{C35BC776-AD27-4FA7-9EAA-7EF225D9C473}
[2014/04/02 18:15:44 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{8266DBFC-84E6-42F6-993D-9316823ADAEF}
[2014/04/01 20:40:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/04/01 15:05:58 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{FFEC9C09-2504-44E5-A900-551BE987D180}
[2014/03/31 21:04:56 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{B937B2F6-BEC8-4CE3-ABB0-FDDA9A252A31}
[2014/03/30 16:56:43 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{4413BCE3-9B76-41E6-9367-CF0070183368}
[2014/03/30 11:25:03 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{75D1D2C9-5EF2-4EA1-A639-F1E9E3CB284C}
[2014/03/30 09:43:22 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{46937EE7-8938-43D9-8BEE-10C8061C10CF}
[2014/03/30 08:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/30 08:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/03/30 08:46:47 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/03/29 16:55:54 | 001,111,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/29 16:55:52 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/29 16:29:41 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/29 16:29:41 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/29 12:08:37 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{CBEEC01E-86CD-45D6-93B6-FFA3F97DA19E}
[2014/03/29 06:20:33 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{5F6F5A9B-C0CC-4405-83C2-40F51FD25BA2}
[2014/03/28 18:48:34 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{67ACA017-089F-45FF-9C62-919B907287FC}
[2014/03/24 22:36:14 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{3F3E0AD0-84F0-4CDA-AB62-0B1D0CA2D6A4}
[2014/03/20 14:50:52 | 000,240,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014/03/17 22:08:37 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{A19E3834-7C3A-4042-BD21-F967AFA1612E}
[2009/08/13 05:30:52 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\viccherry\AppData\Roaming\DataSafeDotNet.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/14 10:59:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/14 10:59:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/14 10:28:47 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/14 09:46:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/14 06:58:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/14 06:58:38 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/13 20:44:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\viccherry\Desktop\OTL.exe
[2014/04/12 15:05:10 | 001,402,880 | ---- | M] () -- C:\Users\viccherry\Documents\HijackThis.msi
[2014/04/11 18:35:53 | 000,001,061 | ---- | M] () -- C:\Users\viccherry\Desktop\Registry Repair.lnk
[2014/04/09 21:59:51 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/09 20:41:05 | 000,001,012 | ---- | M] () -- C:\Users\viccherry\Desktop\System Checkup.lnk
[2014/04/09 20:40:18 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat
[2014/04/09 18:51:57 | 000,003,759 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg
[2014/04/09 18:51:37 | 000,000,290 | ---- | M] () -- C:\Windows\SysWow64\usergui.cfg
[2014/04/09 18:50:42 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2014/04/09 18:41:33 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2014/04/07 21:45:14 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/07 19:53:06 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/07 19:07:20 | 000,656,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/07 19:07:20 | 000,124,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/07 19:07:14 | 000,777,776 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/03 09:51:12 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/30 16:28:30 | 000,000,732 | ---- | M] () -- C:\Users\viccherry\AppData\Local\d3d9caps64.dat
[2014/03/30 10:53:32 | 000,006,756 | ---- | M] () -- C:\Users\viccherry\AppData\Local\d3d9caps.dat
[2014/03/30 10:53:24 | 000,002,317 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2014/03/30 09:37:16 | 000,283,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/30 08:48:15 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/29 12:49:55 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/29 12:49:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/20 14:50:52 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/13 17:41:01 | 4255,502,336 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/13 14:40:36 | 001,402,880 | ---- | C] () -- C:\Users\viccherry\Documents\HijackThis.msi
[2014/04/11 18:35:53 | 000,001,061 | ---- | C] () -- C:\Users\viccherry\Desktop\Registry Repair.lnk
[2014/04/09 21:59:51 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/09 20:41:05 | 000,001,012 | ---- | C] () -- C:\Users\viccherry\Desktop\System Checkup.lnk
[2014/04/09 20:40:18 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2014/04/07 21:45:14 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/04/07 21:45:14 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/07 19:53:06 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/30 08:48:15 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/29 17:47:31 | 000,000,732 | ---- | C] () -- C:\Users\viccherry\AppData\Local\d3d9caps64.dat
[2014/02/25 04:07:13 | 000,771,580 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/14 19:16:06 | 000,002,802 | ---- | C] () -- C:\Users\viccherry\AppData\Roaming\wklnhst.dat
[2009/05/13 21:37:59 | 000,008,248 | ---- | C] () -- C:\Users\viccherry\AppData\Local\en.ini
[2009/04/26 20:00:20 | 000,005,632 | ---- | C] () -- C:\Users\viccherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/26 19:34:05 | 000,006,756 | ---- | C] () -- C:\Users\viccherry\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/03 21:23:58 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\AVG
[2013/01/21 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\AVG2013
[2011/05/05 19:45:50 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\AVG9
[2013/07/22 17:51:15 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/04/11 18:49:30 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\GlarySoft
[2014/04/11 19:16:22 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\iolo
[2014/03/29 10:49:31 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\MediaMonkey
[2014/03/29 10:49:31 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\pdf995
[2013/09/13 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\SanDisk SecureAccess
[2011/10/02 16:44:06 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\Sling Media
[2013/03/24 19:14:44 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\TaxCut
[2009/06/14 19:16:08 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\Template
[2012/05/26 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\TuneUp Software
[2010/04/20 14:16:36 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\V310-V510 Series
[2009/04/13 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\WildTangent
[2009/10/23 19:16:51 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.EXE  >
[2009/03/15 00:48:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/03/15 00:48:01 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/03/15 00:48:02 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/03/15 00:48:01 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/03/15 00:48:01 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/03/15 00:48:01 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/03/15 00:48:01 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/03/15 00:48:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2006/11/02 11:13:38 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2006/11/02 11:13:38 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6a2f0af76374ed51\explorer.exe.mui
[2006/11/02 11:13:32 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=872D519975CA4D7CC596FC93470D49E0 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 11:13:32 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=872D519975CA4D7CC596FC93470D49E0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5fda60a52f142b56\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-D5E97654.PF  >
[2014/04/14 07:12:31 | 000,124,842 | ---- | M] () MD5=49A618B6ABB44A5405EB1EFD055C4B03 -- C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf
 
< MD5 for: IEXPLORE.EXE  >
[2012/06/02 07:47:54 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=004640AB259C1572EBD5FB0A32F63686 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20553_none_b5336068bd3ba567\iexplore.exe
[2013/01/08 21:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16464_none_b49ff3fba4253ae5\iexplore.exe
[2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16446_none_bf0c3eb9d873f7ac\iexplore.exe
[2013/10/13 06:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=06085B62BC7E0C8E2605CEA38774D956 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16520_none_bf1bdebbd86924e7\iexplore.exe
[2009/03/15 00:40:57 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=07ED775D6DB4BFA96D7CFB09EB228418 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_9399882309d61be8\iexplore.exe
[2009/01/15 00:14:36 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_93f80d9f098e0166\iexplore.exe
[2012/10/03 22:07:39 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=0B09588808D3865287BE65CF62D792B2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20562_none_b5279032bd44a801\iexplore.exe
[2012/11/13 22:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16457_none_bf026f17d87b2cf4\iexplore.exe
[2013/07/31 06:18:24 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=10C1F2EC48D524AE10229AACD37B172A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20617_none_bfb74d78f1785a21\iexplore.exe
[2014/02/23 02:00:18 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=10EB5C0E376727E21198B14E2F1637F7 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16540_none_bf063ee3d8795cc9\iexplore.exe
[2013/07/24 22:48:45 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=139C8953AC56A9E559C7DEF07BC45ED7 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20613_none_bfb34c50f17bf4c5\iexplore.exe
[2013/11/14 22:14:05 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=140325733F0DFB82A6A600CE301478EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16526_none_b4cd3625a402faf6\iexplore.exe
[2013/05/17 00:10:41 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=1423FF1BFD2ECD9CFC8C17EA4F98B20F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16490_none_b47b830fa441295c\iexplore.exe
[2009/03/15 00:34:04 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=157F8DE991396C536820D7FA5C8DCF7D -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_93e5397d099d5578\iexplore.exe
[2009/03/15 00:42:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=182CAF7403705ACCB51211A761080B8F -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_9433f69622e637cb\iexplore.exe
[2009/03/15 00:23:03 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=19403B64906C9EAC627E3C10847B0FDA -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_93bffb8909b85d46\iexplore.exe
[2012/06/27 22:23:58 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=1A8A5634E778B0466BE0932B460ACCB3 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20554_none_b53460b2bd3abebe\iexplore.exe
[2009/03/15 00:40:57 | 000,701,440 | ---- | M] (Microsoft Corporation) MD5=1ACD856D345FA54F89335C793B2B0874 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_8a115c9dee6081e6\iexplore.exe
[2009/11/21 11:04:19 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=1B5572B8B9CD678E814F57B245400F64 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_6ec34e240169f05e\iexplore.exe
[2009/11/21 02:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_78828b751cb61529\iexplore.exe
[2009/03/03 00:18:52 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=1DD66A2851DACDEC32EAE8F9A8865ABD -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_9465e0f822c1744a\iexplore.exe
[2009/04/24 12:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1F44940EF1D07D0BDAF80E55853DFBD0 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_93b9fbb309bdc263\iexplore.exe
[2009/03/15 00:12:29 | 000,709,800 | ---- | M] (Microsoft Corporation) MD5=20B5615A7F3EB138651CE1B60C625D76 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_895d806cd5626b37\iexplore.exe
[2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16450_none_befb6d11d8817b93\iexplore.exe
[2013/02/22 03:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16476_none_b49724a3a42b8984\iexplore.exe
[2010/02/23 11:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_78ebb87c35ec08c6\iexplore.exe
[2012/05/17 18:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20551_none_bf860a26f19e34b4\iexplore.exe
[2013/10/13 12:04:00 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=27DC2B3A141BE4566A0B45A5E5F4668A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16520_none_b4c73469a40862ec\iexplore.exe
[2012/06/28 00:16:03 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=2BF1D4CA1D2DFDCA52421730CA46E851 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16448_none_b4b994fba411685f\iexplore.exe
[2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_97c0beeb03de7f46\iexplore.exe
[2012/08/24 07:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16450_none_b4a6c2bfa420b998\iexplore.exe
[2013/10/13 05:43:05 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=2D64E29ADB5DEB40446796A9C42417E3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20631_none_bf9babe4f18df9f9\iexplore.exe
[2009/08/27 01:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=2E48756F12C21F46895036AC089AAD97 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_78b0cc031c92f16a\iexplore.exe
[2009/03/15 00:42:56 | 000,701,440 | ---- | M] (Microsoft Corporation) MD5=2EEE7F65B04F759FE7D238AD6EAB90B7 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_89df4c43ee8575d0\iexplore.exe
[2009/03/15 00:42:56 | 000,701,440 | ---- | M] (Microsoft Corporation) MD5=31705413C889C5503F564C642D83C282 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_89721e14d5531cd7\iexplore.exe
[2013/02/22 00:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16476_none_beebcef5d88c4b7f\iexplore.exe
[2012/06/27 21:08:59 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=32F1A71CC1943BD537DA1516E0CB6AF3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16448_none_bf0e3f4dd8722a5a\iexplore.exe
[2014/02/23 02:26:53 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=32FC0953B384A11B4AB422E56E2BDBCD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20651_none_bf860c0cf19e31db\iexplore.exe
[2009/04/24 12:07:30 | 000,711,432 | ---- | M] (Microsoft Corporation) MD5=3319AE709DEAA8539AB3B4110C3C675D -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_8c07706deb7a6fe7\iexplore.exe
[2013/05/28 23:32:47 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=33E62E4EFC2ACA8EC63A8926F26D3889 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20606_none_bfc11d1af17124d9\iexplore.exe
[2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16447_none_bf0d3f03d8731103\iexplore.exe
[2012/10/03 23:12:11 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=367045AF10C4875707E0864E352EF3F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16455_none_b4abc431a41c384b\iexplore.exe
[2010/11/02 02:29:04 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=37302FCB9B7D54B0DBB43624E7A21B3C -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_6e11746ce86a0984\iexplore.exe
[2014/02/23 03:18:06 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=390914F89AFA344319B9CF59306FF9A9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16540_none_b4b19491a4189ace\iexplore.exe
[2010/01/02 10:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_78ff57c035dd9e36\iexplore.exe
[2014/02/05 06:25:49 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=3E5F9E8087909F24D8DDF1F33CFF14A0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16533_none_b4bf655ba40dcae2\iexplore.exe
[2013/04/04 18:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16483_none_beddfe2bd8971b6b\iexplore.exe
[2013/02/22 00:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20586_none_bf6a9bd4f1b2073a\iexplore.exe
[2014/03/07 18:55:11 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=41F24930153D42287D157B93A859E6F3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20656_none_bf8b0d7ef199b08e\iexplore.exe
[2013/11/14 19:18:24 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=43E6F2A7FB182F2D7CB0CE5B8F1005CF -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16526_none_bf21e077d863bcf1\iexplore.exe
[2013/09/22 06:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=45BDA923BE52906D1460BCB13AC2AB7A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16514_none_bf2aafcfd85d6e52\iexplore.exe
[2014/02/05 05:08:15 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=48600DAC5AF3A53B6F430528209E4830 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16533_none_bf140fadd86e8cdd\iexplore.exe
[2010/05/04 02:32:18 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_7946112635a7c1dc\iexplore.exe
[2010/09/08 02:26:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4A719476A6393B1DCACFEB4F3AC6599C -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_790e00f635d21ae3\iexplore.exe
[2009/07/22 02:04:09 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4B5AEA50CE77FBA4C2D169622DC9B489 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_794b073435a4da9f\iexplore.exe
[2012/06/27 19:36:32 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=4B649ED3CDC17707898E4948AAB72528 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20554_none_bf890b04f19b80b9\iexplore.exe
[2009/03/15 00:12:28 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=4CBA2F58668F2D5F3259CBE73E227F25 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_945f3a1222c5c255\iexplore.exe
[2009/03/15 00:34:04 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=4DBD95312B1C96C5285D38F1D748CD4D -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_943fc8b222dd3258\iexplore.exe
[2012/05/17 22:51:05 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=4E99F42504A99D5024C2EFA015001937 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16446_none_b4b79467a41335b1\iexplore.exe
[2009/03/03 00:58:49 | 000,712,888 | ---- | M] (Microsoft Corporation) MD5=4F49A46AB978ED80D536E25FC87AF3F5 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_8b71013cd266bc39\iexplore.exe
[2009/08/27 01:52:49 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=51BDD4A648CD937BC7111D09930114C3 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_6e5c21b0e8322f6f\iexplore.exe
[2013/07/25 00:00:18 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=536B5973A34DDAA6E16AC8248B726BD0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20613_none_b55ea1febd1b32ca\iexplore.exe
[2009/03/03 00:41:00 | 000,712,888 | ---- | M] (Microsoft Corporation) MD5=57731E60EA98B8C279DCB5BBB82B68B7 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_8979f0eed54daf2f\iexplore.exe
[2013/07/24 22:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=57EC630DBD5F0713E77CB3540AB80A8E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16502_none_bf337f27d8571fb3\iexplore.exe
[2009/04/11 03:11:08 | 000,712,864 | ---- | M] (Microsoft Corporation) MD5=58136AB5A3DF2D44BBB483629188584A -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_8d6c1498cf7dbd4b\iexplore.exe
[2012/08/24 06:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20557_none_b5376190bd380ac3\iexplore.exe
[2010/11/02 02:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5AB037B17F8A87D052F5A88E0D29A3C8 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_78661ebf1ccacb7f\iexplore.exe
[2008/01/20 22:48:06 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_95d545df06bcb3fa\iexplore.exe
[2010/05/04 02:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_78b0cde91c92ee91\iexplore.exe
[2012/06/02 08:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16447_none_b4b894b1a4124f08\iexplore.exe
[2012/08/24 03:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20557_none_bf8c0be2f198ccbe\iexplore.exe
[2014/03/08 01:00:02 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=62D1CE9232CE753D9627402C9B95E3D5 -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/03/08 01:00:02 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=62D1CE9232CE753D9627402C9B95E3D5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16545_none_b4b69603a4141981\iexplore.exe
[2009/03/15 00:23:02 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=6655B851D9EEF7C83395EE52D551B448 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_946a09fe22bda664\iexplore.exe
[2013/05/16 19:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=67EE46FD4D3B56531C5DD1BDC149275A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16490_none_bed02d61d8a1eb57\iexplore.exe
[2014/02/23 03:43:36 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=698102FF40FC7A63DA1245BB8DE0FF53 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20651_none_b53161babd3d6fe0\iexplore.exe
[2013/01/08 18:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16464_none_bef49e4dd885fce0\iexplore.exe
[2009/03/15 00:40:57 | 000,701,440 | ---- | M] (Microsoft Corporation) MD5=699D1D2EAF5C80E7361809B0ED8AE773 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_8944ddd0d57559ed\iexplore.exe
[2009/04/24 12:27:28 | 000,711,432 | ---- | M] (Microsoft Corporation) MD5=6B9F780596A6FA37909A1E17B13DB8F3 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_89fe97abee6e3636\iexplore.exe
[2010/05/04 02:57:44 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=6E4A7132FE953AFFAE00B15835404564 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_6e5c2396e8322c96\iexplore.exe
[2013/09/22 11:05:44 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=6FE8A2A2E24D8BED324BA2EBE356488E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20625_none_b555d2a6bd218169\iexplore.exe
[2014/03/07 20:04:01 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=7116680C2C62709EE81BDDC69EF26B93 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2014/03/07 20:04:01 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=7116680C2C62709EE81BDDC69EF26B93 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16545_none_bf0b4055d874db7c\iexplore.exe
[2009/01/15 00:59:48 | 000,709,800 | ---- | M] (Microsoft Corporation) MD5=724BC813643C688280F353EC23128A66 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_89c8afedee968ea9\iexplore.exe
[2010/06/26 02:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_78962c9f1ca7a7c0\iexplore.exe
[2010/12/18 03:19:44 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7852371DA9EFBC17B645558E23780EAC -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_793e10bc35aef44b\iexplore.exe
[2009/03/08 17:09:11 | 000,661,344 | ---- | M] (Microsoft Corporation) MD5=7A81E0CECAE7B98459A073981F0124D5 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_6e6bbde6e827625c\iexplore.exe
[2013/02/02 04:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20580_none_b50fefc6bd56ad35\iexplore.exe
[2009/08/27 09:31:08 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7DD482E4A2E3CBB0A72F718C342F5B75 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_794538ba35a87543\iexplore.exe
[2012/10/03 18:53:29 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=7FC9E840B32E9DFBFBBA92BA5E9B97C2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20562_none_bf7c3a84f1a569fc\iexplore.exe
[2010/02/23 03:03:07 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=81AF4A1549710310E56B43C4D3F3657C -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_6e6dc246e8258f58\iexplore.exe
[2010/09/08 02:49:26 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=827BE3F3C80787B00F19E36B19531197 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_6e23131ce85d6c46\iexplore.exe
[2009/04/24 12:32:29 | 000,711,432 | ---- | M] (Microsoft Corporation) MD5=8679C8CD9690758AF0984290A1843E72 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_89655160d55d0068\iexplore.exe
[2009/03/15 00:34:04 | 000,701,440 | ---- | M] (Microsoft Corporation) MD5=88BC0B30EE1C0344119778A6E8F2509F -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_89908f2ad53c937d\iexplore.exe
[2010/01/02 02:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_7869eabf1cc90106\iexplore.exe
[2012/11/14 01:19:40 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=8ACFFA754B6ED028B8689CAD00FC2BCB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20565_none_b52a9110bd41f406\iexplore.exe
[2009/11/21 02:53:25 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=8ADB04E86E8A38307D0663CD002BFFD1 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_6e2de122e855532e\iexplore.exe
[2009/03/03 00:32:44 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=8BA2B7A05F88BE0D45237A0994AD8366 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_961169b0201311a9\iexplore.exe
[2009/03/15 00:23:03 | 000,709,408 | ---- | M] (Microsoft Corporation) MD5=8BC05A19FA4C19025D564A2201709F70 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_8a155fabee5ce469\iexplore.exe
[2010/12/18 02:56:48 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=8F69AE4F1AC2E1D2C34348D519007A2C -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_6e67cbeee8295d3e\iexplore.exe
[2011/04/01 17:10:50 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_bf1cdd1fd8684117\iexplore.exe
[2010/11/02 03:13:47 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=92A17B0A89D14815AACC62CD190B6CE3 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_78e78f7635efd6ac\iexplore.exe
[2014/03/07 22:07:19 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=9399B893A565637F9C21D069571FED6B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20656_none_b536632cbd38ee93\iexplore.exe
[2009/03/15 00:42:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9437CA21CD48C9B6BFD6F5AC0143D251 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_93c6c86709b3ded2\iexplore.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\iexplore.exe
[2012/10/03 19:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=96A360002311ECE53952AF2F5B4CD64E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16455_none_bf006e83d87cfa46\iexplore.exe
[2010/05/04 02:59:11 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=9D0512508DBDD31DA29BC05941417101 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_6ef166d40146ffe1\iexplore.exe
[2009/03/03 00:40:22 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=9E6C1527D9A2C64BFD780AA23075380F -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_95c5ab8f06c77e34\iexplore.exe
[2009/03/15 00:40:57 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9F1427F203CA078005C9943800929640 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_946606f022c143e1\iexplore.exe
[2010/02/23 02:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_78c26c991c865153\iexplore.exe
[2013/05/16 21:46:47 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=A1397D2A4924C390E55D146FB45FDF7C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20600_none_b566710cbd15cad4\iexplore.exe
[2013/04/04 21:55:57 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=A1B0DEC3BB845C6369F97BC1A3542A07 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16483_none_b48953d9a4365970\iexplore.exe
[2013/02/02 00:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20580_none_bf649a18f1b76f30\iexplore.exe
[2013/11/14 22:07:29 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=A4CC57C4374AF6D8B8C532199A3D9B6C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20637_none_b54d034ebd27d008\iexplore.exe
[2013/07/31 10:22:10 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=A818D637533302BA58C685F332388FC0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16506_none_b4e2d5fda3f2c314\iexplore.exe
[2013/05/16 18:27:11 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=A8732CEDB2C0EE7AFC08F867A47BB3EC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20600_none_bfbb1b5ef1768ccf\iexplore.exe
[2013/02/02 03:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16470_none_b49122e7a430f17a\iexplore.exe
[2009/03/03 00:36:03 | 000,712,888 | ---- | M] (Microsoft Corporation) MD5=AA8005889396DF530BCDF0E2AA0E7A04 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_8a1136a5ee60b24f\iexplore.exe
[2013/07/31 06:39:59 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=AA9CBDCD4675A48755DDA3A73BE3E283 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16506_none_bf37804fd853850f\iexplore.exe
[2008/01/20 22:50:37 | 000,701,952 | ---- | M] (Microsoft Corporation) MD5=AC2C3BAFD177B60C3B5E4DDBCC2C2DB3 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_8b809b8cd25bf1ff\iexplore.exe
[2013/05/29 02:24:18 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=AFF2C99AD2C599108B6BD9E77C24B463 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16496_none_b48184cba43bc166\iexplore.exe
[2013/02/22 03:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20586_none_b515f182bd51453f\iexplore.exe
[2009/03/08 17:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_78c068391c882457\iexplore.exe
[2010/01/02 11:15:56 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=B7ECFA3A546360E2A39ADBE1D773F3DC -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_6eaaad6e017cdc3b\iexplore.exe
[2013/10/13 08:41:01 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=B7FF42AE9760F3F0CC8EF2056A7BC372 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20631_none_b5470192bd2d37fe\iexplore.exe
[2010/12/18 02:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=B988D7F127B94BD5BF8356FE81B985C4 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_78bc76411c8a1f39\iexplore.exe
[2012/06/02 04:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20553_none_bf880abaf19c6762\iexplore.exe
[2013/04/04 17:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20593_none_bf5ccb0af1bcd726\iexplore.exe
[2009/03/15 00:12:28 | 000,709,800 | ---- | M] (Microsoft Corporation) MD5=C06D959943F4E6CEC8FF0484B1440F84 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_8a0a8fbfee65005a\iexplore.exe
[2014/02/05 06:01:30 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=C24DA744AD59EF3A87380F0A75D2E580 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20644_none_bf93dcd6f19361ef\iexplore.exe
[2009/07/21 17:53:43 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=C33BD196A0301F9B23D9A003D30ED8B0 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_78b69a7d1c8f56c6\iexplore.exe
[2009/07/21 18:12:12 | 000,660,744 | ---- | M] (Microsoft Corporation) MD5=C45FA4DA458E0B3C9636B09488029BDD -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_6e61f02ae82e94cb\iexplore.exe
[2013/04/04 20:40:37 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=C4A4F4AD91677DA1659A9ADE63746B8B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20593_none_b50820b8bd5c152b\iexplore.exe
[2010/01/02 03:09:58 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=C9256212D298D96FE0F63D69ECD9CE97 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_6e15406ce8683f0b\iexplore.exe
[2013/05/29 01:56:53 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=C9C29508A433DAF0118D28C4F38CDDFC -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20606_none_b56c72c8bd1062de\iexplore.exe
[2009/08/27 10:04:11 | 000,660,744 | ---- | M] (Microsoft Corporation) MD5=CBDEB65EDCC5E574F43F1EF79E54C8A1 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_6ef08e680147b348\iexplore.exe
[2010/02/23 12:03:02 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=D1978C9901DAA9A1C2EE78A707B1449A -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_6e970e2a018b46cb\iexplore.exe
[2009/04/24 12:03:18 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D5271AC4A06AD9D1E2EA0151B79B2657 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_945341fe22cef831\iexplore.exe
[2010/09/08 02:02:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=D5A730DFDEAE005373E62BC2A866E3BB -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_7877bd6f1cbe2e41\iexplore.exe
[2009/03/15 00:34:04 | 000,701,440 | ---- | M] (Microsoft Corporation) MD5=D5A7B74CA0826CF5BCE4AE0152231A9B -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_89eb1e5fee7c705d\iexplore.exe
[2009/04/24 12:01:36 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D6157423C117F24D24695866A1D0A93F -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_965c1ac01fdb31e2\iexplore.exe
[2009/01/15 00:50:38 | 000,709,800 | ---- | M] (Microsoft Corporation) MD5=D6F4816C6B7BE9A125E138B903C2B0EF -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_89a3634cd52d3f6b\iexplore.exe
[2009/03/03 01:02:08 | 000,712,872 | ---- | M] (Microsoft Corporation) MD5=D7379B3EF7C87578F8966FF5C7B46E9D -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_8bbcbf5debb24fae\iexplore.exe
[2009/03/15 00:12:28 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=D762642A109433EEDCD332B0A9511137 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_93b22abf09c32d32\iexplore.exe
[2010/09/08 03:28:01 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=D93AB1673986658EF1931FA751BCCF69 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_6eb956a4017158e8\iexplore.exe
[2013/02/02 00:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16470_none_bee5cd39d891b375\iexplore.exe
[2013/07/31 09:01:01 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=E1D016741AA03A959586A7818595BF46 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20617_none_b562a326bd179826\iexplore.exe
[2009/11/21 11:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_7917f87635cab259\iexplore.exe
[2010/06/26 02:31:23 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=E9D8A71AFDCA528A184C1498E22A8241 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_6e41824ce846e5c5\iexplore.exe
[2009/03/03 00:22:10 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=EA4BE33726155F89D89A3FE7142878E0 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_93ce9b4109ae712a\iexplore.exe
[2013/05/28 22:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=EE12BA876C4190532A4085994BA9B616 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16496_none_bed62f1dd89c8361\iexplore.exe
[2013/01/08 20:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20573_none_b51dc090bd4bdd49\iexplore.exe
[2013/01/08 17:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20573_none_bf726ae2f1ac9f44\iexplore.exe
[2010/06/26 02:52:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_791c9ec835c831a0\iexplore.exe
[2009/01/15 00:18:47 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_941d5a4022f750a4\iexplore.exe
[2011/04/01 17:10:32 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_b4c832cda4077f1c\iexplore.exe
[2009/04/24 12:08:04 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=F294D8EEB05C835EC44A12CE0A1DFE7A -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_95b20c4b06d5e8c4\iexplore.exe
[2010/11/02 03:42:15 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=F686191623AC22EE2521C2D17157B199 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_6e92e524018f14b1\iexplore.exe
[2012/11/13 22:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20565_none_bf7f3b62f1a2b601\iexplore.exe
[2013/09/22 08:14:29 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=F87E95A127E83277B9AE500D7A18C998 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20625_none_bfaa7cf8f1824364\iexplore.exe
[2010/06/28 14:17:01 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=F896A6A9965B9C64061BE97F6D84B075 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_6ec7f47601676fa5\iexplore.exe
[2012/05/17 21:37:57 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=F8B2D47ED17C1D087D14EC747E5AC57A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20551_none_b5315fd4bd3d72b9\iexplore.exe
[2013/09/22 11:48:47 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=F980F2E95E0434C8E0559B6504FE1D10 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16514_none_b4d6057da3fcac57\iexplore.exe
[2013/11/14 19:20:23 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=FA58195587EC371699D9641C3E275856 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20637_none_bfa1ada0f1889203\iexplore.exe
[2013/07/24 23:58:46 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=FA5B33E7BB143BCE846C303B528E8D62 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16502_none_b4ded4d5a3f65db8\iexplore.exe
[2010/12/18 03:54:56 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=FC6DC0E786A4D2E7DA6E9C012ED2E64F -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_6ee9666a014e3250\iexplore.exe
[2012/11/14 03:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16457_none_b4adc4c5a41a6af9\iexplore.exe
[2009/04/24 12:23:20 | 000,711,448 | ---- | M] (Microsoft Corporation) MD5=FD4E1EF226A34D093AAD475B94C5E36E -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_8b5d61f8d27526c9\iexplore.exe
[2009/07/22 02:30:13 | 000,660,744 | ---- | M] (Microsoft Corporation) MD5=FDCF656D4B4E116D9C932AD2868FD811 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_6ef65ce2014418a4\iexplore.exe
[2014/02/05 07:09:08 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=FE56790B5C1930FD93F58DE3E87B0E63 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20644_none_b53f3284bd329ff4\iexplore.exe
[2009/03/15 00:23:03 | 000,709,408 | ---- | M] (Microsoft Corporation) MD5=FF441810C3CA6DC897CB322F60A6902F -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_896b5136d5579b4b\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2009/03/08 18:15:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=11E9431B29BD64A1FB13369BB8AD4116 -- C:\Windows\winsxs\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_7c9630f422ee47f7\iexplore.exe.mui
[2011/04/01 17:10:36 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2011/04/01 17:10:36 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_en-us_ae74c844dbb4c003\iexplore.exe.mui
[2006/11/02 11:13:34 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\wow64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a1c8f6f0449888c1\iexplore.exe.mui
[2011/04/01 17:10:53 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2011/04/01 17:10:53 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_en-us_b8c97297101581fe\iexplore.exe.mui
[2009/03/08 17:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Windows\winsxs\wow64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_86eadb46574f09f2\iexplore.exe.mui
[2006/11/02 11:13:29 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=D421BD7B9646679254B0D855823C6F21 -- C:\Windows\winsxs\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_97744c9e1037c6c6\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-A033F7A0.PF  >
[2014/04/13 10:08:50 | 000,019,074 | ---- | M] () MD5=01622556C7D56ACB8BDD27677B28B394 -- C:\Windows\Prefetch\IEXPLORE.EXE-A033F7A0.pf
 
< MD5 for: SERVICES  >
[2006/09/18 17:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\services
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/12/21 02:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.EXE  >
[2008/01/20 22:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 22:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2006/11/02 11:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\SysWOW64\en-US\services.exe.mui
[2006/11/02 11:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
[2006/11/02 11:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\SysNative\en-US\services.exe.mui
[2006/11/02 11:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23\services.exe.mui
 
< MD5 for: SERVICES.EXE-7FDA2469.PF  >
[2014/03/29 06:02:56 | 000,052,098 | ---- | M] () MD5=281CEADEEC157523161606A0A0A7BC93 -- C:\Windows\Prefetch\SERVICES.EXE-7FDA2469.pf
 
< MD5 for: SERVICES.LNK  >
[2008/01/20 23:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 23:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2006/09/18 17:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysWOW64\wbem\services.mof
[2006/09/18 17:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.mof
[2006/09/18 17:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
 
< MD5 for: SERVICES.MSC  >
[2006/11/02 11:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2006/09/18 17:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2006/11/02 11:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2006/11/02 11:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_fe26f08ab7d12816\services.msc
[2006/09/18 17:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_2b827e27fe185619\services.msc
[2006/11/02 11:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2008/01/20 22:52:39 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=1DB95B0920FA9783476AC46F187C06F6 -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2008/01/20 22:52:39 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=1DB95B0920FA9783476AC46F187C06F6 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_27172d0ebc73e370\winlogon.exe.mui
[2008/01/20 22:52:28 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\SysWOW64\en-US\winlogon.exe.mui
[2008/01/20 22:52:28 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 11:13:52 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=2D30AB05DBA78517B34C0AAC71DF5299 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_24e06b12bf88d29c\winlogon.exe.mui
[2006/11/02 11:13:03 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui
 
< MD5 for: WINLOGON.EXE-DEDDC9B6.PF  >
[2014/03/30 09:37:45 | 000,059,370 | ---- | M] () MD5=BEF0F1322E483BBB962D2906579C4851 -- C:\Windows\Prefetch\WINLOGON.EXE-DEDDC9B6.pf
 
< MD5 for: WINLOGON.MOF  >
[2006/09/18 17:38:40 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\SysNative\wbem\winlogon.mof
[2006/09/18 17:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\SysWOW64\wbem\winlogon.mof
[2006/09/18 17:38:40 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_da20a358315a3dca\winlogon.mof
[2006/09/18 17:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2013/06/03 19:28:41 | 000,000,804 | ---- | M] () -- C:\$R19YHM5.lnk5z818
[2014/01/24 16:06:40 | 000,000,339 | ---- | M] () -- C:\1404147.lnk30854
[2010/04/18 19:37:51 | 000,002,044 | ---- | M] () -- C:\ABBYY FineReader 6.0 Sprint.lnkui830
[2011/10/17 18:23:17 | 000,001,673 | ---- | M] () -- C:\About Bonjour.lnkhs826
[2014/01/24 16:01:09 | 000,000,311 | ---- | M] () -- C:\AdvancedViewer.lnkro899
[2014/01/24 16:06:40 | 000,000,487 | ---- | M] () -- C:\AInfoBottom.lnke9903
[2014/01/24 16:06:12 | 000,000,582 | ---- | M] () -- C:\baginfo.lnk4y907
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/06/24 06:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2014/01/24 16:01:09 | 000,000,179 | ---- | M] () -- C:\CD Drive (2).lnkxw917
[2013/06/03 20:21:14 | 000,000,193 | ---- | M] () -- C:\CD Drive.lnkqn921
[2014/01/24 15:41:22 | 000,000,253 | ---- | M] () -- C:\data (2).lnkbi89
[2014/01/24 15:41:22 | 000,000,360 | ---- | M] () -- C:\data.lnkbi94
[2009/08/21 05:28:54 | 000,001,962 | ---- | M] () -- C:\Dell Remote Access.lnkyk834
[2009/03/15 00:59:55 | 000,003,159 | RH-- | M] () -- C:\dell.sdr
[2014/01/24 15:44:25 | 000,000,473 | ---- | M] () -- C:\DocHead.lnkx4102
[2014/01/24 15:47:46 | 000,000,473 | ---- | M] () -- C:\DocInfo.lnkzj107
[2013/07/05 17:36:15 | 000,000,710 | ---- | M] () -- C:\DPA_Autopay_Form_Revised_pdf.iva1b9e.lnk7u111
[2013/07/05 17:03:08 | 000,000,000 | ---- | M] () -- C:\END
[2013/07/05 17:26:20 | 000,000,640 | ---- | M] () -- C:\Entry_aspx (1).wqcxr8m.lnkbf116
[2013/07/05 18:45:44 | 000,000,558 | ---- | M] () -- C:\Entry_aspx.jo7rkdv.lnk2l165
[2013/07/05 17:26:14 | 000,000,620 | ---- | M] () -- C:\Entry_aspx.mxsql6z.lnkxk169
[2014/04/14 06:58:38 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/24 16:05:57 | 000,000,579 | ---- | M] () -- C:\images.fix.lnkl7344
[2014/01/24 15:46:00 | 000,000,457 | ---- | M] () -- C:\Img.lnkts348
[2014/01/24 15:48:08 | 000,000,473 | ---- | M] () -- C:\ImgLeft.lnknw354
[2014/01/24 15:46:41 | 000,000,473 | ---- | M] () -- C:\ImgMain.lnkax359
[2014/01/24 15:52:49 | 000,000,470 | ---- | M] () -- C:\ImgTop.lnkl7364
[2013/06/03 20:21:14 | 000,000,299 | ---- | M] () -- C:\index.lnkbl369
[2013/07/05 18:14:01 | 000,000,710 | ---- | M] () -- C:\launch-download-manager_jnlp.gyyo2ut.lnkpm375
[2014/01/24 16:06:15 | 000,000,587 | ---- | M] () -- C:\metadata.blo.lnk4b452
[2014/01/24 16:06:04 | 000,000,587 | ---- | M] () -- C:\metadata.idx.lnke6593
[2014/04/14 06:58:34 | 274,145,279 | -HS- | M] () -- C:\pagefile.sys
[2014/01/24 15:52:14 | 000,000,465 | ---- | M] () -- C:\PInfo.lnk0a667
[2014/01/24 15:52:04 | 000,000,481 | ---- | M] () -- C:\ScriptInf.sif.lnk4e671
[2014/01/24 15:36:57 | 000,000,587 | ---- | M] () -- C:\sequence.blo.lnk44675
[2014/01/24 15:50:04 | 000,000,465 | ---- | M] () -- C:\Study.lnke9702
[2013/06/03 19:27:41 | 000,001,731 | ---- | M] () -- C:\Uninstall.lnkht838
[2014/01/23 22:25:07 | 000,001,055 | ---- | M] () -- C:\Uninstall.lnky4822
[2014/01/24 16:06:24 | 000,000,587 | ---- | M] () -- C:\view0001.dcm.lnkex706
[2014/01/24 16:06:20 | 000,000,587 | ---- | M] () -- C:\view0002.dcm.lnkye805
[2014/01/24 15:49:39 | 000,000,478 | ---- | M] () -- C:\ViewDocs.lnkux843
[2014/01/24 16:06:24 | 000,000,430 | ---- | M] () -- C:\w8159480.lnklk847
 
< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/01/12 10:26:18 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is OS
 Volume Serial Number is 1443-F5DB
 Directory of C:\
03/25/2009  03:44 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
03/25/2009  03:44 PM    <JUNCTION>     Application Data [C:\ProgramData]
03/25/2009  03:44 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
03/25/2009  03:44 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
03/25/2009  03:44 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
03/25/2009  03:44 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
03/25/2009  03:44 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
03/25/2009  03:44 PM    <SYMLINKD>     All Users [C:\ProgramData]
03/25/2009  03:44 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
03/25/2009  03:44 PM    <JUNCTION>     Application Data [C:\ProgramData]
03/25/2009  03:44 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
03/25/2009  03:44 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
03/25/2009  03:44 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
03/25/2009  03:44 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
03/25/2009  03:44 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
03/25/2009  03:44 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
03/25/2009  03:44 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
03/25/2009  03:44 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
03/25/2009  03:44 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
03/25/2009  03:44 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/25/2009  03:44 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/25/2009  03:44 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
03/25/2009  03:44 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
03/25/2009  03:44 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
03/25/2009  03:44 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
03/25/2009  03:44 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
03/25/2009  03:44 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
03/25/2009  03:44 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
03/25/2009  03:44 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
03/25/2009  03:44 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
03/25/2009  03:44 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
03/25/2009  03:44 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
03/25/2009  03:44 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
03/25/2009  03:44 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\RA Media Server
12/15/2009  05:13 PM    <JUNCTION>     Application Data [C:\Users\RA Media Server\AppData\Roaming]
12/15/2009  05:13 PM    <JUNCTION>     Cookies [C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Cookies]
12/15/2009  05:13 PM    <JUNCTION>     Local Settings [C:\Users\RA Media Server\AppData\Local]
12/15/2009  05:13 PM    <JUNCTION>     My Documents [C:\Users\RA Media Server\Documents]
12/15/2009  05:13 PM    <JUNCTION>     NetHood [C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/15/2009  05:13 PM    <JUNCTION>     PrintHood [C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/15/2009  05:13 PM    <JUNCTION>     Recent [C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Recent]
12/15/2009  05:13 PM    <JUNCTION>     SendTo [C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\SendTo]
12/15/2009  05:13 PM    <JUNCTION>     Start Menu [C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu]
12/15/2009  05:13 PM    <JUNCTION>     Templates [C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\RA Media Server\AppData\Local
12/15/2009  05:13 PM    <JUNCTION>     Application Data [C:\Users\RA Media Server\AppData\Local]
12/15/2009  05:13 PM    <JUNCTION>     History [C:\Users\RA Media Server\AppData\Local\Microsoft\Windows\History]
12/15/2009  05:13 PM    <JUNCTION>     Temporary Internet Files [C:\Users\RA Media Server\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\RA Media Server\Documents
12/15/2009  05:13 PM    <JUNCTION>     My Music [C:\Users\RA Media Server\Music]
12/15/2009  05:13 PM    <JUNCTION>     My Pictures [C:\Users\RA Media Server\Pictures]
12/15/2009  05:13 PM    <JUNCTION>     My Videos [C:\Users\RA Media Server\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\viccherry
03/25/2009  03:47 PM    <JUNCTION>     Application Data [C:\Users\viccherry\AppData\Roaming]
03/25/2009  03:47 PM    <JUNCTION>     Cookies [C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Cookies]
03/25/2009  03:47 PM    <JUNCTION>     Local Settings [C:\Users\viccherry\AppData\Local]
03/25/2009  03:47 PM    <JUNCTION>     My Documents [C:\Users\viccherry\Documents]
03/25/2009  03:47 PM    <JUNCTION>     NetHood [C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/25/2009  03:47 PM    <JUNCTION>     PrintHood [C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/25/2009  03:47 PM    <JUNCTION>     Recent [C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Recent]
03/25/2009  03:47 PM    <JUNCTION>     SendTo [C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\SendTo]
03/25/2009  03:47 PM    <JUNCTION>     Start Menu [C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Start Menu]
03/25/2009  03:47 PM    <JUNCTION>     Templates [C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\viccherry\AppData\Local
03/25/2009  03:47 PM    <JUNCTION>     Application Data [C:\Users\viccherry\AppData\Local]
03/25/2009  03:47 PM    <JUNCTION>     History [C:\Users\viccherry\AppData\Local\Microsoft\Windows\History]
03/25/2009  03:47 PM    <JUNCTION>     Temporary Internet Files [C:\Users\viccherry\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\viccherry\AppData\LocalLow
12/30/2010  08:56 PM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes
 Directory of C:\Users\viccherry\Documents
03/25/2009  03:47 PM    <JUNCTION>     My Music [C:\Users\viccherry\Music]
03/25/2009  03:47 PM    <JUNCTION>     My Pictures [C:\Users\viccherry\Pictures]
03/25/2009  03:47 PM    <JUNCTION>     My Videos [C:\Users\viccherry\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
03/14/2009  10:31 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
03/14/2009  10:31 PM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
03/14/2009  10:31 PM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
03/14/2009  10:31 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
03/14/2009  10:31 PM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
03/14/2009  10:31 PM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
03/14/2009  10:31 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
03/14/2009  10:31 PM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
03/14/2009  10:31 PM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
03/14/2009  10:31 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
03/14/2009  10:31 PM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
03/14/2009  10:31 PM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              79 Dir(s)  112,114,913,280 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/01 17:19:29 | 000,000,286 | -HS- | M] () -- C:\Users\viccherry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2014/04/13 20:44:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\viccherry\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
 



#4 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 April 2014 - 12:15 PM

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to this topic so that you can see when there are new responses.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.


    Having said that.... YBCQLm4.gifLet's get going!!
    ----------

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
  • ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt

    Attach.txt
    ----------

81mYIKe.jpgAdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • ----------
     

    weVCzW0.jpg Please download TDSSKiller
    • Double click TDSSKiller.exe
    • Press Start Scan but do nothing else as we are just looking for what is there.
    • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
    • Attach the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    ----------

Posted Image
 
 

#5 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 17 April 2014 - 07:55 AM

Hi Jeff,

 

Thanks for the help. 

 

I was unable to start anything until I got back from work.  I was able to download all 3 fairly easily.

 

I had trouble trying to run dds

I got a dds.scr and setup.exe file when I downloaded those.

 

Bypassed that .  Was able to run the tdsskiller from Kaspersky and that log is attached.

 

Afterwhich I tried to run the Adware... one. kept hanging up.

 

Rebooted and was able to run it. But it took the night through to run it. That log will be posted in this posting.

 

I was unable to get dds running until I redownloaded it this morning. I started it at 7am ish my time and it was still running (green bar about 2/3 to 3/4 full) at 8:30 am when I left for work so it will not be included in this one.

 

Items neighbor wants to keep if at all possible are the HR block items and HDTracks items.

 

Thank you so far and here's hoping for a failry easy fix.... (I have never seen a computer behave like this before... quite frustrating)

 

# AdwCleaner v3.023 - Report created 16/04/2014 at 20:11:41
# Updated 01/04/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : viccherry - VICCHERRY-PC
# Running from : C:\Users\viccherry\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
Folder Found C:\Program Files (x86)\Ask.com
Folder Found C:\Program Files (x86)\AVG Secure Search
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\otshot
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\AVG Security Toolbar
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Found C:\Users\viccherry\AppData\Local\apn
Folder Found C:\Users\viccherry\AppData\Local\AVG Secure Search
Folder Found C:\Users\viccherry\AppData\Local\Conduit
Folder Found C:\Users\viccherry\AppData\Local\visi_coupon
Folder Found C:\Users\viccherry\AppData\LocalLow\AskToolbar
Folder Found C:\Users\viccherry\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\viccherry\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\viccherry\AppData\LocalLow\Conduit
Folder Found C:\Users\viccherry\AppData\LocalLow\PriceGong

***** [ Shortcuts ] *****

Attached File  tdsskillerlog.txt   60.87KB   71 downloads

 

 



#6 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 17 April 2014 - 10:07 AM

I have downloaded and attached DDS to this reply.  Go ahead and use this copy and see if you can get it to run.  Post both the DDS.txt and Attach.txt if it is successful.  :)

Attached Files


Posted Image
 
 

#7 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 17 April 2014 - 04:31 PM

Jeff,

 

Both logs were there when I got home from work.  Computer was persnickity so I copied them to a flash drive and am uploading from my computer.  So here they are:

First dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16545  BrowserJavaVersion: 10.51.2
Run by viccherry at 7:24:12 on 2014-04-17
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\ProgramData\UltraVNC\winvnc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\ProgramData\UltraVNC\winvnc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Common Files\Dell\apache\php.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Common Files\Dell\apache\php.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Common Files\Dell\apache\php.exe
C:\Program Files (x86)\Common Files\Dell\apache\php.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cscript.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Common Files\Dell\apache\php.exe
C:\Program Files (x86)\Common Files\Dell\apache\php.exe
C:\Program Files (x86)\Common Files\Dell\apache\php.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Common Files\Dell\apache\php.exe
C:\Program Files (x86)\Common Files\Dell\apache\php.exe
C:\Program Files (x86)\Common Files\Dell\apache\php.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn8\yt.dll
BHO: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: Unit: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - LocalServer32 - <no file>
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn8\yt.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRunOnce: [Uninstall C:\Users\viccherry\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\viccherry\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
uRunOnce: [Uninstall C:\Users\viccherry\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\viccherry\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 204.186.80.251 216.144.187.101 216.144.187.199
TCP: Interfaces\{002E2311-6495-440E-A2F9-05B194EBE752} : DHCPNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
TCP: Interfaces\{F45EBB82-E1FA-408C-9131-9C41D02B34E6} : DHCPNameServer = 192.168.2.113 4.2.2.2
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - LocalServer32 - <no file>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\viccherry\AppData\Roaming\Mozilla\Firefox\Profiles\n5jkhikp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-yie9
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\viccherry\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll
.
============= SERVICES / DRIVERS ===============
.
R? AVG Security Toolbar Service;AVG Security Toolbar Service
R? BBSvc;Bing Bar Update Service
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? PerfHost;Performance Counter DLL Host
R? SkypeUpdate;Skype Updater
R? SWDUMon;SWDUMon
R? TuneUpUtilitiesDrv;TuneUpUtilitiesDrv
R? USBAAPL64;Apple Mobile USB Driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AESTFilters;Andrea ST Filters Service
S? Apache2.2;Remote Access Media Server
S? Avgfwfd;AVG network filter service
S? avgfws;AVG Firewall
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHA;AVGIDSHA
S? Avgldx64;AVG AVI Loader Driver
S? Avgloga;AVG Logging Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? BBUpdate;BBUpdate
S? dlea_device;dlea_device
S? dleaCATSCustConnectService;dleaCATSCustConnectService
S? DockLoginService;Dock Login Service
S? dsl-db;Remote Access DB
S? dsl-fs-sync;Remote Access File Sync Service
S? FontCache;Windows Font Cache Service
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MBAMSwissArmy;MBAMSwissArmy
S? NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit
S? PxHlpa64;PxHlpa64
S? TuneUp.UtilitiesSvc;TuneUp Utilities Service
S? uvnc_service;UltraVNC Server
S? vToolbarUpdater18.0.0;vToolbarUpdater18.0.0
S? yksvc;Marvell Yukon Service
S? yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-04-17 12:23:10    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-10 00:40:18    74703    ----a-w-    C:\Windows\SysWow64\mfc45.dat
2014-04-09 23:30:39    90655440    ----a-w-    C:\Windows\System32\mrt.exe
2014-04-09 22:41:33    15672    ----a-w-    C:\Windows\System32\drivers\SWDUMon.sys
2014-04-03 13:51:12    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-04-03 13:51:04    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-03 13:50:58    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-03-29 16:49:55    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-29 16:49:55    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-20 18:50:52    240952    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2014-03-08 04:54:09    17848832    ----a-w-    C:\Windows\System32\mshtml.dll
2014-03-08 04:06:34    10926592    ----a-w-    C:\Windows\System32\ieframe.dll
2014-03-08 03:49:45    2334720    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-08 03:41:51    1347072    ----a-w-    C:\Windows\System32\urlmon.dll
2014-03-08 03:40:14    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-08 03:39:34    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-08 03:38:58    237056    ----a-w-    C:\Windows\System32\url.dll
2014-03-08 03:37:23    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2014-03-08 03:34:25    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-08 03:34:18    816640    ----a-w-    C:\Windows\System32\jscript.dll
2014-03-08 03:33:45    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-08 03:32:09    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2014-03-08 03:32:05    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2014-03-08 03:30:20    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2014-03-08 03:29:50    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-08 03:24:19    248320    ----a-w-    C:\Windows\System32\ieui.dll
2014-03-07 23:51:01    12347904    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2014-03-07 23:20:15    9739264    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2014-03-07 23:12:00    1806848    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-07 23:03:31    1105408    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2014-03-07 23:02:19    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-07 23:02:07    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-07 23:00:41    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2014-03-07 22:59:00    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2014-03-07 22:57:17    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-07 22:57:11    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2014-03-07 22:56:03    421376    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-07 22:54:48    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2014-03-07 22:53:26    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2014-03-07 22:52:24    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2014-03-07 22:52:04    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-07 22:47:04    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2014-03-04 02:51:06    50976    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2014-02-07 12:11:49    2776064    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-06 04:21:53    1212416    ----a-w-    C:\Windows\System32\kernel32.dll
2014-02-06 01:57:42    861696    ----a-w-    C:\Windows\SysWow64\kernel32.dll
2014-02-03 13:20:59    619008    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-03 10:37:54    505344    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-01-30 10:12:47    1111040    ----a-w-    C:\Windows\System32\wer.dll
2014-01-30 07:46:58    876032    ----a-w-    C:\Windows\SysWow64\wer.dll
.
============= FINISH: 13:18:26.23 ===============
 

NEXT THE ATTACH.TXT:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Installed Programs ======================
.
 Updater
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AtHomeConnect version 1.0.1.0
AVG 2013
AVG Security Toolbar
Banctec Service Agreement
Bing Bar
Bing Rewards Client Installer
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
D3DX10
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Remote Access
Dell Toolbar
Dell Touchpad
Dell V310-V510 Series
DELL0604
EDocs
ESET Online Scanner v3
Google Toolbar for Internet Explorer
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2010
H&R Block Deluxe + Efile + State 2011
H&R Block Deluxe + Efile + State 2012
H&R Block Pennsylvania 2009
H&R Block Pennsylvania 2010
H&R Block Pennsylvania 2011
H&R Block Pennsylvania 2012
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
iPhone Configuration Utility
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.1.1004
MediaMonkey 4.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Move Media Player
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Netflix in Windows Media Center
Netflix Movie Viewer
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PowerDVD
Quickset
QuickTime
Registry Repair 4.1.0.388
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Segoe UI
Skype™ 6.11
Spelling Dictionaries Support For Adobe Reader 9
System Checkup 3.5
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
WebSlingPlayer ActiveX
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Toolbar
.
==== End Of File ===========================
 



#8 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 17 April 2014 - 07:05 PM

Thanks!!   :)
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Posted Image
 
 

#9 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 18 April 2014 - 07:03 AM

Completely frustrated.  My neighbor is getting quite anxious for their laptop back but it is still wonky.  I have not been able to generate a combo fix log.

 

When I downloaded it to the desktop, it created a folder called desktop. I copied it out of there and placed it directly on the desktop. I disabled the avg until restart as it takes longer than the 15 min just to get any program open and started. I get as far as the combofix box up and running. Twice now it runs for a bit then when I look back after a bit to see if it is done there is just the blank desktop. I then go to the c: drive to locate the log and there is nothing remotely resembling anything to to with combo fix.

 

Where can I go from here?

 

Do you offer any laplink or remote help by any chance? lol

 

Thank you

mickey7



#10 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 18 April 2014 - 08:06 AM

Sorry to hear you are having problems.
 
Let's try a different tool ok?   :)
 
N4qAiMQ.jpgFRST
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
----------


Posted Image
 
 

    Advertisements

Register to Remove


#11 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 18 April 2014 - 02:08 PM

OK took awhile downloaded right one first  and got nowhere so downloaded the other one and told not right version so rebooted an tried again and was successful with the original one. Hopefully I can make some progress this evening. Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by viccherry (administrator) on VICCHERRY-PC on 18-04-2014 14:34:48
Running from C:\Users\viccherry\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
( ) C:\Windows\system32\dleacoms.exe
() C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(UltraVNC) C:\ProgramData\UltraVNC\winvnc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(UltraVNC) C:\ProgramData\UltraVNC\winvnc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
(Apache Software Foundation) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(SingleClick Systems) C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
(Apache Software Foundation) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(The PHP Group) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(The PHP Group) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(The PHP Group) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(The PHP Group) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(The PHP Group) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(The PHP Group) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(The PHP Group) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(The PHP Group) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
(The PHP Group) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcmgr.exe
(The PHP Group) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(The PHP Group) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [462336 2008-12-15] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [2037328 2008-08-21] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [dleamon.exe] => C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [766632 2009-07-10] ()
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [272896 2008-09-04] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2539544 2014-03-03] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2052367785-336265214-1452489365-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {79EBD815-735B-4501-9798-B6FB68628A71} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM-x32 - DefaultScope {B5DE1913-E399-483E-9FCA-3DDF85011525} URL =
SearchScopes: HKLM-x32 - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search...p={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...1-0023AE234BC6}
SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...006.10042&st=23
SearchScopes: HKCU - {3A706E37-3768-44F8-89D1-B96B6011B6EB} URL = http://search.yahoo....&fr=chr-gl-gen1
SearchScopes: HKCU - {5A11508C-7E5E-446B-929C-03197C40EE40} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={5B884C15-13DB-4B51-A87E-F12B2D439BE7}&mid=58547acb9f7f4519162bd2354df15e1c-e92b75959ee62bfb6234d3af093a7ba4758ac9a1&lang=en&ds=AVG&pr=pr&d=2012-04-22 20:57:01&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AE71F40B-123D-49B7-8990-8AD85DD59C9E} URL = http://delicious.com...p={searchTerms}
SearchScopes: HKCU - {B5DE1913-E399-483E-9FCA-3DDF85011525} URL = http://search.condui...7534550287&UM=2
SearchScopes: HKCU - {C18EA064-B948-4077-BD6A-AB94630083C1} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...006.10042&st=23
SearchScopes: HKCU - {F8DEEF26-329F-4DCB-B7D9-27759FB661FB} URL = http://websearch.ask...CE-900758F3A54C
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
BHO-x32: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
BHO-x32: Unit - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -  No File
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 204.186.80.251 216.144.187.101 216.144.187.199

FireFox:
========
FF ProfilePath: C:\Users\viccherry\AppData\Roaming\Mozilla\Firefox\Profiles\n5jkhikp.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/?fr=fp-yie9
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\viccherry\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\viccherry\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\viccherry\AppData\Roaming\Move Networks [2009-06-18]

Chrome:
=======
CHR Extension: (Docs) - C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-25]
CHR Extension: (Google Drive) - C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-25]
CHR Extension: (YouTube) - C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-25]
CHR Extension: (Google Search) - C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-25]
CHR Extension: (Google Wallet) - C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-25]
CHR Extension: (Gmail) - C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-25]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-03-25]

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [88576 2008-12-15] (Andrea Electronics Corporation)
R2 Apache2.2; C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [24636 2008-12-10] (Apache Software Foundation)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [33448 2009-07-01] ()
R2 dlea_device; C:\Windows\system32\dleacoms.exe [1054888 2009-07-01] ( )
R2 dlea_device; C:\Windows\SysWOW64\dleacoms.exe [602792 2009-07-01] ( )
R2 dsl-db; C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [5730304 2009-06-10] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe [281600 2008-12-15] (IDT, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143552 2012-04-05] (TuneUp Software)
R2 uvnc_service; C:\ProgramData\UltraVNC\winvnc.exe [1519168 2008-08-31] (UltraVNC)
R2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-03] (AVG Secure Search)
R2 yksvc; RUNDLL32.EXE ykx64coinst,serviceStartProc [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-03-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-03] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2014-04-09] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-18 14:34 - 2014-04-18 14:43 - 00021314 _____ () C:\Users\viccherry\Desktop\FRST.txt
2014-04-18 14:30 - 2014-04-18 14:34 - 00000000 ____D () C:\FRST
2014-04-18 14:07 - 2014-04-18 13:55 - 01146880 _____ (Farbar) C:\Users\viccherry\Desktop\FRST.exe
2014-04-18 13:36 - 2014-04-18 13:28 - 02158592 _____ (Farbar) C:\Users\viccherry\Desktop\FRST64.exe
2014-04-17 23:57 - 2014-04-17 23:57 - 00000000 ____D () C:\Windows\erdnt
2014-04-17 23:55 - 2014-04-18 08:43 - 00000000 ___SD () C:\32788R22FWJFW
2014-04-17 23:19 - 2014-04-17 22:44 - 05195154 ____R (Swearware) C:\Users\viccherry\Desktop\ComboFix.exe
2014-04-17 13:28 - 2014-04-17 13:27 - 00003733 _____ () C:\Users\viccherry\Desktop\attach.txt
2014-04-17 13:28 - 2014-04-17 13:19 - 00017161 _____ () C:\Users\viccherry\Desktop\dds.txt
2014-04-17 07:08 - 2014-04-17 07:10 - 00688992 ____R (Swearware) C:\Users\viccherry\Downloads\dds.com
2014-04-16 20:08 - 2014-04-17 01:58 - 00000000 ____D () C:\AdwCleaner
2014-04-16 19:15 - 2014-04-16 18:41 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\viccherry\Desktop\tdsskiller.exe
2014-04-16 19:15 - 2014-04-16 18:37 - 00756232 _____ () C:\Users\viccherry\Desktop\setup.exe
2014-04-16 19:15 - 2014-04-16 18:21 - 01426178 _____ () C:\Users\viccherry\Desktop\AdwCleaner.exe
2014-04-16 19:15 - 2014-04-16 18:11 - 00688992 _____ (Swearware) C:\Users\viccherry\Desktop\dds.scr
2014-04-16 18:39 - 2014-04-16 18:41 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\viccherry\Downloads\tdsskiller.exe
2014-04-16 18:24 - 2014-04-16 18:37 - 00756232 _____ () C:\Users\viccherry\Downloads\setup.exe
2014-04-16 18:20 - 2014-04-16 18:21 - 01426178 _____ () C:\Users\viccherry\Downloads\AdwCleaner.exe
2014-04-16 18:09 - 2014-04-16 18:11 - 00688992 _____ (Swearware) C:\Users\viccherry\Downloads\dds.scr
2014-04-14 17:00 - 2014-04-14 17:00 - 00058838 _____ () C:\Users\viccherry\Desktop\Extras.Txt
2014-04-14 16:37 - 2014-04-14 16:37 - 00236974 _____ () C:\Users\viccherry\Desktop\OTL.Txt
2014-04-13 20:53 - 2014-04-13 20:44 - 00602112 _____ (OldTimer Tools) C:\Users\viccherry\Desktop\OTL.exe
2014-04-13 20:43 - 2014-04-13 20:44 - 00602112 _____ (OldTimer Tools) C:\Users\viccherry\Downloads\OTL.exe
2014-04-13 14:40 - 2014-04-12 15:05 - 01402880 _____ () C:\Users\viccherry\Documents\HijackThis.msi
2014-04-12 20:22 - 2014-04-12 20:23 - 00185800 _____ (Лаборатория Касперского) C:\Users\viccherry\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-04-12 19:02 - 2014-04-13 08:38 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-04-12 18:55 - 2014-04-12 18:56 - 18663016 _____ (SUPERAntiSpyware) C:\Users\viccherry\Downloads\SUPERAntiSpyware.exe
2014-04-12 17:50 - 2014-04-12 17:50 - 00003102 _____ () C:\Windows\System32\Tasks\{0CF54E09-D954-4D5F-A786-47027446B55B}
2014-04-12 16:48 - 2014-04-12 16:51 - 02347384 _____ (ESET) C:\Users\viccherry\Downloads\esetsmartinstaller_enu(1).exe
2014-04-12 13:34 - 2014-04-12 13:36 - 00459696 _____ () C:\Users\viccherry\Downloads\smpro_dm(1).exe
2014-04-11 19:16 - 2014-04-11 19:16 - 00000000 ____D () C:\Users\viccherry\AppData\Roaming\iolo
2014-04-11 18:55 - 2014-04-11 18:55 - 00459696 _____ () C:\Users\viccherry\Downloads\smpro_dm.exe
2014-04-11 18:49 - 2014-04-11 18:49 - 00000000 ____D () C:\Users\viccherry\AppData\Roaming\GlarySoft
2014-04-11 18:35 - 2014-04-11 18:35 - 00001061 _____ () C:\Users\viccherry\Desktop\Registry Repair.lnk
2014-04-11 18:35 - 2014-04-11 18:35 - 00000000 ____D () C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
2014-04-11 18:34 - 2014-04-11 18:34 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2014-04-11 18:21 - 2014-04-11 18:22 - 02092296 _____ () C:\Users\viccherry\Downloads\rrsetup.exe
2014-04-09 22:01 - 2014-04-09 22:01 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-09 21:59 - 2014-04-09 22:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-09 21:59 - 2014-04-09 21:59 - 00000772 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-09 21:43 - 2014-04-09 21:43 - 04787368 _____ (Piriform Ltd) C:\Users\viccherry\Downloads\ccsetup412.exe
2014-04-09 21:07 - 2014-04-09 21:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-09 20:46 - 2014-04-09 20:46 - 00003552 _____ () C:\Windows\System32\Tasks\iolo System Checkup
2014-04-09 20:41 - 2014-04-09 20:41 - 00001012 _____ () C:\Users\viccherry\Desktop\System Checkup.lnk
2014-04-09 20:40 - 2014-04-09 20:46 - 00000000 ____D () C:\ProgramData\iolo
2014-04-09 20:40 - 2014-04-09 20:40 - 02347384 _____ (ESET) C:\Users\viccherry\Downloads\esetsmartinstaller_enu.exe
2014-04-09 20:40 - 2014-04-09 20:40 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2014-04-09 20:40 - 2014-04-09 20:40 - 00000000 ____D () C:\Program Files (x86)\iolo
2014-04-09 20:30 - 2014-04-09 20:32 - 07252672 _____ () C:\Users\viccherry\Downloads\SCUDownloader.exe
2014-04-09 20:10 - 2014-04-09 20:12 - 00000000 ____D () C:\Users\viccherry\AppData\Roaming\Mozilla
2014-04-09 20:10 - 2014-04-09 20:10 - 00000000 ____D () C:\Users\viccherry\AppData\Local\Mozilla
2014-04-09 19:33 - 2014-03-08 00:54 - 17848832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 19:33 - 2014-03-08 00:06 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 19:33 - 2014-03-07 23:49 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 19:33 - 2014-03-07 23:41 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 19:33 - 2014-03-07 23:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 19:33 - 2014-03-07 23:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 19:33 - 2014-03-07 23:38 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-09 19:33 - 2014-03-07 23:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 19:33 - 2014-03-07 23:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-09 19:33 - 2014-03-07 23:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 19:33 - 2014-03-07 23:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 19:33 - 2014-03-07 23:32 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 19:33 - 2014-03-07 23:32 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 19:33 - 2014-03-07 23:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-09 19:33 - 2014-03-07 23:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 19:33 - 2014-03-07 23:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 19:33 - 2014-03-07 19:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 19:33 - 2014-03-07 19:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 19:33 - 2014-03-07 19:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 19:33 - 2014-03-07 19:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 19:33 - 2014-03-07 19:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-09 19:33 - 2014-03-07 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 19:33 - 2014-03-07 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-09 19:33 - 2014-03-07 18:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 19:33 - 2014-03-07 18:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-09 19:33 - 2014-03-07 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-09 19:33 - 2014-03-07 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-09 19:33 - 2014-03-07 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 19:33 - 2014-03-07 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 19:33 - 2014-03-07 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 19:33 - 2014-03-07 18:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-09 19:33 - 2014-03-07 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 19:13 - 2014-02-06 00:21 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 19:13 - 2014-02-05 21:57 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-07 21:45 - 2014-04-07 21:45 - 00000890 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-07 21:43 - 2014-04-07 21:43 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-07 21:42 - 2014-04-07 21:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-07 21:35 - 2014-04-07 21:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-07 20:12 - 2014-04-07 20:12 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{38B8547E-9B0A-47BA-95CA-CA6A46906379}
2014-04-07 19:53 - 2014-04-18 14:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 19:53 - 2014-04-07 19:53 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-07 19:53 - 2014-04-07 19:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 19:53 - 2014-04-07 19:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-07 19:53 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-07 19:53 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-07 19:53 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-07 18:33 - 2014-04-07 18:33 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{C35BC776-AD27-4FA7-9EAA-7EF225D9C473}
2014-04-02 18:15 - 2014-04-02 18:16 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{8266DBFC-84E6-42F6-993D-9316823ADAEF}
2014-04-01 20:40 - 2014-04-07 21:44 - 00000000 ____D () C:\Windows\pss
2014-04-01 15:05 - 2014-04-01 15:06 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{FFEC9C09-2504-44E5-A900-551BE987D180}
2014-03-31 21:04 - 2014-03-31 21:05 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{B937B2F6-BEC8-4CE3-ABB0-FDDA9A252A31}
2014-03-30 16:56 - 2014-03-30 16:57 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{4413BCE3-9B76-41E6-9367-CF0070183368}
2014-03-30 11:25 - 2014-03-30 11:25 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{75D1D2C9-5EF2-4EA1-A639-F1E9E3CB284C}
2014-03-30 09:43 - 2014-03-30 09:43 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{46937EE7-8938-43D9-8BEE-10C8061C10CF}
2014-03-30 08:48 - 2014-03-30 08:48 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-30 08:46 - 2014-03-30 08:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-29 18:25 - 2014-03-29 18:58 - 00002426 _____ () C:\Users\viccherry\Desktop\avgrep.txt
2014-03-29 17:47 - 2014-03-30 16:28 - 00000732 _____ () C:\Users\viccherry\AppData\Local\d3d9caps64.dat
2014-03-29 16:55 - 2014-01-30 06:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-29 16:55 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-29 16:55 - 2013-11-12 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-29 16:55 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-29 16:29 - 2014-02-03 09:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-29 16:29 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-29 13:59 - 2014-02-07 08:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-29 12:08 - 2014-03-29 12:09 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{CBEEC01E-86CD-45D6-93B6-FFA3F97DA19E}
2014-03-29 06:20 - 2014-03-29 06:21 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{5F6F5A9B-C0CC-4405-83C2-40F51FD25BA2}
2014-03-28 18:48 - 2014-03-28 18:49 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{67ACA017-089F-45FF-9C62-919B907287FC}
2014-03-24 22:36 - 2014-03-24 22:38 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{3F3E0AD0-84F0-4CDA-AB62-0B1D0CA2D6A4}
2014-03-20 14:50 - 2014-03-20 14:50 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys

==================== One Month Modified Files and Folders =======

2014-04-18 14:45 - 2012-04-11 12:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-18 14:43 - 2014-04-18 14:34 - 00021314 _____ () C:\Users\viccherry\Desktop\FRST.txt
2014-04-18 14:34 - 2014-04-18 14:30 - 00000000 ____D () C:\FRST
2014-04-18 14:34 - 2009-03-14 17:05 - 01497202 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 14:26 - 2014-04-07 19:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 14:26 - 2010-04-18 19:40 - 00061841 _____ () C:\ProgramData\dleascan.log
2014-04-18 14:23 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 14:23 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 14:23 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 14:16 - 2011-06-02 22:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-18 13:55 - 2014-04-18 14:07 - 01146880 _____ (Farbar) C:\Users\viccherry\Desktop\FRST.exe
2014-04-18 13:28 - 2014-04-18 13:36 - 02158592 _____ (Farbar) C:\Users\viccherry\Desktop\FRST64.exe
2014-04-18 08:43 - 2014-04-17 23:55 - 00000000 ___SD () C:\32788R22FWJFW
2014-04-17 23:57 - 2014-04-17 23:57 - 00000000 ____D () C:\Windows\erdnt
2014-04-17 22:44 - 2014-04-17 23:19 - 05195154 ____R (Swearware) C:\Users\viccherry\Desktop\ComboFix.exe
2014-04-17 21:57 - 2011-04-01 17:22 - 00003718 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CB924AE4-107A-4DEC-84F2-F5ED4A48B2CF}
2014-04-17 13:27 - 2014-04-17 13:28 - 00003733 _____ () C:\Users\viccherry\Desktop\attach.txt
2014-04-17 13:19 - 2014-04-17 13:28 - 00017161 _____ () C:\Users\viccherry\Desktop\dds.txt
2014-04-17 07:10 - 2014-04-17 07:08 - 00688992 ____R (Swearware) C:\Users\viccherry\Downloads\dds.com
2014-04-17 01:58 - 2014-04-16 20:08 - 00000000 ____D () C:\AdwCleaner
2014-04-16 18:41 - 2014-04-16 19:15 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\viccherry\Desktop\tdsskiller.exe
2014-04-16 18:41 - 2014-04-16 18:39 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\viccherry\Downloads\tdsskiller.exe
2014-04-16 18:37 - 2014-04-16 19:15 - 00756232 _____ () C:\Users\viccherry\Desktop\setup.exe
2014-04-16 18:37 - 2014-04-16 18:24 - 00756232 _____ () C:\Users\viccherry\Downloads\setup.exe
2014-04-16 18:21 - 2014-04-16 19:15 - 01426178 _____ () C:\Users\viccherry\Desktop\AdwCleaner.exe
2014-04-16 18:21 - 2014-04-16 18:20 - 01426178 _____ () C:\Users\viccherry\Downloads\AdwCleaner.exe
2014-04-16 18:11 - 2014-04-16 19:15 - 00688992 _____ (Swearware) C:\Users\viccherry\Desktop\dds.scr
2014-04-16 18:11 - 2014-04-16 18:09 - 00688992 _____ (Swearware) C:\Users\viccherry\Downloads\dds.scr
2014-04-14 17:00 - 2014-04-14 17:00 - 00058838 _____ () C:\Users\viccherry\Desktop\Extras.Txt
2014-04-14 16:37 - 2014-04-14 16:37 - 00236974 _____ () C:\Users\viccherry\Desktop\OTL.Txt
2014-04-13 20:44 - 2014-04-13 20:53 - 00602112 _____ (OldTimer Tools) C:\Users\viccherry\Desktop\OTL.exe
2014-04-13 20:44 - 2014-04-13 20:43 - 00602112 _____ (OldTimer Tools) C:\Users\viccherry\Downloads\OTL.exe
2014-04-13 12:52 - 2006-11-02 11:42 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-13 08:38 - 2014-04-12 19:02 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-04-12 20:23 - 2014-04-12 20:22 - 00185800 _____ (Лаборатория Касперского) C:\Users\viccherry\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-04-12 18:56 - 2014-04-12 18:55 - 18663016 _____ (SUPERAntiSpyware) C:\Users\viccherry\Downloads\SUPERAntiSpyware.exe
2014-04-12 17:50 - 2014-04-12 17:50 - 00003102 _____ () C:\Windows\System32\Tasks\{0CF54E09-D954-4D5F-A786-47027446B55B}
2014-04-12 16:51 - 2014-04-12 16:48 - 02347384 _____ (ESET) C:\Users\viccherry\Downloads\esetsmartinstaller_enu(1).exe
2014-04-12 15:05 - 2014-04-13 14:40 - 01402880 _____ () C:\Users\viccherry\Documents\HijackThis.msi
2014-04-12 13:36 - 2014-04-12 13:34 - 00459696 _____ () C:\Users\viccherry\Downloads\smpro_dm(1).exe
2014-04-11 19:16 - 2014-04-11 19:16 - 00000000 ____D () C:\Users\viccherry\AppData\Roaming\iolo
2014-04-11 18:55 - 2014-04-11 18:55 - 00459696 _____ () C:\Users\viccherry\Downloads\smpro_dm.exe
2014-04-11 18:49 - 2014-04-11 18:49 - 00000000 ____D () C:\Users\viccherry\AppData\Roaming\GlarySoft
2014-04-11 18:35 - 2014-04-11 18:35 - 00001061 _____ () C:\Users\viccherry\Desktop\Registry Repair.lnk
2014-04-11 18:35 - 2014-04-11 18:35 - 00000000 ____D () C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
2014-04-11 18:34 - 2014-04-11 18:34 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2014-04-11 18:22 - 2014-04-11 18:21 - 02092296 _____ () C:\Users\viccherry\Downloads\rrsetup.exe
2014-04-10 08:20 - 2009-04-05 16:39 - 00000000 ____D () C:\Users\viccherry\Tracing
2014-04-10 08:19 - 2008-02-04 22:23 - 00000000 ____D () C:\Windows\Panther
2014-04-09 22:01 - 2014-04-09 22:01 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-09 22:00 - 2014-04-09 21:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-09 21:59 - 2014-04-09 21:59 - 00000772 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-09 21:43 - 2014-04-09 21:43 - 04787368 _____ (Piriform Ltd) C:\Users\viccherry\Downloads\ccsetup412.exe
2014-04-09 21:07 - 2014-04-09 21:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-09 20:46 - 2014-04-09 20:46 - 00003552 _____ () C:\Windows\System32\Tasks\iolo System Checkup
2014-04-09 20:46 - 2014-04-09 20:40 - 00000000 ____D () C:\ProgramData\iolo
2014-04-09 20:41 - 2014-04-09 20:41 - 00001012 _____ () C:\Users\viccherry\Desktop\System Checkup.lnk
2014-04-09 20:40 - 2014-04-09 20:40 - 02347384 _____ (ESET) C:\Users\viccherry\Downloads\esetsmartinstaller_enu.exe
2014-04-09 20:40 - 2014-04-09 20:40 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2014-04-09 20:40 - 2014-04-09 20:40 - 00000000 ____D () C:\Program Files (x86)\iolo
2014-04-09 20:32 - 2014-04-09 20:30 - 07252672 _____ () C:\Users\viccherry\Downloads\SCUDownloader.exe
2014-04-09 20:12 - 2014-04-09 20:10 - 00000000 ____D () C:\Users\viccherry\AppData\Roaming\Mozilla
2014-04-09 20:10 - 2014-04-09 20:10 - 00000000 ____D () C:\Users\viccherry\AppData\Local\Mozilla
2014-04-09 19:32 - 2013-08-16 15:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 19:30 - 2006-11-02 08:35 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-09 18:51 - 2013-06-06 20:38 - 00000290 _____ () C:\Windows\SysWOW64\usergui.cfg
2014-04-09 18:51 - 2013-02-01 21:49 - 00003759 _____ () C:\Windows\SysWOW64\userawacs.cfg
2014-04-09 18:50 - 2013-01-21 22:38 - 00000830 _____ () C:\Users\Public\Desktop\AVG 2013.lnk
2014-04-09 18:44 - 2012-06-28 21:26 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-04-09 18:41 - 2012-06-28 21:26 - 00015672 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-04-07 21:45 - 2014-04-07 21:45 - 00000890 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-07 21:44 - 2014-04-07 21:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-07 21:44 - 2014-04-01 20:40 - 00000000 ____D () C:\Windows\pss
2014-04-07 21:44 - 2009-03-25 15:47 - 00000000 ___RD () C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-07 21:43 - 2014-04-07 21:43 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-07 21:35 - 2014-04-07 21:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-07 20:36 - 2013-01-06 18:25 - 00000000 ____D () C:\Users\viccherry\AppData\Roaming\Skype
2014-04-07 20:12 - 2014-04-07 20:12 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{38B8547E-9B0A-47BA-95CA-CA6A46906379}
2014-04-07 19:53 - 2014-04-07 19:53 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-07 19:53 - 2014-04-07 19:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 19:53 - 2014-04-07 19:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-07 19:07 - 2006-11-02 08:46 - 00777776 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 18:33 - 2014-04-07 18:33 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{C35BC776-AD27-4FA7-9EAA-7EF225D9C473}
2014-04-03 09:51 - 2014-04-07 19:53 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-07 19:53 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-07 19:53 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 19:07 - 2014-03-03 22:52 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-02 18:16 - 2014-04-02 18:15 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{8266DBFC-84E6-42F6-993D-9316823ADAEF}
2014-04-01 15:06 - 2014-04-01 15:05 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{FFEC9C09-2504-44E5-A900-551BE987D180}
2014-03-31 21:05 - 2014-03-31 21:04 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{B937B2F6-BEC8-4CE3-ABB0-FDDA9A252A31}
2014-03-30 21:17 - 2014-02-07 17:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-30 16:57 - 2014-03-30 16:56 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{4413BCE3-9B76-41E6-9367-CF0070183368}
2014-03-30 16:28 - 2014-03-29 17:47 - 00000732 _____ () C:\Users\viccherry\AppData\Local\d3d9caps64.dat
2014-03-30 11:54 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-03-30 11:35 - 2013-02-22 17:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-30 11:25 - 2014-03-30 11:25 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{75D1D2C9-5EF2-4EA1-A639-F1E9E3CB284C}
2014-03-30 10:53 - 2009-07-20 18:51 - 00002317 _____ () C:\Users\Public\Desktop\Safari.lnk
2014-03-30 10:53 - 2009-04-26 19:34 - 00006756 _____ () C:\Users\viccherry\AppData\Local\d3d9caps.dat
2014-03-30 10:49 - 2013-04-11 19:52 - 00000000 ____D () C:\Users\viccherry\AppData\Local\Deployment
2014-03-30 10:47 - 2013-02-22 17:52 - 00000000 ____D () C:\Users\viccherry\AppData\Local\Google
2014-03-30 09:43 - 2014-03-30 09:43 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{46937EE7-8938-43D9-8BEE-10C8061C10CF}
2014-03-30 09:37 - 2006-11-02 11:21 - 00283016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-30 09:35 - 2009-03-14 22:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-30 08:52 - 2013-01-06 18:25 - 00000000 ____D () C:\ProgramData\Skype
2014-03-30 08:48 - 2014-03-30 08:48 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-30 08:47 - 2014-03-30 08:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-29 18:58 - 2014-03-29 18:25 - 00002426 _____ () C:\Users\viccherry\Desktop\avgrep.txt
2014-03-29 18:47 - 2013-08-27 05:27 - 00000000 ____D () C:\Windows\Minidump
2014-03-29 18:25 - 2013-01-21 22:26 - 00000000 ____D () C:\Users\viccherry\AppData\Local\Avg2013
2014-03-29 12:51 - 2012-04-11 12:47 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-29 12:49 - 2012-04-11 12:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-29 12:49 - 2011-06-29 18:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-29 12:22 - 2014-01-02 18:36 - 00000000 ___RD () C:\Users\viccherry\SkyDrive
2014-03-29 12:09 - 2014-03-29 12:08 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{CBEEC01E-86CD-45D6-93B6-FFA3F97DA19E}
2014-03-29 10:51 - 2006-11-02 08:33 - 69992448 _____ () C:\Windows\system32\config\software_previous
2014-03-29 10:51 - 2006-11-02 08:33 - 62914560 _____ () C:\Windows\system32\config\components_previous
2014-03-29 10:51 - 2006-11-02 08:33 - 17039360 _____ () C:\Windows\system32\config\system_previous
2014-03-29 10:51 - 2006-11-02 08:33 - 00245760 _____ () C:\Windows\system32\config\default_previous
2014-03-29 10:51 - 2006-11-02 08:33 - 00057344 _____ () C:\Windows\system32\config\sam_previous
2014-03-29 10:51 - 2006-11-02 08:33 - 00028672 _____ () C:\Windows\system32\config\security_previous
2014-03-29 10:50 - 2009-12-15 17:13 - 00000000 ____D () C:\Users\RA Media Server
2014-03-29 10:50 - 2009-03-25 15:47 - 00000000 ____D () C:\Users\viccherry
2014-03-29 10:49 - 2013-06-25 20:58 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-29 10:49 - 2012-04-23 20:26 - 00000000 ____D () C:\Windows\SysWOW64\cache
2014-03-29 10:49 - 2011-12-08 06:17 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-03-29 10:49 - 2011-11-23 22:51 - 00000000 ____D () C:\Users\viccherry\AppData\Roaming\MediaMonkey
2014-03-29 10:49 - 2011-04-01 17:11 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-03-29 10:49 - 2010-04-18 20:01 - 00000000 ____D () C:\ProgramData\Dl_cats
2014-03-29 10:49 - 2010-02-23 12:09 - 00000000 ____D () C:\Users\viccherry\AppData\Roaming\pdf995
2014-03-29 10:49 - 2010-02-23 12:01 - 00000000 ____D () C:\ProgramData\pdf995
2014-03-29 10:49 - 2009-06-18 17:31 - 00000000 ____D () C:\Users\viccherry\AppData\Roaming\Move Networks
2014-03-29 10:49 - 2009-03-25 15:50 - 00000000 ____D () C:\Users\viccherry\AppData\Local\PowerDVD DX
2014-03-29 10:49 - 2009-03-25 15:49 - 00000000 ___RD () C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-29 10:49 - 2009-03-25 15:47 - 00000000 ___RD () C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-29 10:49 - 2009-03-25 15:47 - 00000000 ___RD () C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-29 10:49 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool
2014-03-29 10:49 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-03-29 10:49 - 2006-11-02 09:33 - 00000000 __RSD () C:\Windows\Media
2014-03-29 10:49 - 2006-11-02 09:33 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-29 10:47 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration
2014-03-29 06:21 - 2014-03-29 06:20 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{5F6F5A9B-C0CC-4405-83C2-40F51FD25BA2}
2014-03-28 18:49 - 2014-03-28 18:48 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{67ACA017-089F-45FF-9C62-919B907287FC}
2014-03-25 08:45 - 2012-06-11 21:31 - 00000000 ____D () C:\Users\viccherry\AppData\Local\AVG Secure Search
2014-03-24 22:38 - 2014-03-24 22:36 - 00000000 ____D () C:\Users\viccherry\AppData\Local\{3F3E0AD0-84F0-4CDA-AB62-0B1D0CA2D6A4}
2014-03-20 14:50 - 2014-03-20 14:50 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys

Some content of TEMP:
====================
C:\Users\viccherry\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-18 14:31

==================== End Of Log ============================

 

Here is the other one:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by viccherry at 2014-04-18 15:01:00
Running from C:\Users\viccherry\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

 Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.36191 - Ask.com) <==== ATTENTION
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AtHomeConnect version 1.0.1.0 (HKLM-x32\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.0.1.0 - HRBlock)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3466 - AVG Technologies)
AVG 2013 (Version: 13.0.3466 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.0.0.248 - AVG Technologies)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{16D0F2D2-242C-4885-BEF1-4B1655C141AE}) (Version: 7.0.822.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.3.0.0 - Dell Inc.)
Dell Toolbar (HKLM-x32\...\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}) (Version: 1.8.12.0 - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.115.201 - Alps Electric)
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version:  - Dell, Inc.)
DELL0604 (x32 Version: 1.0.0 - WildTangent) Hidden
EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2009 (HKLM-x32\...\{53A19323-917A-4822-B27E-A57D1EF6E9FC}) (Version: 09.04.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2010 (HKLM-x32\...\{10964A8F-21C1-45EA-BC2D-F84B505C3848}) (Version: 10.04.6301 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2011 (HKLM-x32\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.6203 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Pennsylvania 2009 (HKLM-x32\...\{51FC5315-20D4-4B6D-89B4-8776DC5A12CA}) (Version: 1.09.3601 - HRB Technology, LLC.)
H&R Block Pennsylvania 2010 (HKLM-x32\...\{8F6E3FF9-51FB-4C97-B277-5505D91F675C}) (Version: 1.10.3001 - HRB Technology, LLC.)
H&R Block Pennsylvania 2011 (HKLM-x32\...\{5B9D627D-4100-403C-961B-6C67B63DA224}) (Version: 1.11.5201 - HRB Technology, LLC.)
H&R Block Pennsylvania 2012 (HKLM-x32\...\{E8DD8C86-E233-4AE4-BB8A-C52D36D7756D}) (Version: 1.12.3501 - HRB Technology, LLC.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iPhone Configuration Utility (HKLM-x32\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft UI Engine (x32 Version: 6.3.2380.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Netflix in Windows Media Center (HKLM-x32\...\{F751C062-87DA-4D33-8A12-6E7F1D4C051C}) (Version: 2.0.0.0 - Microsoft Corporation)
Netflix Movie Viewer (HKLM-x32\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.10 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Registry Repair 4.1.0.388 (HKLM-x32\...\Registry Repair) (Version: 4.1.0.388 - Glarysoft Ltd)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.0.23 - iolo technologies, LLC)
TuneUp Utilities 2012 (x32 Version: 12.0.3500.14 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 12.0.3500.14 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebSlingPlayer ActiveX (HKLM-x32\...\{13BBBB38-22D8-4BF1-80CA-7D54152C2980}) (Version: 1.5.2125 - Sling Media)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0C038E62-55E0-4F72-806C-02C53698E1E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-29] (Adobe Systems Incorporated)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {194BDA24-FC03-4C8C-999C-A43582A7F117} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1D3232D1-B948-4774-B5D4-57469CDD5187} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2014-04-09] ()
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2F7552CC-7585-43BB-AAF1-0AAF5DC88ECE} - System32\Tasks\Microsoft\Windows\PLA\System\{361F8554-EE08-449F-80D6-A60B570D895D}_System Diagnostics => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {33F64697-5919-4B54-B508-1BC938CA6035} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe
Task: {4D60431D-1F1D-4776-AC95-DD2688519B31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {6835F12C-6627-4527-9491-F3C29482A19A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {BFF65318-8BAA-410D-A792-B56B72ACDAB3} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On viccherry Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-04-18 19:37 - 2009-04-17 06:53 - 00053760 _____ () C:\Windows\System32\DLEAPMON.DLL
2010-04-18 19:36 - 2009-01-13 09:15 - 05709824 _____ () C:\Windows\System32\DLEAOEM.DLL
2010-02-23 12:01 - 2006-10-19 22:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2010-04-18 19:45 - 2009-06-19 05:01 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2010-04-18 19:40 - 2009-07-01 09:13 - 00033448 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
2009-06-10 23:23 - 2009-06-10 23:23 - 05730304 _____ () C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
2014-03-03 22:52 - 2014-03-03 22:51 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
2010-04-18 19:35 - 2009-07-10 10:06 - 00766632 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
2011-12-08 06:17 - 2014-03-03 22:51 - 02539544 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-03 22:52 - 2014-03-03 22:51 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
2010-04-18 19:32 - 2009-05-26 16:17 - 00086118 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacfg.dll
2010-04-18 19:35 - 2009-05-29 10:08 - 00389120 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll
2010-04-18 19:34 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll
2010-04-18 19:35 - 2009-05-29 10:09 - 01159168 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaDRS.dll
2010-04-18 19:35 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll
2010-04-18 19:35 - 2009-03-05 13:55 - 00059904 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll
2010-04-18 19:31 - 2009-02-20 04:50 - 00381440 _____ () C:\Windows\system32\dleasm.dll
2010-04-18 19:31 - 2009-02-20 04:50 - 00028672 _____ () C:\Windows\system32\dleasmr.dll
2008-01-18 00:17 - 2008-01-18 00:17 - 00073782 _____ () C:\Program Files (x86)\Common Files\Dell\apache\bin\zlib1.dll
2009-06-06 09:24 - 2009-06-06 09:24 - 00450560 _____ () C:\Program Files (x86)\Common Files\Dell\apache\ioncube_loader_win_5.2.dll
2009-06-01 11:37 - 2009-06-01 11:37 - 02076672 _____ () C:\Program Files (x86)\Common Files\Dell\apache\LIBMYSQL.dll
2009-06-10 23:32 - 2009-06-10 23:32 - 02035712 _____ () C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\LIBMYSQL.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AtHomeConnect.lnk => C:\Windows\pss\AtHomeConnect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^viccherry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: Dell V310-V510 Series => "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OtShot => "C:\Program Files (x86)\OtShot\otshot.exe" -minimize
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2014 02:58:37 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
    This operation returned because the timeout period expired.   (0x800705b4)

Error: (04/18/2014 02:24:38 PM) (Source: profsvc) (User: viccherry-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/18/2014 02:24:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 02:24:15 PM) (Source: profsvc) (User: viccherry-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/18/2014 01:24:34 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
    This operation returned because the timeout period expired.   (0x800705b4)

Error: (04/18/2014 00:12:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 00:11:09 PM) (Source: profsvc) (User: viccherry-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/18/2014 00:11:07 PM) (Source: profsvc) (User: viccherry-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/18/2014 08:58:44 AM) (Source: profsvc) (User: viccherry-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/18/2014 08:58:37 AM) (Source: profsvc) (User: viccherry-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.


System errors:
=============
Error: (04/18/2014 03:28:19 PM) (Source: DCOM) (User: )
Description: {F25AF245-4A81-40DC-92F9-E9021F207706}

Error: (04/18/2014 02:45:27 PM) (Source: Service Control Manager) (User: )
Description: Adobe Flash Player Update Service%%1053

Error: (04/18/2014 02:45:27 PM) (Source: Service Control Manager) (User: )
Description: 30000Adobe Flash Player Update Service

Error: (04/18/2014 02:42:00 PM) (Source: DCOM) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (04/18/2014 02:41:47 PM) (Source: DCOM) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (04/18/2014 02:37:21 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/18/2014 02:27:27 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (04/18/2014 02:27:10 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/18/2014 02:24:45 PM) (Source: Service Control Manager) (User: )
Description: TuneUpUtilitiesDrv%%2

Error: (04/18/2014 02:24:29 PM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058


Microsoft Office Sessions:
=========================
Error: (04/18/2014 02:58:37 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    This operation returned because the timeout period expired.   (0x800705b4)

Error: (04/18/2014 02:24:38 PM) (Source: profsvc)(User: viccherry-PC)
Description: Access is denied.

Error: (04/18/2014 02:24:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 02:24:15 PM) (Source: profsvc)(User: viccherry-PC)
Description: Access is denied.

Error: (04/18/2014 01:24:34 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    This operation returned because the timeout period expired.   (0x800705b4)

Error: (04/18/2014 00:12:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 00:11:09 PM) (Source: profsvc)(User: viccherry-PC)
Description: Access is denied.

Error: (04/18/2014 00:11:07 PM) (Source: profsvc)(User: viccherry-PC)
Description: Access is denied.

Error: (04/18/2014 08:58:44 AM) (Source: profsvc)(User: viccherry-PC)
Description: Access is denied.

Error: (04/18/2014 08:58:37 AM) (Source: profsvc)(User: viccherry-PC)
Description: Access is denied.


CodeIntegrity Errors:
===================================
  Date: 2014-04-18 14:53:36.532
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 14:53:34.967
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 14:53:33.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 14:53:30.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 14:53:28.870
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 14:53:26.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 14:53:25.069
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 14:53:24.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 14:38:10.755
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-18 14:38:10.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 4057.45 MB
Available physical RAM: 2037.5 MB
Total Pagefile: 8290.17 MB
Available Pagefile: 5894.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:104.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: B5749D56)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=218 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#12 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 18 April 2014 - 02:41 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the Desktop as fixlist.txt 
 
SearchScopes: HKLM - {79EBD815-735B-4501-9798-B6FB68628A71} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM-x32 - DefaultScope {B5DE1913-E399-483E-9FCA-3DDF85011525} URL =
SearchScopes: HKLM-x32 - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search...p={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...1-0023AE234BC6}
SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...006.10042&st=23
SearchScopes: HKCU - {3A706E37-3768-44F8-89D1-B96B6011B6EB} URL = http://search.yahoo....&fr=chr-gl-gen1
SearchScopes: HKCU - {5A11508C-7E5E-446B-929C-03197C40EE40} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKCU - {AE71F40B-123D-49B7-8990-8AD85DD59C9E} URL = http://delicious.com...p={searchTerms}
SearchScopes: HKCU - {B5DE1913-E399-483E-9FCA-3DDF85011525} URL = http://search.condui...7534550287&UM=2
SearchScopes: HKCU - {C18EA064-B948-4077-BD6A-AB94630083C1} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...006.10042&st=23
SearchScopes: HKCU - {F8DEEF26-329F-4DCB-B7D9-27759FB661FB} URL = http://websearch.ask...CE-900758F3A54C
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: Unit - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
C:\Users\viccherry\AppData\Local\Temp\Quarantine.exe
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply.
----------
 
Post the new log and let me know how your system is running now.  :)

Posted Image
 
 

#13 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 18 April 2014 - 04:56 PM

Fix ran fast but it took forever to open the program to run it. It has taken me about an hour to try to get it uploaded to you so I am copying the file to a flash drive and uploading again via my computer. It is still PAINFULLY slow to open anything.  When it gets like this I have to hard rest it to release it and then try to open only one thing at a time. It has taken about 20 min just to get to the point to copy the file to the flash drive. I am at a loss as to what could be doing this. It must be something deep rooted. UGH!!  lol

 

Nevermind the above about the log... I had to reboot after the system locked and now I can't find it. What can I do now?

 

Sorry



#14 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 18 April 2014 - 07:33 PM

UGH I am such an idiot. I was looking in the wrong spot for the log and mistook the log for the fixlist.txt.  sorry for the delay in getting it to you. Just as I figured out my mistake I had to leave for a meeting. BTW the above about the system handling still holds true. Here is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014 01
Ran by viccherry at 2014-04-18 18:15:19 Run:1
Running from C:\Users\viccherry\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {79EBD815-735B-4501-9798-B6FB68628A71} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM-x32 - DefaultScope {B5DE1913-E399-483E-9FCA-3DDF85011525} URL =
SearchScopes: HKLM-x32 - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search...p={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...1-0023AE234BC6}
SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...006.10042&st=23
SearchScopes: HKCU - {3A706E37-3768-44F8-89D1-B96B6011B6EB} URL = http://search.yahoo....&fr=chr-gl-gen1
SearchScopes: HKCU - {5A11508C-7E5E-446B-929C-03197C40EE40} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKCU - {AE71F40B-123D-49B7-8990-8AD85DD59C9E} URL = http://delicious.com...p={searchTerms}
SearchScopes: HKCU - {B5DE1913-E399-483E-9FCA-3DDF85011525} URL = http://search.condui...7534550287&UM=2
SearchScopes: HKCU - {C18EA064-B948-4077-BD6A-AB94630083C1} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...006.10042&st=23
SearchScopes: HKCU - {F8DEEF26-329F-4DCB-B7D9-27759FB661FB} URL = http://websearch.ask...CE-900758F3A54C
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: Unit - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
C:\Users\viccherry\AppData\Local\Temp\Quarantine.exe
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79EBD815-735B-4501-9798-B6FB68628A71} => Key deleted successfully.
HKCR\CLSID\{79EBD815-735B-4501-9798-B6FB68628A71} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A706E37-3768-44F8-89D1-B96B6011B6EB} => Key deleted successfully.
HKCR\CLSID\{3A706E37-3768-44F8-89D1-B96B6011B6EB} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5A11508C-7E5E-446B-929C-03197C40EE40} => Key deleted successfully.
HKCR\CLSID\{5A11508C-7E5E-446B-929C-03197C40EE40} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE71F40B-123D-49B7-8990-8AD85DD59C9E} => Key deleted successfully.
HKCR\CLSID\{AE71F40B-123D-49B7-8990-8AD85DD59C9E} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B5DE1913-E399-483E-9FCA-3DDF85011525} => Key deleted successfully.
HKCR\CLSID\{B5DE1913-E399-483E-9FCA-3DDF85011525} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C18EA064-B948-4077-BD6A-AB94630083C1} => Key deleted successfully.
HKCR\CLSID\{C18EA064-B948-4077-BD6A-AB94630083C1} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8DEEF26-329F-4DCB-B7D9-27759FB661FB} => Key deleted successfully.
HKCR\CLSID\{F8DEEF26-329F-4DCB-B7D9-27759FB661FB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully.
C:\Users\viccherry\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====



#15 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 19 April 2014 - 08:52 AM

Ok.....let's get a new look shall we and maybe some light will be shed on this problem.  

 

Please run a new scan with OTL and post the new OTL.txt please.


Posted Image
 
 

Related Topics




Also tagged with one or more of these keywords: Painfully Slow

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users