Jump to content

Help to clear infections please

suzie44

By suzie44
in Resolved Malware Removal Logs

 Share

Recommended Posts

suzie44

suzie44

Posted
Posted

Hello

My daughter is having problems with her computer AVG, Hitman Pro and Malwarebytes found some stuff.

AVG found 30 called Inline hook in win32.sys and 1 MalSign.Generic.834 in C:\Program Files (x86)\InstallConverter bundle uninstaller\uninstaller.exe";"Secured"

Hitman Pro found 7 all in AppData\Local\SearchProtect\ (SearchProtect)

Malwarebytes found 18 pup and 1 Adware.Gdown

Something called Conduit Search kept taking over chrome so I uninstalled chrome IE seems to be ok.

As instructed I have run Farbar Recovery and pasted the results.

Thank you for any help you can give.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FIRST
~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014
Ran by Lou (administrator) on LOU-PC on 20-04-2014 16:07:57
Running from C:\Users\Lou\Downloads\Farbar Recovery Scan Tool
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BEWConfigSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
() C:\ProgramData\MobileBrServ\mbbservice.exe
() C:\Windows\SysWOW64\PSIService.exe
() C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BusinessEverywhere.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\SMSNotifier.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [start_BusinessEverywhere_{8309b0e1-1f81-4131-9b07-46a47608a547}] => C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BusinessEverywhere.exe [5148128 2012-03-15] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [start_SMSNotifier_{8309b0e1-1f81-4131-9b07-46a47608a547}] => C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\SMSNotifier.exe [1592272 2012-03-15] ()
HKLM-x32\...\Run: [start_Update_{8309b0e1-1f81-4131-9b07-46a47608a547}] => C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\UpdteApp.exe [952264 2012-03-15] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1598726057-290923624-3963467467-1001\...\MountPoints2: {3f5954ed-64d7-11e3-b451-00123f9960e3} - F:\AutoRun.exe
HKU\S-1-5-21-1598726057-290923624-3963467467-1001\...\MountPoints2: {5da70eff-846a-11e3-8ad7-806e6f6e6963} - F:\Setup.exe
Startup: C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x086235873C7FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\9ar58yph.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Flashblock - C:\Users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\9ar58yph.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-07-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3655184 2014-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 BEWConfigSrv; C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BEWConfigSrv.exe [167376 2012-03-15] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] ()
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236824 2014-04-01] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
S3 orange_zte_cdc_acm; C:\Windows\System32\DRIVERS\orange_zte_cdc_acm.sys [77824 2012-03-15] (ZTE)
S3 orange_zte_cpo; C:\Windows\System32\DRIVERS\orange_zte_cpo.sys [14336 2012-03-15] (ZTE)
S3 cpuz134; \??\C:\Users\Lou\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-20 16:07 - 2014-04-20 16:07 - 00000000 ____D () C:\FRST
2014-04-20 16:06 - 2014-04-20 16:07 - 00000000 ____D () C:\Users\Lou\Downloads\Farbar Recovery Scan Tool
2014-04-19 21:10 - 2014-04-19 21:10 - 00000000 _____ () C:\Users\Lou\mkdir
2014-04-19 16:12 - 2014-04-19 16:12 - 00000000 ____D () C:\ProgramData\Avg_Update_0214d
2014-04-19 16:07 - 2014-04-19 16:07 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-19 15:10 - 2014-04-19 15:10 - 00001413 _____ () C:\Users\Lou\Desktop\Internet Explorer.lnk
2014-04-19 14:08 - 2014-04-19 15:04 - 00000000 ____D () C:\Windows\pss
2014-04-19 11:09 - 2014-04-20 15:40 - 00000392 _____ () C:\Windows\setupact.log
2014-04-19 11:09 - 2014-04-19 20:31 - 00001784 _____ () C:\Windows\PFRO.log
2014-04-19 11:09 - 2014-04-19 11:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 11:01 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-19 11:01 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-17 19:25 - 2014-04-17 19:32 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\vlc
2014-04-17 18:30 - 2014-04-17 18:30 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\Oracle
2014-04-17 18:24 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-17 18:24 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-17 18:24 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-17 18:24 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-17 18:23 - 2014-04-17 18:24 - 00005399 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 17:43 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-17 17:43 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-04-17 17:43 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-04-17 17:43 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-04-17 17:36 - 2014-04-19 12:25 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-17 17:31 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-17 17:31 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-17 17:31 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-17 17:31 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-17 17:31 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-17 17:31 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-17 17:31 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-17 17:31 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-17 17:31 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-17 17:31 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-17 17:31 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-17 17:31 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-17 17:31 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-17 17:31 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-17 17:31 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-17 17:31 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-17 17:28 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-17 17:28 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-04-17 17:27 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-04-17 17:27 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-04-17 17:27 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-17 17:27 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-17 17:27 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-17 17:27 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-17 17:27 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-17 17:27 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-17 17:27 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-17 17:27 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-17 17:27 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-17 17:27 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-04-17 17:27 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-04-17 17:27 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-04-17 17:27 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-04-17 17:27 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-04-17 17:27 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-04-17 17:27 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-04-17 17:27 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-04-17 17:27 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-04-17 17:27 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-17 17:27 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-04-17 17:27 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-17 17:27 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-17 17:27 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-04-17 17:27 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-04-17 17:27 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-04-17 17:27 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-17 17:27 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-04-17 17:27 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-04-17 17:27 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-04-17 17:27 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-17 17:27 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-17 17:27 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-04-17 17:27 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-04-17 17:27 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-04-17 17:27 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-04-17 17:27 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-04-17 17:25 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-17 17:25 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-17 17:24 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-17 17:24 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-17 17:24 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-17 17:24 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-17 17:24 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-17 17:24 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-17 17:24 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-04-17 16:44 - 2014-04-17 17:02 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-04-17 16:44 - 2014-04-17 17:02 - 00001908 _____ () C:\Windows\diagerr.xml
2014-04-17 16:39 - 2014-04-17 16:39 - 00000000 __SHD () C:\Users\Lou\AppData\Local\EmieUserList
2014-04-17 16:39 - 2014-04-17 16:39 - 00000000 __SHD () C:\Users\Lou\AppData\Local\EmieSiteList
2014-04-17 16:24 - 2014-03-06 09:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-17 16:24 - 2014-03-06 09:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-17 16:24 - 2014-03-06 09:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-17 16:24 - 2014-03-06 08:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-17 16:23 - 2014-03-06 11:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-17 16:23 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-17 16:23 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-17 16:23 - 2014-03-06 10:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-17 16:23 - 2014-03-06 09:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-17 16:23 - 2014-03-06 09:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-17 16:23 - 2014-03-06 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-17 16:23 - 2014-03-06 09:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-17 16:23 - 2014-03-06 09:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-17 16:23 - 2014-03-06 09:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-17 16:23 - 2014-03-06 09:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-17 16:23 - 2014-03-06 09:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-17 16:23 - 2014-03-06 09:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-17 16:23 - 2014-03-06 09:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-17 16:23 - 2014-03-06 09:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-17 16:23 - 2014-03-06 09:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-17 16:23 - 2014-03-06 09:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-17 16:23 - 2014-03-06 09:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-17 16:23 - 2014-03-06 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-17 16:23 - 2014-03-06 08:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-17 16:23 - 2014-03-06 08:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-17 16:23 - 2014-03-06 08:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-17 16:23 - 2014-03-06 08:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-17 16:23 - 2014-03-06 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-17 16:23 - 2014-03-06 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-17 16:23 - 2014-03-06 08:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-17 16:23 - 2014-03-06 08:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-17 16:23 - 2014-03-06 08:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-17 16:23 - 2014-03-06 08:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-17 16:23 - 2014-03-06 08:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-17 16:23 - 2014-03-06 08:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-17 16:23 - 2014-03-06 08:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-17 16:23 - 2014-03-06 08:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-17 16:23 - 2014-03-06 08:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-17 16:23 - 2014-03-06 07:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-17 16:23 - 2014-03-06 07:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-17 16:23 - 2014-03-06 07:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-17 16:23 - 2014-03-06 07:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-17 16:23 - 2014-03-06 07:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-17 16:23 - 2014-03-06 06:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-17 16:23 - 2014-03-06 06:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-17 16:23 - 2014-03-06 06:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-17 16:23 - 2014-03-06 06:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-17 16:23 - 2014-03-06 06:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-17 16:14 - 2014-04-19 17:33 - 00000000 ____D () C:\AdwCleaner
2014-04-17 16:10 - 2014-04-19 18:08 - 00000000 ____D () C:\Users\Lou\Downloads\Malware and Spyware
2014-04-17 15:37 - 2014-04-17 18:21 - 00000000 ____D () C:\Users\Lou\Downloads\Java
2014-04-17 15:34 - 2014-04-19 15:15 - 00000000 ____D () C:\Users\Lou\Downloads\AVG
2014-04-17 15:12 - 2014-04-17 15:12 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\TuneUp Software
2014-04-17 15:12 - 2014-04-17 15:12 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\AVG2014
2014-04-17 15:11 - 2014-04-19 16:10 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-17 15:07 - 2014-04-20 15:47 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-17 15:07 - 2014-04-19 16:00 - 00000000 ____D () C:\Users\Lou\AppData\Local\Avg2014
2014-04-17 15:07 - 2014-04-17 15:07 - 00000000 ____D () C:\Users\Lou\AppData\Local\MFAData
2014-04-17 14:58 - 2014-04-17 14:58 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-04-17 14:42 - 2014-04-17 14:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-17 14:16 - 2014-04-17 14:16 - 00000000 ____D () C:\ProgramData\ESET
2014-04-17 12:55 - 2014-04-17 12:55 - 00000000 ____D () C:\Windows\ERUNT
2014-04-11 09:55 - 2014-04-17 18:24 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-11 09:21 - 2014-04-11 09:21 - 00545200 _____ (Sun Microsystems, Inc.) C:\Windows\system32\npdeployJava1.dll
2014-04-11 09:21 - 2014-04-11 09:21 - 00526768 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll
2014-04-11 08:56 - 2014-04-11 08:56 - 00000000 ____D () C:\ProgramData\CDB
2014-04-11 08:55 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-11 08:55 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-11 08:55 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-11 08:52 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 08:52 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 08:52 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 08:52 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 08:52 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 08:52 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-11 08:52 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-11 08:52 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-11 08:52 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-11 08:52 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-11 08:51 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-11 08:51 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-11 08:51 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-11 08:50 - 2014-04-11 09:46 - 00000163 _____ () C:\Windows\Reimage.ini
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

==================== One Month Modified Files and Folders =======

2014-04-20 16:09 - 2013-07-12 09:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 16:07 - 2014-04-20 16:07 - 00000000 ____D () C:\FRST
2014-04-20 16:07 - 2014-04-20 16:06 - 00000000 ____D () C:\Users\Lou\Downloads\Farbar Recovery Scan Tool
2014-04-20 15:49 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 15:49 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 15:47 - 2014-04-17 15:07 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-20 15:46 - 2013-07-11 12:02 - 01836401 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 15:46 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 15:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 15:40 - 2014-04-19 11:09 - 00000392 _____ () C:\Windows\setupact.log
2014-04-19 21:10 - 2014-04-19 21:10 - 00000000 _____ () C:\Users\Lou\mkdir
2014-04-19 21:10 - 2013-07-11 12:16 - 00000000 ____D () C:\Users\Lou
2014-04-19 20:31 - 2014-04-19 11:09 - 00001784 _____ () C:\Windows\PFRO.log
2014-04-19 20:24 - 2005-07-21 21:08 - 00000000 ____D () C:\i386
2014-04-19 18:08 - 2014-04-17 16:10 - 00000000 ____D () C:\Users\Lou\Downloads\Malware and Spyware
2014-04-19 17:33 - 2014-04-17 16:14 - 00000000 ____D () C:\AdwCleaner
2014-04-19 16:12 - 2014-04-19 16:12 - 00000000 ____D () C:\ProgramData\Avg_Update_0214d
2014-04-19 16:10 - 2014-04-17 15:11 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-19 16:07 - 2014-04-19 16:07 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-19 16:00 - 2014-04-17 15:07 - 00000000 ____D () C:\Users\Lou\AppData\Local\Avg2014
2014-04-19 15:15 - 2014-04-17 15:34 - 00000000 ____D () C:\Users\Lou\Downloads\AVG
2014-04-19 15:10 - 2014-04-19 15:10 - 00001413 _____ () C:\Users\Lou\Desktop\Internet Explorer.lnk
2014-04-19 15:04 - 2014-04-19 14:08 - 00000000 ____D () C:\Windows\pss
2014-04-19 15:04 - 2013-07-11 12:17 - 00000000 ___RD () C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 15:01 - 2013-07-11 13:06 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-04-19 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-04-19 12:25 - 2014-04-17 17:36 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-19 12:17 - 2013-07-11 13:42 - 00000000 ____D () C:\Users\Lou\Downloads\CCleaner
2014-04-19 11:09 - 2014-04-19 11:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 11:03 - 2013-07-11 13:06 - 00000000 ____D () C:\Users\Lou\AppData\Local\Google
2014-04-19 11:03 - 2013-07-11 13:06 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-17 19:32 - 2014-04-17 19:25 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\vlc
2014-04-17 18:34 - 2013-07-12 21:36 - 00000000 ____D () C:\Users\Lou\Documents\My PSP Files
2014-04-17 18:30 - 2014-04-17 18:30 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\Oracle
2014-04-17 18:25 - 2013-09-20 14:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-17 18:24 - 2014-04-17 18:23 - 00005399 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 18:24 - 2014-04-11 09:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-17 18:21 - 2014-04-17 15:37 - 00000000 ____D () C:\Users\Lou\Downloads\Java
2014-04-17 17:49 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-17 17:02 - 2014-04-17 16:44 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-04-17 17:02 - 2014-04-17 16:44 - 00001908 _____ () C:\Windows\diagerr.xml
2014-04-17 16:39 - 2014-04-17 16:39 - 00000000 __SHD () C:\Users\Lou\AppData\Local\EmieUserList
2014-04-17 16:39 - 2014-04-17 16:39 - 00000000 __SHD () C:\Users\Lou\AppData\Local\EmieSiteList
2014-04-17 16:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-17 15:17 - 2013-07-11 20:57 - 00000000 ____D () C:\Windows\Panther
2014-04-17 15:17 - 2013-07-11 13:44 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-17 15:17 - 2013-07-11 13:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-17 15:12 - 2014-04-17 15:12 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\TuneUp Software
2014-04-17 15:12 - 2014-04-17 15:12 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\AVG2014
2014-04-17 15:07 - 2014-04-17 15:07 - 00000000 ____D () C:\Users\Lou\AppData\Local\MFAData
2014-04-17 14:58 - 2014-04-17 14:58 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-04-17 14:58 - 2014-04-17 14:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-17 14:16 - 2014-04-17 14:16 - 00000000 ____D () C:\ProgramData\ESET
2014-04-17 12:55 - 2014-04-17 12:55 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 20:13 - 2014-04-17 18:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-17 18:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-17 18:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-17 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-11 10:23 - 2013-07-13 20:58 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-11 10:14 - 2013-07-12 09:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-11 10:14 - 2013-07-12 09:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-11 10:14 - 2013-07-12 09:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-11 09:46 - 2014-04-11 08:50 - 00000163 _____ () C:\Windows\Reimage.ini
2014-04-11 09:21 - 2014-04-11 09:21 - 00545200 _____ (Sun Microsystems, Inc.) C:\Windows\system32\npdeployJava1.dll
2014-04-11 09:21 - 2014-04-11 09:21 - 00526768 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll
2014-04-11 09:12 - 2009-07-14 05:45 - 00436096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-11 09:07 - 2013-07-13 13:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 08:56 - 2014-04-11 08:56 - 00000000 ____D () C:\ProgramData\CDB
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-31 03:51 - 2013-07-12 19:46 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

Some content of TEMP:
====================
C:\Users\Lou\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 13:17

==================== End Of Log ============================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADDITION
~~~~~~~~~
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014
Ran by Lou at 2014-04-20 16:09:27
Running from C:\Users\Lou\Downloads\Farbar Recovery Scan Tool
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alien Skin Eye Candy 5 Impact (HKLM-x32\...\EyeCandy5Impact) (Version: - )
Alien Skin Eye Candy 5 Nature (HKLM-x32\...\EyeCandy5Nature) (Version: - )
Alien Skin Eye Candy 5 Textures (HKLM-x32\...\EyeCandy5Textures) (Version: - )
Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version: - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4569 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4569 - AVG Technologies) Hidden
Business Everywhere (HKLM-x32\...\{33636C62-102D-47F2-8188-214A3E8230C5}) (Version: 3.1.1 - OrangeBusinessServices)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Eye Candy 3 (HKLM-x32\...\Eye Candy 3) (Version: - )
Eye Candy 4000 Demo (HKLM-x32\...\Eye Candy 4000) (Version: - )
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.14.01.105 - Huawei Technologies Co.,Ltd)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
Xenofex 1.0 (HKLM-x32\...\Xenofex 1.0) (Version: - )

==================== Restore Points =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {135A47EF-6665-4D25-86C4-46660BDB7049} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-11] (Adobe Systems Incorporated)
Task: {22475577-07DB-4E12-A36F-1A622B3E6834} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-04-11] (Microsoft Corporation)
Task: {50AF8449-0F6F-4BBA-96FF-E54AA16D8194} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-04-11] (Microsoft Corporation)
Task: {A5304ED7-9B9E-4005-A466-8CAE5B46919A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {D84B8626-CE45-48A3-B34E-2A8BD389AC2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-11 09:49 - 2014-04-11 09:49 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2012-03-15 15:26 - 2012-03-15 15:26 - 00167376 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BEWConfigSrv.exe
2014-04-11 09:26 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-07-13 20:58 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-12-14 18:14 - 2012-03-12 10:05 - 00232288 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2012-03-15 15:26 - 2012-03-15 15:26 - 05148128 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BusinessEverywhere.exe
2012-03-15 15:27 - 2012-03-15 15:27 - 01592272 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\SMSNotifier.exe
2012-03-15 15:22 - 2012-03-15 15:22 - 00081408 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\GIS.dll
2012-03-15 15:22 - 2012-03-15 15:22 - 00182784 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\ProxyDetection.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: PCI Modem
Description: PCI Modem
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2014 05:59:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (04/19/2014 08:35:24 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5FDD0C60-4437-454C-8B93-924F8356020A}.
The backup browser is stopping.


Microsoft Office Sessions:
=========================
Error: (04/19/2014 05:59:22 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lou\Downloads\Malware and Spyware\Online Scanner\esetsmartinstaller_enu.exe


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3070.15 MB
Available physical RAM: 1562.43 MB
Total Pagefile: 6138.48 MB
Available Pagefile: 4350.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.1 GB) (Free:108.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End Of Log ============================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello suzie44 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Link to post
Share on other sites
suzie44

suzie44

Posted
  • Author
Posted

Hello Borislav thank you for your help
 
Please run a Quick Scan with Malwarebytes and post the log:
here is the log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17041
Lou :: LOU-PC [administrator]

20/04/2014 19:22:55
mbam-log-2014-04-20 (19-22-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224203
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal. Done.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
here is the report:


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.20.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17041
Lou :: LOU-PC [administrator]

20/04/2014 19:30:43
mbam-log-2014-04-20 (19-30-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224295
Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites
suzie44

suzie44

Posted
  • Author
Posted

•Junkware Removal Tool log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lou on 21/04/2014 at 18:58:25.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/04/2014 at 19:10:57.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

•AdwCleaner log


# AdwCleaner v3.103 - Report created 21/04/2014 at 19:19:37
# Updated 21/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64

bits)
# Username : Lou - LOU-PC
# Running from : C:\Users\Lou\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext

\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar

\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKLM\Software\AVG SafeGuard toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


*************************

AdwCleaner[R0].txt - [1143 octets] - [17/04/2014 16:15:18]
AdwCleaner[R1].txt - [1109 octets] - [19/04/2014 17:31:51]
AdwCleaner[R2].txt - [1148 octets] - [21/04/2014 19:16:56]
AdwCleaner[s0].txt - [967 octets] - [17/04/2014 16:16:47]
AdwCleaner[s1].txt - [1175 octets] - [19/04/2014 17:33:18]
AdwCleaner[s2].txt - [1076 octets] - [21/04/2014 19:19:37]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1136

octets] ##########

 

Link to post
Share on other sites
  • 1 month later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.