suzie44

It seems better do you think the infections are gone

•Junkware Removal Tool log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Lou on 21/04/2014 at 18:58:25.77 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 21/04/2014 at 19:10:57.54 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ •AdwCleaner log # AdwCleaner v3.103 - Report created 21/04/2014 at 19:19:37 # Updated 21/04/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Lou - LOU-PC # Running from : C:\Users\Lou\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar \WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Key Deleted : HKLM\Software\AVG SafeGuard toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17041 ************************* AdwCleaner[R0].txt - [1143 octets] - [17/04/2014 16:15:18] AdwCleaner[R1].txt - [1109 octets] - [19/04/2014 17:31:51] AdwCleaner[R2].txt - [1148 octets] - [21/04/2014 19:16:56] AdwCleaner[s0].txt - [967 octets] - [17/04/2014 16:16:47] AdwCleaner[s1].txt - [1175 octets] - [19/04/2014 17:33:18] AdwCleaner[s2].txt - [1076 octets] - [21/04/2014 19:19:37] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1136 octets] ##########

Hello Marius thank you for your reply but this post is a duplicate of my original post I was having trouble making my first post and so ended making two posts I am sorry I could not delete this post. Borislav (Maniac) is dealing with my problem.

Hello Borislav thank you for your help Please run a Quick Scan with Malwarebytes and post the log: here is the log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.19.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17041 Lou :: LOU-PC [administrator] 20/04/2014 19:22:55 mbam-log-2014-04-20 (19-22-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 224203 Time elapsed: 5 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal. Done. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. here is the report: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.20.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17041 Lou :: LOU-PC [administrator] 20/04/2014 19:30:43 mbam-log-2014-04-20 (19-30-43).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 224295 Time elapsed: 5 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Hello My daughter is having problems with her computer AVG, Hitman Pro and Malwarebytes found some stuff. AVG found 30 called Inline hook in win32.sys and 1 MalSign.Generic.834 in C:\Program Files (x86)\InstallConverter bundle uninstaller\uninstaller.exe";"Secured" Hitman Pro found 7 all in AppData\Local\SearchProtect\ (SearchProtect) Malwarebytes found 18 pup and 1 Adware.Gdown Something called Conduit Search kept taking over chrome so I uninstalled chrome IE seems to be ok. As instructed I have run Farbar Recovery and pasted the results. Thank you for any help you can give. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FIRST ~~~~~~ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 Ran by Lou (administrator) on LOU-PC on 20-04-2014 16:07:57 Running from C:\Users\Lou\Downloads\Farbar Recovery Scan Tool Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BEWConfigSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe () C:\ProgramData\MobileBrServ\mbbservice.exe () C:\Windows\SysWOW64\PSIService.exe () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BusinessEverywhere.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\SMSNotifier.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\osk.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [start_BusinessEverywhere_{8309b0e1-1f81-4131-9b07-46a47608a547}] => C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BusinessEverywhere.exe [5148128 2012-03-15] () HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [start_SMSNotifier_{8309b0e1-1f81-4131-9b07-46a47608a547}] => C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\SMSNotifier.exe [1592272 2012-03-15] () HKLM-x32\...\Run: [start_Update_{8309b0e1-1f81-4131-9b07-46a47608a547}] => C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\UpdteApp.exe [952264 2012-03-15] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.) HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-13] (Microsoft Corporation) HKU\S-1-5-21-1598726057-290923624-3963467467-1001\...\MountPoints2: {3f5954ed-64d7-11e3-b451-00123f9960e3} - F:\AutoRun.exe HKU\S-1-5-21-1598726057-290923624-3963467467-1001\...\MountPoints2: {5da70eff-846a-11e3-8ad7-806e6f6e6963} - F:\Setup.exe Startup: C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x086235873C7FCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\9ar58yph.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_45 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Flashblock - C:\Users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\9ar58yph.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-07-12] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3655184 2014-04-01] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.) R2 BEWConfigSrv; C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BEWConfigSrv.exe [167376 2012-03-15] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] () R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] () ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236824 2014-04-01] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.) R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation) S3 orange_zte_cdc_acm; C:\Windows\System32\DRIVERS\orange_zte_cdc_acm.sys [77824 2012-03-15] (ZTE) S3 orange_zte_cpo; C:\Windows\System32\DRIVERS\orange_zte_cpo.sys [14336 2012-03-15] (ZTE) S3 cpuz134; \??\C:\Users\Lou\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-20 16:07 - 2014-04-20 16:07 - 00000000 ____D () C:\FRST 2014-04-20 16:06 - 2014-04-20 16:07 - 00000000 ____D () C:\Users\Lou\Downloads\Farbar Recovery Scan Tool 2014-04-19 21:10 - 2014-04-19 21:10 - 00000000 _____ () C:\Users\Lou\mkdir 2014-04-19 16:12 - 2014-04-19 16:12 - 00000000 ____D () C:\ProgramData\Avg_Update_0214d 2014-04-19 16:07 - 2014-04-19 16:07 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-04-19 15:10 - 2014-04-19 15:10 - 00001413 _____ () C:\Users\Lou\Desktop\Internet Explorer.lnk 2014-04-19 14:08 - 2014-04-19 15:04 - 00000000 ____D () C:\Windows\pss 2014-04-19 11:09 - 2014-04-20 15:40 - 00000392 _____ () C:\Windows\setupact.log 2014-04-19 11:09 - 2014-04-19 20:31 - 00001784 _____ () C:\Windows\PFRO.log 2014-04-19 11:09 - 2014-04-19 11:09 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-19 11:01 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-04-19 11:01 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-17 19:25 - 2014-04-17 19:32 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\vlc 2014-04-17 18:30 - 2014-04-17 18:30 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\Oracle 2014-04-17 18:24 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-17 18:24 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-17 18:24 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-17 18:24 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-17 18:23 - 2014-04-17 18:24 - 00005399 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-17 17:43 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-04-17 17:43 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-04-17 17:43 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-04-17 17:43 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-04-17 17:36 - 2014-04-19 12:25 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-17 17:31 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-04-17 17:31 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-04-17 17:31 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-04-17 17:31 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-04-17 17:31 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-04-17 17:31 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-04-17 17:31 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-04-17 17:31 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-04-17 17:31 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-04-17 17:31 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-04-17 17:31 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-04-17 17:31 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-04-17 17:31 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-04-17 17:31 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-04-17 17:31 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-04-17 17:31 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-04-17 17:28 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-04-17 17:28 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-04-17 17:27 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-04-17 17:27 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-04-17 17:27 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-04-17 17:27 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-04-17 17:27 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-04-17 17:27 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-04-17 17:27 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-04-17 17:27 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-04-17 17:27 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-04-17 17:27 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-04-17 17:27 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-04-17 17:27 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-04-17 17:27 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-04-17 17:27 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-04-17 17:27 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-04-17 17:27 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-04-17 17:27 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-04-17 17:27 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-04-17 17:27 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-04-17 17:27 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-04-17 17:27 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-04-17 17:27 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-04-17 17:27 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-04-17 17:27 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-04-17 17:27 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-04-17 17:27 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-04-17 17:27 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-04-17 17:27 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-04-17 17:27 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2014-04-17 17:27 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-04-17 17:27 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2014-04-17 17:27 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-04-17 17:27 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-04-17 17:27 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-04-17 17:27 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-04-17 17:27 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2014-04-17 17:27 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2014-04-17 17:27 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-04-17 17:25 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-17 17:25 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-04-17 17:24 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-17 17:24 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-17 17:24 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-17 17:24 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-17 17:24 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-17 17:24 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-17 17:24 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-04-17 16:44 - 2014-04-17 17:02 - 00001908 _____ () C:\Windows\diagwrn.xml 2014-04-17 16:44 - 2014-04-17 17:02 - 00001908 _____ () C:\Windows\diagerr.xml 2014-04-17 16:39 - 2014-04-17 16:39 - 00000000 __SHD () C:\Users\Lou\AppData\Local\EmieUserList 2014-04-17 16:39 - 2014-04-17 16:39 - 00000000 __SHD () C:\Users\Lou\AppData\Local\EmieSiteList 2014-04-17 16:24 - 2014-03-06 09:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-17 16:24 - 2014-03-06 09:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-17 16:24 - 2014-03-06 09:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-17 16:24 - 2014-03-06 08:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-17 16:23 - 2014-03-06 11:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-17 16:23 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-17 16:23 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-17 16:23 - 2014-03-06 10:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-17 16:23 - 2014-03-06 09:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-17 16:23 - 2014-03-06 09:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-17 16:23 - 2014-03-06 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-17 16:23 - 2014-03-06 09:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-17 16:23 - 2014-03-06 09:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-17 16:23 - 2014-03-06 09:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-17 16:23 - 2014-03-06 09:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-17 16:23 - 2014-03-06 09:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-17 16:23 - 2014-03-06 09:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-17 16:23 - 2014-03-06 09:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-17 16:23 - 2014-03-06 09:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-17 16:23 - 2014-03-06 09:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-17 16:23 - 2014-03-06 09:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-17 16:23 - 2014-03-06 09:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-17 16:23 - 2014-03-06 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-17 16:23 - 2014-03-06 08:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-17 16:23 - 2014-03-06 08:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-17 16:23 - 2014-03-06 08:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-17 16:23 - 2014-03-06 08:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-17 16:23 - 2014-03-06 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-17 16:23 - 2014-03-06 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-17 16:23 - 2014-03-06 08:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-17 16:23 - 2014-03-06 08:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-17 16:23 - 2014-03-06 08:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-17 16:23 - 2014-03-06 08:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-17 16:23 - 2014-03-06 08:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-17 16:23 - 2014-03-06 08:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-17 16:23 - 2014-03-06 08:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-17 16:23 - 2014-03-06 08:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-17 16:23 - 2014-03-06 08:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-17 16:23 - 2014-03-06 07:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-17 16:23 - 2014-03-06 07:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-17 16:23 - 2014-03-06 07:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-17 16:23 - 2014-03-06 07:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-17 16:23 - 2014-03-06 07:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-17 16:23 - 2014-03-06 06:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-17 16:23 - 2014-03-06 06:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-17 16:23 - 2014-03-06 06:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-17 16:23 - 2014-03-06 06:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-17 16:23 - 2014-03-06 06:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-17 16:14 - 2014-04-19 17:33 - 00000000 ____D () C:\AdwCleaner 2014-04-17 16:10 - 2014-04-19 18:08 - 00000000 ____D () C:\Users\Lou\Downloads\Malware and Spyware 2014-04-17 15:37 - 2014-04-17 18:21 - 00000000 ____D () C:\Users\Lou\Downloads\Java 2014-04-17 15:34 - 2014-04-19 15:15 - 00000000 ____D () C:\Users\Lou\Downloads\AVG 2014-04-17 15:12 - 2014-04-17 15:12 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\TuneUp Software 2014-04-17 15:12 - 2014-04-17 15:12 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\AVG2014 2014-04-17 15:11 - 2014-04-19 16:10 - 00000000 ____D () C:\ProgramData\AVG2014 2014-04-17 15:07 - 2014-04-20 15:47 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-17 15:07 - 2014-04-19 16:00 - 00000000 ____D () C:\Users\Lou\AppData\Local\Avg2014 2014-04-17 15:07 - 2014-04-17 15:07 - 00000000 ____D () C:\Users\Lou\AppData\Local\MFAData 2014-04-17 14:58 - 2014-04-17 14:58 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2014-04-17 14:42 - 2014-04-17 14:58 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-04-17 14:16 - 2014-04-17 14:16 - 00000000 ____D () C:\ProgramData\ESET 2014-04-17 12:55 - 2014-04-17 12:55 - 00000000 ____D () C:\Windows\ERUNT 2014-04-11 09:55 - 2014-04-17 18:24 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-11 09:21 - 2014-04-11 09:21 - 00545200 _____ (Sun Microsystems, Inc.) C:\Windows\system32\npdeployJava1.dll 2014-04-11 09:21 - 2014-04-11 09:21 - 00526768 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll 2014-04-11 08:56 - 2014-04-11 08:56 - 00000000 ____D () C:\ProgramData\CDB 2014-04-11 08:55 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-11 08:55 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-04-11 08:55 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-04-11 08:52 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-11 08:52 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-11 08:52 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-11 08:52 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-11 08:52 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-11 08:52 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-11 08:52 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-11 08:52 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-11 08:52 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-11 08:52 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-04-11 08:51 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-11 08:51 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-11 08:51 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-11 08:50 - 2014-04-11 09:46 - 00000163 _____ () C:\Windows\Reimage.ini 2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys ==================== One Month Modified Files and Folders ======= 2014-04-20 16:09 - 2013-07-12 09:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-20 16:07 - 2014-04-20 16:07 - 00000000 ____D () C:\FRST 2014-04-20 16:07 - 2014-04-20 16:06 - 00000000 ____D () C:\Users\Lou\Downloads\Farbar Recovery Scan Tool 2014-04-20 15:49 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-20 15:49 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-20 15:47 - 2014-04-17 15:07 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-20 15:46 - 2013-07-11 12:02 - 01836401 _____ () C:\Windows\WindowsUpdate.log 2014-04-20 15:46 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-20 15:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-20 15:40 - 2014-04-19 11:09 - 00000392 _____ () C:\Windows\setupact.log 2014-04-19 21:10 - 2014-04-19 21:10 - 00000000 _____ () C:\Users\Lou\mkdir 2014-04-19 21:10 - 2013-07-11 12:16 - 00000000 ____D () C:\Users\Lou 2014-04-19 20:31 - 2014-04-19 11:09 - 00001784 _____ () C:\Windows\PFRO.log 2014-04-19 20:24 - 2005-07-21 21:08 - 00000000 ____D () C:\i386 2014-04-19 18:08 - 2014-04-17 16:10 - 00000000 ____D () C:\Users\Lou\Downloads\Malware and Spyware 2014-04-19 17:33 - 2014-04-17 16:14 - 00000000 ____D () C:\AdwCleaner 2014-04-19 16:12 - 2014-04-19 16:12 - 00000000 ____D () C:\ProgramData\Avg_Update_0214d 2014-04-19 16:10 - 2014-04-17 15:11 - 00000000 ____D () C:\ProgramData\AVG2014 2014-04-19 16:07 - 2014-04-19 16:07 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-04-19 16:00 - 2014-04-17 15:07 - 00000000 ____D () C:\Users\Lou\AppData\Local\Avg2014 2014-04-19 15:15 - 2014-04-17 15:34 - 00000000 ____D () C:\Users\Lou\Downloads\AVG 2014-04-19 15:10 - 2014-04-19 15:10 - 00001413 _____ () C:\Users\Lou\Desktop\Internet Explorer.lnk 2014-04-19 15:04 - 2014-04-19 14:08 - 00000000 ____D () C:\Windows\pss 2014-04-19 15:04 - 2013-07-11 12:17 - 00000000 ___RD () C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-19 15:01 - 2013-07-11 13:06 - 00000000 _____ () C:\Windows\SysWOW64\config.nt 2014-04-19 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-04-19 12:25 - 2014-04-17 17:36 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-19 12:17 - 2013-07-11 13:42 - 00000000 ____D () C:\Users\Lou\Downloads\CCleaner 2014-04-19 11:09 - 2014-04-19 11:09 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-19 11:03 - 2013-07-11 13:06 - 00000000 ____D () C:\Users\Lou\AppData\Local\Google 2014-04-19 11:03 - 2013-07-11 13:06 - 00000000 ____D () C:\Program Files (x86)\Google 2014-04-17 19:32 - 2014-04-17 19:25 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\vlc 2014-04-17 18:34 - 2013-07-12 21:36 - 00000000 ____D () C:\Users\Lou\Documents\My PSP Files 2014-04-17 18:30 - 2014-04-17 18:30 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\Oracle 2014-04-17 18:25 - 2013-09-20 14:02 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-17 18:24 - 2014-04-17 18:23 - 00005399 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-17 18:24 - 2014-04-11 09:55 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-17 18:21 - 2014-04-17 15:37 - 00000000 ____D () C:\Users\Lou\Downloads\Java 2014-04-17 17:49 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-04-17 17:02 - 2014-04-17 16:44 - 00001908 _____ () C:\Windows\diagwrn.xml 2014-04-17 17:02 - 2014-04-17 16:44 - 00001908 _____ () C:\Windows\diagerr.xml 2014-04-17 16:39 - 2014-04-17 16:39 - 00000000 __SHD () C:\Users\Lou\AppData\Local\EmieUserList 2014-04-17 16:39 - 2014-04-17 16:39 - 00000000 __SHD () C:\Users\Lou\AppData\Local\EmieSiteList 2014-04-17 16:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-17 15:17 - 2013-07-11 20:57 - 00000000 ____D () C:\Windows\Panther 2014-04-17 15:17 - 2013-07-11 13:44 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-04-17 15:17 - 2013-07-11 13:44 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-17 15:12 - 2014-04-17 15:12 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\TuneUp Software 2014-04-17 15:12 - 2014-04-17 15:12 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\AVG2014 2014-04-17 15:07 - 2014-04-17 15:07 - 00000000 ____D () C:\Users\Lou\AppData\Local\MFAData 2014-04-17 14:58 - 2014-04-17 14:58 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2014-04-17 14:58 - 2014-04-17 14:42 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-04-17 14:16 - 2014-04-17 14:16 - 00000000 ____D () C:\ProgramData\ESET 2014-04-17 12:55 - 2014-04-17 12:55 - 00000000 ____D () C:\Windows\ERUNT 2014-04-14 20:13 - 2014-04-17 18:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 20:05 - 2014-04-17 18:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-14 20:05 - 2014-04-17 18:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-14 20:04 - 2014-04-17 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-11 10:23 - 2013-07-13 20:58 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-04-11 10:14 - 2013-07-12 09:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-11 10:14 - 2013-07-12 09:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-11 10:14 - 2013-07-12 09:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-11 09:46 - 2014-04-11 08:50 - 00000163 _____ () C:\Windows\Reimage.ini 2014-04-11 09:21 - 2014-04-11 09:21 - 00545200 _____ (Sun Microsystems, Inc.) C:\Windows\system32\npdeployJava1.dll 2014-04-11 09:21 - 2014-04-11 09:21 - 00526768 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll 2014-04-11 09:12 - 2009-07-14 05:45 - 00436096 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-11 09:07 - 2013-07-13 13:55 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-11 08:56 - 2014-04-11 08:56 - 00000000 ____D () C:\ProgramData\CDB 2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-03-31 03:51 - 2013-07-12 19:46 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys Some content of TEMP: ==================== C:\Users\Lou\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-19 13:17 ==================== End Of Log ============================ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ADDITION ~~~~~~~~~ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014 Ran by Lou at 2014-04-20 16:09:27 Running from C:\Users\Lou\Downloads\Farbar Recovery Scan Tool Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Alien Skin Eye Candy 5 Impact (HKLM-x32\...\EyeCandy5Impact) (Version: - ) Alien Skin Eye Candy 5 Nature (HKLM-x32\...\EyeCandy5Nature) (Version: - ) Alien Skin Eye Candy 5 Textures (HKLM-x32\...\EyeCandy5Textures) (Version: - ) Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version: - ) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4569 - AVG Technologies) AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4569 - AVG Technologies) Hidden Business Everywhere (HKLM-x32\...\{33636C62-102D-47F2-8188-214A3E8230C5}) (Version: 3.1.1 - OrangeBusinessServices) CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform) Eye Candy 3 (HKLM-x32\...\Eye Candy 3) (Version: - ) Eye Candy 4000 Demo (HKLM-x32\...\Eye Candy 4000) (Version: - ) HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc) Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.14.01.105 - Huawei Technologies Co.,Ltd) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - ) Xenofex 1.0 (HKLM-x32\...\Xenofex 1.0) (Version: - ) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {135A47EF-6665-4D25-86C4-46660BDB7049} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-11] (Adobe Systems Incorporated) Task: {22475577-07DB-4E12-A36F-1A622B3E6834} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-04-11] (Microsoft Corporation) Task: {50AF8449-0F6F-4BBA-96FF-E54AA16D8194} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-04-11] (Microsoft Corporation) Task: {A5304ED7-9B9E-4005-A466-8CAE5B46919A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation) Task: {D84B8626-CE45-48A3-B34E-2A8BD389AC2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-11 09:49 - 2014-04-11 09:49 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2012-03-15 15:26 - 2012-03-15 15:26 - 00167376 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BEWConfigSrv.exe 2014-04-11 09:26 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-07-13 20:58 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2013-12-14 18:14 - 2012-03-12 10:05 - 00232288 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe 2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe 2012-03-15 15:26 - 2012-03-15 15:26 - 05148128 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BusinessEverywhere.exe 2012-03-15 15:27 - 2012-03-15 15:27 - 01592272 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\SMSNotifier.exe 2012-03-15 15:22 - 2012-03-15 15:22 - 00081408 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\GIS.dll 2012-03-15 15:22 - 2012-03-15 15:22 - 00182784 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\ProxyDetection.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: PCI Modem Description: PCI Modem Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/19/2014 05:59:22 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (04/19/2014 08:35:24 PM) (Source: BROWSER) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5FDD0C60-4437-454C-8B93-924F8356020A}. The backup browser is stopping. Microsoft Office Sessions: ========================= Error: (04/19/2014 05:59:22 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lou\Downloads\Malware and Spyware\Online Scanner\esetsmartinstaller_enu.exe ==================== Memory info =========================== Percentage of memory in use: 49% Total physical RAM: 3070.15 MB Available physical RAM: 1562.43 MB Total Pagefile: 6138.48 MB Available Pagefile: 4350.18 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:146.1 GB) (Free:108.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D0F4738C) Partition 1: (Not Active) - (Size=63 MB) - (Type=DE) Partition 2: (Active) - (Size=146 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=3 GB) - (Type=DB) ==================== End Of Log ============================

Hello My daughter is having problems with her computer AVG, Hitman Pro and Malwarebytes found some stuff. AVG found 30 Inline hook in win32.sys and 1 MalSign.Generic.834 in C:\Program Files (x86)\InstallConverter bundle uninstaller\uninstaller.exe";"Secured" Hitman Pro found 7 all in AppData\Local\SearchProtect\ (SearchProtect) Malwarebytes found 18 pup and 1 Adware.Gdown Something called Conduit Search kept taking over chrome so I uninstalled chrome IE seems to be ok. As instructed I have run Farbar Recovery and pasted the results. Thank you for any help you can give. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FIRST ~~~~~~ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 Ran by Lou (administrator) on LOU-PC on 20-04-2014 16:07:57 Running from C:\Users\Lou\Downloads\Farbar Recovery Scan Tool Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BEWConfigSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe () C:\ProgramData\MobileBrServ\mbbservice.exe () C:\Windows\SysWOW64\PSIService.exe () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BusinessEverywhere.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\SMSNotifier.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\osk.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [start_BusinessEverywhere_{8309b0e1-1f81-4131-9b07-46a47608a547}] => C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BusinessEverywhere.exe [5148128 2012-03-15] () HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [start_SMSNotifier_{8309b0e1-1f81-4131-9b07-46a47608a547}] => C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\SMSNotifier.exe [1592272 2012-03-15] () HKLM-x32\...\Run: [start_Update_{8309b0e1-1f81-4131-9b07-46a47608a547}] => C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\UpdteApp.exe [952264 2012-03-15] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.) HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-13] (Microsoft Corporation) HKU\S-1-5-21-1598726057-290923624-3963467467-1001\...\MountPoints2: {3f5954ed-64d7-11e3-b451-00123f9960e3} - F:\AutoRun.exe HKU\S-1-5-21-1598726057-290923624-3963467467-1001\...\MountPoints2: {5da70eff-846a-11e3-8ad7-806e6f6e6963} - F:\Setup.exe Startup: C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x086235873C7FCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\9ar58yph.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_45 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Flashblock - C:\Users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\9ar58yph.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-07-12] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3655184 2014-04-01] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.) R2 BEWConfigSrv; C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BEWConfigSrv.exe [167376 2012-03-15] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] () R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] () ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236824 2014-04-01] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.) R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation) S3 orange_zte_cdc_acm; C:\Windows\System32\DRIVERS\orange_zte_cdc_acm.sys [77824 2012-03-15] (ZTE) S3 orange_zte_cpo; C:\Windows\System32\DRIVERS\orange_zte_cpo.sys [14336 2012-03-15] (ZTE) S3 cpuz134; \??\C:\Users\Lou\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-20 16:07 - 2014-04-20 16:07 - 00000000 ____D () C:\FRST 2014-04-20 16:06 - 2014-04-20 16:07 - 00000000 ____D () C:\Users\Lou\Downloads\Farbar Recovery Scan Tool 2014-04-19 21:10 - 2014-04-19 21:10 - 00000000 _____ () C:\Users\Lou\mkdir 2014-04-19 16:12 - 2014-04-19 16:12 - 00000000 ____D () C:\ProgramData\Avg_Update_0214d 2014-04-19 16:07 - 2014-04-19 16:07 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-04-19 15:10 - 2014-04-19 15:10 - 00001413 _____ () C:\Users\Lou\Desktop\Internet Explorer.lnk 2014-04-19 14:08 - 2014-04-19 15:04 - 00000000 ____D () C:\Windows\pss 2014-04-19 11:09 - 2014-04-20 15:40 - 00000392 _____ () C:\Windows\setupact.log 2014-04-19 11:09 - 2014-04-19 20:31 - 00001784 _____ () C:\Windows\PFRO.log 2014-04-19 11:09 - 2014-04-19 11:09 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-19 11:01 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-04-19 11:01 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-17 19:25 - 2014-04-17 19:32 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\vlc 2014-04-17 18:30 - 2014-04-17 18:30 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\Oracle 2014-04-17 18:24 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-17 18:24 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-17 18:24 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-17 18:24 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-17 18:23 - 2014-04-17 18:24 - 00005399 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-17 17:43 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-04-17 17:43 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-04-17 17:43 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-04-17 17:43 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-04-17 17:36 - 2014-04-19 12:25 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-17 17:31 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-04-17 17:31 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-04-17 17:31 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-04-17 17:31 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-04-17 17:31 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-04-17 17:31 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-04-17 17:31 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-04-17 17:31 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-04-17 17:31 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-04-17 17:31 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-04-17 17:31 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-04-17 17:31 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-04-17 17:31 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-04-17 17:31 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-04-17 17:31 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-04-17 17:31 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-04-17 17:28 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-04-17 17:28 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-04-17 17:27 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-04-17 17:27 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-04-17 17:27 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-04-17 17:27 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-04-17 17:27 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-04-17 17:27 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-04-17 17:27 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-04-17 17:27 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-04-17 17:27 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-04-17 17:27 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-04-17 17:27 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-04-17 17:27 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-04-17 17:27 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-04-17 17:27 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-04-17 17:27 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-04-17 17:27 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-04-17 17:27 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-04-17 17:27 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-04-17 17:27 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-04-17 17:27 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-04-17 17:27 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-04-17 17:27 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-04-17 17:27 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-04-17 17:27 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-04-17 17:27 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-04-17 17:27 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-04-17 17:27 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-04-17 17:27 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-04-17 17:27 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2014-04-17 17:27 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-04-17 17:27 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2014-04-17 17:27 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-04-17 17:27 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-04-17 17:27 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-04-17 17:27 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-04-17 17:27 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2014-04-17 17:27 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2014-04-17 17:27 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-04-17 17:25 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-17 17:25 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-04-17 17:24 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-17 17:24 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-17 17:24 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-17 17:24 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-17 17:24 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-17 17:24 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-17 17:24 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-04-17 16:44 - 2014-04-17 17:02 - 00001908 _____ () C:\Windows\diagwrn.xml 2014-04-17 16:44 - 2014-04-17 17:02 - 00001908 _____ () C:\Windows\diagerr.xml 2014-04-17 16:39 - 2014-04-17 16:39 - 00000000 __SHD () C:\Users\Lou\AppData\Local\EmieUserList 2014-04-17 16:39 - 2014-04-17 16:39 - 00000000 __SHD () C:\Users\Lou\AppData\Local\EmieSiteList 2014-04-17 16:24 - 2014-03-06 09:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-17 16:24 - 2014-03-06 09:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-17 16:24 - 2014-03-06 09:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-17 16:24 - 2014-03-06 08:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-17 16:23 - 2014-03-06 11:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-17 16:23 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-17 16:23 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-17 16:23 - 2014-03-06 10:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-17 16:23 - 2014-03-06 09:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-17 16:23 - 2014-03-06 09:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-17 16:23 - 2014-03-06 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-17 16:23 - 2014-03-06 09:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-17 16:23 - 2014-03-06 09:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-17 16:23 - 2014-03-06 09:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-17 16:23 - 2014-03-06 09:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-17 16:23 - 2014-03-06 09:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-17 16:23 - 2014-03-06 09:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-17 16:23 - 2014-03-06 09:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-17 16:23 - 2014-03-06 09:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-17 16:23 - 2014-03-06 09:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-17 16:23 - 2014-03-06 09:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-17 16:23 - 2014-03-06 09:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-17 16:23 - 2014-03-06 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-17 16:23 - 2014-03-06 08:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-17 16:23 - 2014-03-06 08:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-17 16:23 - 2014-03-06 08:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-17 16:23 - 2014-03-06 08:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-17 16:23 - 2014-03-06 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-17 16:23 - 2014-03-06 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-17 16:23 - 2014-03-06 08:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-17 16:23 - 2014-03-06 08:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-17 16:23 - 2014-03-06 08:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-17 16:23 - 2014-03-06 08:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-17 16:23 - 2014-03-06 08:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-17 16:23 - 2014-03-06 08:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-17 16:23 - 2014-03-06 08:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-17 16:23 - 2014-03-06 08:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-17 16:23 - 2014-03-06 08:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-17 16:23 - 2014-03-06 07:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-17 16:23 - 2014-03-06 07:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-17 16:23 - 2014-03-06 07:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-17 16:23 - 2014-03-06 07:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-17 16:23 - 2014-03-06 07:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-17 16:23 - 2014-03-06 06:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-17 16:23 - 2014-03-06 06:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-17 16:23 - 2014-03-06 06:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-17 16:23 - 2014-03-06 06:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-17 16:23 - 2014-03-06 06:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-17 16:14 - 2014-04-19 17:33 - 00000000 ____D () C:\AdwCleaner 2014-04-17 16:10 - 2014-04-19 18:08 - 00000000 ____D () C:\Users\Lou\Downloads\Malware and Spyware 2014-04-17 15:37 - 2014-04-17 18:21 - 00000000 ____D () C:\Users\Lou\Downloads\Java 2014-04-17 15:34 - 2014-04-19 15:15 - 00000000 ____D () C:\Users\Lou\Downloads\AVG 2014-04-17 15:12 - 2014-04-17 15:12 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\TuneUp Software 2014-04-17 15:12 - 2014-04-17 15:12 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\AVG2014 2014-04-17 15:11 - 2014-04-19 16:10 - 00000000 ____D () C:\ProgramData\AVG2014 2014-04-17 15:07 - 2014-04-20 15:47 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-17 15:07 - 2014-04-19 16:00 - 00000000 ____D () C:\Users\Lou\AppData\Local\Avg2014 2014-04-17 15:07 - 2014-04-17 15:07 - 00000000 ____D () C:\Users\Lou\AppData\Local\MFAData 2014-04-17 14:58 - 2014-04-17 14:58 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2014-04-17 14:42 - 2014-04-17 14:58 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-04-17 14:16 - 2014-04-17 14:16 - 00000000 ____D () C:\ProgramData\ESET 2014-04-17 12:55 - 2014-04-17 12:55 - 00000000 ____D () C:\Windows\ERUNT 2014-04-11 09:55 - 2014-04-17 18:24 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-11 09:21 - 2014-04-11 09:21 - 00545200 _____ (Sun Microsystems, Inc.) C:\Windows\system32\npdeployJava1.dll 2014-04-11 09:21 - 2014-04-11 09:21 - 00526768 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll 2014-04-11 08:56 - 2014-04-11 08:56 - 00000000 ____D () C:\ProgramData\CDB 2014-04-11 08:55 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-11 08:55 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-04-11 08:55 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-04-11 08:52 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-11 08:52 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-11 08:52 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-11 08:52 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-11 08:52 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-11 08:52 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-11 08:52 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-11 08:52 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-11 08:52 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-11 08:52 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-04-11 08:51 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-11 08:51 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-11 08:51 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-11 08:50 - 2014-04-11 09:46 - 00000163 _____ () C:\Windows\Reimage.ini 2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys ==================== One Month Modified Files and Folders ======= 2014-04-20 16:09 - 2013-07-12 09:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-20 16:07 - 2014-04-20 16:07 - 00000000 ____D () C:\FRST 2014-04-20 16:07 - 2014-04-20 16:06 - 00000000 ____D () C:\Users\Lou\Downloads\Farbar Recovery Scan Tool 2014-04-20 15:49 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-20 15:49 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-20 15:47 - 2014-04-17 15:07 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-20 15:46 - 2013-07-11 12:02 - 01836401 _____ () C:\Windows\WindowsUpdate.log 2014-04-20 15:46 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-20 15:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-20 15:40 - 2014-04-19 11:09 - 00000392 _____ () C:\Windows\setupact.log 2014-04-19 21:10 - 2014-04-19 21:10 - 00000000 _____ () C:\Users\Lou\mkdir 2014-04-19 21:10 - 2013-07-11 12:16 - 00000000 ____D () C:\Users\Lou 2014-04-19 20:31 - 2014-04-19 11:09 - 00001784 _____ () C:\Windows\PFRO.log 2014-04-19 20:24 - 2005-07-21 21:08 - 00000000 ____D () C:\i386 2014-04-19 18:08 - 2014-04-17 16:10 - 00000000 ____D () C:\Users\Lou\Downloads\Malware and Spyware 2014-04-19 17:33 - 2014-04-17 16:14 - 00000000 ____D () C:\AdwCleaner 2014-04-19 16:12 - 2014-04-19 16:12 - 00000000 ____D () C:\ProgramData\Avg_Update_0214d 2014-04-19 16:10 - 2014-04-17 15:11 - 00000000 ____D () C:\ProgramData\AVG2014 2014-04-19 16:07 - 2014-04-19 16:07 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-04-19 16:00 - 2014-04-17 15:07 - 00000000 ____D () C:\Users\Lou\AppData\Local\Avg2014 2014-04-19 15:15 - 2014-04-17 15:34 - 00000000 ____D () C:\Users\Lou\Downloads\AVG 2014-04-19 15:10 - 2014-04-19 15:10 - 00001413 _____ () C:\Users\Lou\Desktop\Internet Explorer.lnk 2014-04-19 15:04 - 2014-04-19 14:08 - 00000000 ____D () C:\Windows\pss 2014-04-19 15:04 - 2013-07-11 12:17 - 00000000 ___RD () C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-19 15:01 - 2013-07-11 13:06 - 00000000 _____ () C:\Windows\SysWOW64\config.nt 2014-04-19 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-04-19 12:25 - 2014-04-17 17:36 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-19 12:17 - 2013-07-11 13:42 - 00000000 ____D () C:\Users\Lou\Downloads\CCleaner 2014-04-19 11:09 - 2014-04-19 11:09 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-19 11:03 - 2013-07-11 13:06 - 00000000 ____D () C:\Users\Lou\AppData\Local\Google 2014-04-19 11:03 - 2013-07-11 13:06 - 00000000 ____D () C:\Program Files (x86)\Google 2014-04-17 19:32 - 2014-04-17 19:25 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\vlc 2014-04-17 18:34 - 2013-07-12 21:36 - 00000000 ____D () C:\Users\Lou\Documents\My PSP Files 2014-04-17 18:30 - 2014-04-17 18:30 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\Oracle 2014-04-17 18:25 - 2013-09-20 14:02 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-17 18:24 - 2014-04-17 18:23 - 00005399 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-17 18:24 - 2014-04-11 09:55 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-17 18:21 - 2014-04-17 15:37 - 00000000 ____D () C:\Users\Lou\Downloads\Java 2014-04-17 17:49 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-04-17 17:02 - 2014-04-17 16:44 - 00001908 _____ () C:\Windows\diagwrn.xml 2014-04-17 17:02 - 2014-04-17 16:44 - 00001908 _____ () C:\Windows\diagerr.xml 2014-04-17 16:39 - 2014-04-17 16:39 - 00000000 __SHD () C:\Users\Lou\AppData\Local\EmieUserList 2014-04-17 16:39 - 2014-04-17 16:39 - 00000000 __SHD () C:\Users\Lou\AppData\Local\EmieSiteList 2014-04-17 16:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-17 15:17 - 2013-07-11 20:57 - 00000000 ____D () C:\Windows\Panther 2014-04-17 15:17 - 2013-07-11 13:44 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-04-17 15:17 - 2013-07-11 13:44 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-17 15:12 - 2014-04-17 15:12 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\TuneUp Software 2014-04-17 15:12 - 2014-04-17 15:12 - 00000000 ____D () C:\Users\Lou\AppData\Roaming\AVG2014 2014-04-17 15:07 - 2014-04-17 15:07 - 00000000 ____D () C:\Users\Lou\AppData\Local\MFAData 2014-04-17 14:58 - 2014-04-17 14:58 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2014-04-17 14:58 - 2014-04-17 14:42 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-04-17 14:16 - 2014-04-17 14:16 - 00000000 ____D () C:\ProgramData\ESET 2014-04-17 12:55 - 2014-04-17 12:55 - 00000000 ____D () C:\Windows\ERUNT 2014-04-14 20:13 - 2014-04-17 18:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 20:05 - 2014-04-17 18:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-14 20:05 - 2014-04-17 18:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-14 20:04 - 2014-04-17 18:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-11 10:23 - 2013-07-13 20:58 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-04-11 10:14 - 2013-07-12 09:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-11 10:14 - 2013-07-12 09:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-11 10:14 - 2013-07-12 09:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-11 09:46 - 2014-04-11 08:50 - 00000163 _____ () C:\Windows\Reimage.ini 2014-04-11 09:21 - 2014-04-11 09:21 - 00545200 _____ (Sun Microsystems, Inc.) C:\Windows\system32\npdeployJava1.dll 2014-04-11 09:21 - 2014-04-11 09:21 - 00526768 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll 2014-04-11 09:12 - 2009-07-14 05:45 - 00436096 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-11 09:07 - 2013-07-13 13:55 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-11 08:56 - 2014-04-11 08:56 - 00000000 ____D () C:\ProgramData\CDB 2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-03-31 03:51 - 2013-07-12 19:46 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys Some content of TEMP: ==================== C:\Users\Lou\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-19 13:17 ==================== End Of Log ============================ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ADDITION ~~~~~~~~~ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014 Ran by Lou at 2014-04-20 16:09:27 Running from C:\Users\Lou\Downloads\Farbar Recovery Scan Tool Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Alien Skin Eye Candy 5 Impact (HKLM-x32\...\EyeCandy5Impact) (Version: - ) Alien Skin Eye Candy 5 Nature (HKLM-x32\...\EyeCandy5Nature) (Version: - ) Alien Skin Eye Candy 5 Textures (HKLM-x32\...\EyeCandy5Textures) (Version: - ) Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version: - ) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4569 - AVG Technologies) AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4569 - AVG Technologies) Hidden Business Everywhere (HKLM-x32\...\{33636C62-102D-47F2-8188-214A3E8230C5}) (Version: 3.1.1 - OrangeBusinessServices) CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform) Eye Candy 3 (HKLM-x32\...\Eye Candy 3) (Version: - ) Eye Candy 4000 Demo (HKLM-x32\...\Eye Candy 4000) (Version: - ) HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc) Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.14.01.105 - Huawei Technologies Co.,Ltd) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - ) Xenofex 1.0 (HKLM-x32\...\Xenofex 1.0) (Version: - ) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {135A47EF-6665-4D25-86C4-46660BDB7049} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-11] (Adobe Systems Incorporated) Task: {22475577-07DB-4E12-A36F-1A622B3E6834} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-04-11] (Microsoft Corporation) Task: {50AF8449-0F6F-4BBA-96FF-E54AA16D8194} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-04-11] (Microsoft Corporation) Task: {A5304ED7-9B9E-4005-A466-8CAE5B46919A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation) Task: {D84B8626-CE45-48A3-B34E-2A8BD389AC2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-11 09:49 - 2014-04-11 09:49 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2012-03-15 15:26 - 2012-03-15 15:26 - 00167376 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BEWConfigSrv.exe 2014-04-11 09:26 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-07-13 20:58 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2013-12-14 18:14 - 2012-03-12 10:05 - 00232288 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe 2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe 2012-03-15 15:26 - 2012-03-15 15:26 - 05148128 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\BusinessEverywhere.exe 2012-03-15 15:27 - 2012-03-15 15:27 - 01592272 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\SMSNotifier.exe 2012-03-15 15:22 - 2012-03-15 15:22 - 00081408 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\GIS.dll 2012-03-15 15:22 - 2012-03-15 15:22 - 00182784 _____ () C:\Program Files (x86)\OrangeBusinessServices\Business Everywhere\{8309b0e1-1f81-4131-9b07-46a47608a547}\ProxyDetection.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: PCI Modem Description: PCI Modem Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/19/2014 05:59:22 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (04/19/2014 08:35:24 PM) (Source: BROWSER) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5FDD0C60-4437-454C-8B93-924F8356020A}. The backup browser is stopping. Microsoft Office Sessions: ========================= Error: (04/19/2014 05:59:22 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lou\Downloads\Malware and Spyware\Online Scanner\esetsmartinstaller_enu.exe ==================== Memory info =========================== Percentage of memory in use: 49% Total physical RAM: 3070.15 MB Available physical RAM: 1562.43 MB Total Pagefile: 6138.48 MB Available Pagefile: 4350.18 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:146.1 GB) (Free:108.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D0F4738C) Partition 1: (Not Active) - (Size=63 MB) - (Type=DE) Partition 2: (Active) - (Size=146 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=3 GB) - (Type=DB) ==================== End Of Log ============================