Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

16 systenter hooks detected by AVG - unable to repair/remove


  • This topic is locked This topic is locked
66 replies to this topic

#1 dddali33

dddali33

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:41 AM

Posted 28 September 2013 - 08:07 AM

Hi - I would really appreciate assistance.

 

Running WIN7 Premium 64bit

 

Computer running very slow - appears to be affecting start up, and my adobe products, also have started receiving phishing emails in yahoo (not sure if its connected)

 

I've read a couple of entries from TB-Psychotic in regards to removal - my question is can I try and follow the instructions this forum addict has posted, or do I need individual assistance?

 

I see users are posting logs for review by TB-Psychotic and seem to be getting results!

 

I'm working on my senior interior design project and I seriously need to start rendering with Revit/ 3dsMax this weekend!!!! *biting nails profusely*

 

Any assistance would be appreciated, especially by TB-Psychotic!

 

Thanks so much :)

 

p.s. in my ignorance, I'm not entirely certain what log(s) to post .....

 

Moderator edit: Moved from Windows 7 forum to a more appropriate forum as OP needs speedy help.

Roger


Edited by rotor123, 28 September 2013 - 09:46 AM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:41 AM

Posted 28 September 2013 - 11:39 AM

Do NOT follow instructions provided by BC Staff to another member.

 

Such instructions are dependent upon the judgment of the individual providing assistance...and what he/she believes are the real issues...and may vary from member to member, even though the situations may seem similar.

 

Louis



#3 dddali33

dddali33
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:41 AM

Posted 28 September 2013 - 08:03 PM

Thanks so much for clarifying this Louis!



#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:41 AM

Posted 03 October 2013 - 04:08 PM

Hello aaali33, and welcome to Bleeping Computer! :)

Sorry for the delay in response to your topic! I have moved this topic to the Malware Removal forum where it will stay. :wink:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!

==========

Now, let's get some logs so that we can asses the state of your machine:

Step :step1:

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

==========

Step :step2:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. You need the 64-bit version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - is also located in the same directory as FRST64.exe). Please also paste that along with the FRST.txt into your reply.

==========

In your next reply, please include both requested logs and then we'll get to work! :)

bloopie


Edited by bloopie, 03 October 2013 - 04:09 PM.
fixed typo


#5 dddali33

dddali33
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:41 AM

Posted 03 October 2013 - 09:46 PM

Hi Bloopie!  Just got this msg an am starting to follow your instructions! I will be in touch and "thank you" so much for responding :)



#6 dddali33

dddali33
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:41 AM

Posted 03 October 2013 - 10:22 PM

Hello Bloopie

 

I do not have the windows cd/dvd  my laptop was preloaded.   I have completed steps 1 & 2 logs are below. Thank you for your assistance.

 

aswMBR:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-03 22:50:30
-----------------------------
22:50:30.619    OS Version: Windows x64 6.1.7601 Service Pack 1
22:50:30.619    Number of processors: 8 586 0x3A09
22:50:30.619    ComputerName: DONNAD-PC  UserName: Donna D
22:50:30.713    Initialze error 1
23:04:32.829    AVAST engine defs: 13100301
23:09:47.466    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:09:47.466    Disk 0 Vendor: ST975042 0002 Size: 715404MB BusType: 3
23:09:47.497    Disk 0 MBR read successfully
23:09:47.497    Disk 0 MBR scan
23:09:47.513    Disk 0 unknown MBR code
23:09:47.513    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
23:09:47.528    Disk 0 scanning C:\Windows\system32\drivers
23:09:47.528    Service scanning
23:09:48.106    Modules scanning
23:09:48.106    Disk 0 trace - called modules:
23:09:48.121    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:09:48.137    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a45f790]
23:09:48.137    3 CLASSPNP.SYS[fffff88001c5443f] -> nt!IofCallDriver -> [0xfffffa800a2137e0]
23:09:48.152    5 ACPI.sys[fffff88000f1a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a236050]
23:09:48.152    AVAST engine scan C:\Windows
23:09:48.168    AVAST engine scan C:\Windows\system32
23:09:48.168    AVAST engine scan C:\Windows\system32\drivers
23:09:48.184    AVAST engine scan C:\Users\Donna D
23:09:48.199    AVAST engine scan C:\ProgramData
23:09:48.199    Scan finished successfully
23:10:38.821    Disk 0 MBR has been saved successfully to "C:\Users\Donna D\Desktop\Threats\MBR.dat"
23:10:38.821    The log file has been saved successfully to "C:\Users\Donna D\Desktop\Threats\aswMBR.txt"

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Donna D (administrator) on DONNAD-PC on 03-10-2013 23:13:08
Running from C:\Users\Donna D\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
() C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Akamai Technologies, Inc.) C:\Users\Donna D\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Donna D\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Facebook) C:\Users\Donna D\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSService.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(AVAST Software) C:\Users\Donna D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JK7U0WR2\aswmbr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373248 2012-03-28] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2869008 2012-01-26] (Synaptics Incorporated)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [418280 2012-07-25] (Autodesk, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Donna D\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\Donna D\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-21] (Facebook Inc.)
HKCU\...\Policies\Explorer: []
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5138032 2012-03-30] (VIA)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2013-07-07] (ASUS)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4851760 2013-09-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2404376 2013-10-01] ()
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe [740736 2012-08-03] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
Startup: C:\Users\Donna D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Donna D\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Donna D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3306057&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPD222E5C1-D1BE-4BB9-A0E8-F0E3F5E7B18B&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3306057&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPD222E5C1-D1BE-4BB9-A0E8-F0E3F5E7B18B&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={0EA439F9-875A-4D74-B1AC-3AE1583857D0}&mid=e938129ed97e47d394e945928f52a2dd-a829232fe9901d294cb86c753b3eca39b032e111&lang=en&ds=AVG&pr=fr&d=2013-07-07 20:31:17&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2011-03-27] ()
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-09-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-23] (VIA Technologies, Inc.)
R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-01] (AVG Secure Search)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWow64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-01] (AVG Technologies)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-26] (Synaptics Incorporated)
U3 aswMBR; \??\C:\Users\DONNAD~1\AppData\Local\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-03 23:12 - 2013-10-03 23:12 - 00000000 ____D C:\FRST
2013-10-03 23:11 - 2013-10-03 23:11 - 01954124 _____ (Farbar) C:\Users\Donna D\Desktop\FRST64.exe
2013-10-02 22:40 - 2013-10-02 22:40 - 00503808 _____ C:\Users\Donna D\Downloads\FCV26277_FB.rfa
2013-10-02 22:40 - 2013-10-02 22:40 - 00401408 _____ C:\Users\Donna D\Downloads\FCV26_WH.rfa
2013-10-02 22:38 - 2013-10-02 22:39 - 02813952 _____ C:\Users\Donna D\Downloads\FL44SolidLens_CH.rfa
2013-10-02 22:38 - 2013-10-02 22:38 - 02093056 _____ C:\Users\Donna D\Downloads\FL44WW120_FB.rfa
2013-10-02 22:37 - 2013-10-02 22:37 - 00847872 _____ C:\Users\Donna D\Downloads\FRCL_CH.rfa
2013-10-02 22:34 - 2013-10-02 22:34 - 00487424 _____ C:\Users\Donna D\Downloads\FMNR26_CH.rfa
2013-10-02 22:34 - 2013-10-02 22:34 - 00479232 _____ C:\Users\Donna D\Downloads\FMNR21_CH.rfa
2013-10-02 22:33 - 2013-10-02 22:33 - 00507904 _____ C:\Users\Donna D\Downloads\FMNSM_WH.rfa
2013-10-02 22:33 - 2013-10-02 22:33 - 00319488 _____ C:\Users\Donna D\Downloads\FMNSR_CH.rfa
2013-10-02 20:12 - 2013-10-03 23:10 - 00000000 ____D C:\Users\Donna D\Desktop\Threats
2013-10-02 19:52 - 2013-10-02 19:52 - 00000000 ____D C:\Users\Donna D\AppData\Roaming\PDAppFlex
2013-09-30 22:02 - 2013-09-30 22:02 - 00127874 _____ C:\Users\Donna D\Downloads\199675.dwg
2013-09-30 21:45 - 2013-09-30 21:46 - 01642496 _____ C:\Users\Donna D\Downloads\Ceiling_System-Sauder-WoodTrac.rvt
2013-09-30 20:55 - 2013-09-30 20:55 - 00002028 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2013-09-29 20:28 - 2013-09-29 20:28 - 00333791 _____ C:\Users\Donna D\Downloads\Group_68.skp
2013-09-29 20:27 - 2013-09-29 20:27 - 00331692 _____ C:\Users\Donna D\Downloads\Plant-030-ok.skp
2013-09-29 20:24 - 2013-09-29 20:24 - 00298082 _____ C:\Users\Donna D\Downloads\lilly2.skp
2013-09-29 20:23 - 2013-09-29 20:23 - 00104947 _____ C:\Users\Donna D\Downloads\Spathaphylum.skp
2013-09-29 20:23 - 2013-09-29 20:23 - 00079745 _____ C:\Users\Donna D\Downloads\Plant_Bougainvillea_Trellis_HighPoly.skp
2013-09-29 20:23 - 2013-09-29 20:23 - 00052521 _____ C:\Users\Donna D\Downloads\Grass_Regal_Mist.skp
2013-09-29 20:22 - 2013-09-29 20:23 - 01766191 _____ C:\Users\Donna D\Downloads\Untitled (2).skp
2013-09-28 19:18 - 2013-09-28 19:18 - 01523712 _____ C:\Users\Donna D\Downloads\Bean_Bag_Seat_14602.rfa
2013-09-28 19:17 - 2013-09-28 19:17 - 00360448 _____ C:\Users\Donna D\Downloads\Bean_bag_chair_family_RA_2010_10284.rfa
2013-09-28 18:59 - 2013-09-28 18:59 - 00249856 _____ C:\Users\Donna D\Downloads\Nimbus_Ottoman_Round_-_HighTower_13327.rfa
2013-09-28 18:58 - 2013-09-28 18:58 - 00278528 _____ C:\Users\Donna D\Downloads\SM400_10964.rfa
2013-09-28 18:53 - 2013-09-28 18:53 - 00487424 _____ C:\Users\Donna D\Downloads\Kolbe_Ultra_Series_Garden-Aire_Sliding_Patio_Elliptical_Direct_Set_Units_6813.rfa
2013-09-28 18:52 - 2013-09-28 20:04 - 00323584 _____ C:\Users\Donna D\Downloads\Patio_table_6207.rfa
2013-09-28 18:52 - 2013-09-28 18:52 - 00278528 _____ C:\Users\Donna D\Downloads\Patio_table_6207.0001.rfa
2013-09-28 18:50 - 2013-09-28 18:50 - 00630784 _____ C:\Users\Donna D\Downloads\Wardrobe__Guarda_roupas_12865.rfa
2013-09-28 17:13 - 2013-09-28 17:13 - 00107634 _____ C:\Users\Donna D\Downloads\Untitled (1).skp
2013-09-28 16:38 - 2013-09-28 16:38 - 00000000 ____D C:\Users\Donna D\AppData\Roaming\SketchUp
2013-09-28 16:08 - 2013-09-28 16:10 - 00400223 _____ C:\Users\Donna D\Downloads\LNV55BNF-82 ME.dwg
2013-09-28 16:08 - 2013-09-28 16:10 - 00370387 _____ C:\Users\Donna D\Downloads\LNV55BNF-82 YES.dwg
2013-09-28 16:08 - 2013-09-28 16:08 - 00379432 _____ C:\Users\Donna D\Downloads\LNV55BNF-82.dwg
2013-09-28 16:08 - 2013-09-28 16:08 - 00367593 _____ C:\Users\Donna D\Downloads\LNV55BNF-82 YES.bak
2013-09-28 13:22 - 2013-09-28 13:22 - 00348996 _____ C:\Users\Donna D\Downloads\3245 Cortona TO MODIFY.dwg
2013-09-28 12:49 - 2013-09-28 12:49 - 00346830 _____ C:\Users\Donna D\Downloads\3245 Cortona.dwg
2013-09-27 21:03 - 2013-09-27 21:03 - 00003694 _____ C:\Windows\System32\Tasks\Adobe online update program
2013-09-27 21:01 - 2013-09-27 21:01 - 00000000 ____D C:\Users\Donna D\AppData\Roaming\AVG
2013-09-27 21:00 - 2013-09-27 21:03 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-27 21:00 - 2013-09-27 21:01 - 00000000 ____D C:\ProgramData\AVG
2013-09-27 20:58 - 2013-09-27 20:59 - 78411688 _____ (AVG) C:\Users\Donna D\Downloads\avg_tuh_stf_all_2014_174_24c4.exe
2013-09-27 08:17 - 2013-09-27 08:17 - 1414627198 _____ C:\Windows\MEMORY.DMP
2013-09-27 08:17 - 2013-09-27 08:17 - 00291592 _____ C:\Windows\Minidump\092713-42806-01.dmp
2013-09-27 08:17 - 2013-09-27 08:17 - 00000000 ____D C:\Windows\Minidump
2013-09-27 00:57 - 2013-09-27 00:57 - 00368554 _____ C:\Users\Donna D\Downloads\gmer.zip
2013-09-26 10:49 - 2013-09-26 10:49 - 00000190 _____ C:\Users\Donna D\Desktop\International Academy of Design & Technology - Tampa.url
2013-09-25 21:24 - 2013-09-25 21:24 - 00196738 _____ C:\Users\Donna D\Downloads\Attachments_2013925.zip
2013-09-24 21:59 - 2013-09-24 22:13 - 219758814 _____ C:\Users\Donna D\Downloads\Centiva_Material_Images.zip
2013-09-24 08:08 - 2013-09-24 08:08 - 00003087 _____ C:\Users\Donna D\Desktop\INTR420 Senior 2 - Shortcut.lnk
2013-09-20 19:28 - 2013-09-20 19:28 - 00000000 ____D C:\Users\Donna D\AppData\Roaming\AVG2014
2013-09-20 19:24 - 2013-09-20 19:26 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-20 19:15 - 2013-09-24 17:05 - 00000000 ____D C:\Users\Donna D\AppData\Local\Avg2014
2013-09-18 09:20 - 2013-09-18 09:20 - 00000000 ____D C:\Users\Donna D\Documents\Asus WebStorage
2013-09-17 00:07 - 2013-09-18 09:19 - 00001771 _____ C:\Users\Donna D\Desktop\MySyncFolder.lnk
2013-09-16 23:50 - 2013-09-24 21:13 - 00000000 ____D C:\Users\Donna D\Desktop\Imperial Library
2013-09-16 19:41 - 2013-09-16 19:41 - 00000000 __SHD C:\aws
2013-09-16 19:41 - 2013-09-16 19:41 - 00000000 ____D C:\ASUS WebStorage
2013-09-16 18:53 - 2013-09-18 14:30 - 00000000 ____D C:\Users\Donna D\Desktop\IADT Student Services
2013-09-16 18:50 - 2013-09-16 18:50 - 00001833 _____ C:\Users\Donna D\Documents\Donna School - Shortcut.lnk
2013-09-13 08:25 - 2013-08-10 01:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 08:25 - 2013-08-10 01:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 08:25 - 2013-08-10 01:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 08:25 - 2013-08-10 01:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 08:25 - 2013-08-10 01:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 08:25 - 2013-08-10 01:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 08:25 - 2013-08-10 01:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 08:25 - 2013-08-10 01:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 08:25 - 2013-08-10 01:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 08:25 - 2013-08-10 01:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 08:25 - 2013-08-10 01:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 08:25 - 2013-08-10 01:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 08:25 - 2013-08-10 01:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 08:25 - 2013-08-10 01:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 08:25 - 2013-08-09 23:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 08:25 - 2013-08-09 23:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 08:25 - 2013-08-09 23:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 08:25 - 2013-08-09 23:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 08:25 - 2013-08-09 23:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 08:25 - 2013-08-09 23:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 08:25 - 2013-08-09 23:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 08:25 - 2013-08-09 23:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 08:25 - 2013-08-09 23:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 08:25 - 2013-08-09 23:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 08:25 - 2013-08-09 23:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 08:25 - 2013-08-09 23:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 08:25 - 2013-08-09 23:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 08:25 - 2013-08-09 23:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 08:25 - 2013-08-09 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 08:25 - 2013-08-09 22:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 08:25 - 2013-08-09 22:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 16:02 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 16:02 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 16:01 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 16:01 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 16:01 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 16:01 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 16:01 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 16:01 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 16:01 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 16:01 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 16:01 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 16:01 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 16:01 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 16:01 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 16:01 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 16:01 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 16:01 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 16:01 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 16:01 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 16:01 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 16:01 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 16:01 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 16:01 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 16:01 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 16:01 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 16:01 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 16:01 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 20:36 - 2013-09-11 21:28 - 00010254 _____ C:\Users\Donna D\Downloads\INTR 490 job data base.xlsb
2013-09-10 08:40 - 2013-09-10 08:40 - 00031744 ____H C:\Users\Donna D\Downloads\~WRL0005.tmp
2013-09-08 22:11 - 2013-09-08 22:11 - 00031544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-09-08 18:42 - 2013-09-08 18:42 - 01199681 _____ C:\Users\Donna D\Downloads\DinnerSet.skp
2013-09-08 18:38 - 2013-09-08 18:38 - 00310529 _____ C:\Users\Donna D\Downloads\Untitled.skp
2013-09-08 18:34 - 2013-09-08 18:34 - 00157360 _____ C:\Users\Donna D\Downloads\quad shelf.skp
2013-09-08 18:33 - 2013-09-08 18:33 - 00181434 _____ C:\Users\Donna D\Downloads\Shelves-Tetris.skp
2013-09-08 16:36 - 2013-09-08 16:36 - 00003120 _____ C:\Windows\SysWOW64\ALLFSAF13a.ocx
2013-09-08 16:35 - 2013-09-08 16:35 - 00000000 ____D C:\ProgramData\SketchUp
2013-09-08 16:35 - 2013-09-08 16:35 - 00000000 ____D C:\Program Files (x86)\SketchUp
2013-09-07 20:57 - 2013-09-07 20:57 - 00000000 ____D C:\Users\Donna D\AppData\Roaming\Roxio Log Files
2013-09-06 21:41 - 2013-09-06 21:41 - 00000000 ____D C:\Users\Donna D\Documents\OneNote Notebooks

==================== One Month Modified Files and Folders =======

2013-10-03 23:12 - 2013-10-03 23:12 - 00000000 ____D C:\FRST
2013-10-03 23:11 - 2013-10-03 23:11 - 01954124 _____ (Farbar) C:\Users\Donna D\Desktop\FRST64.exe
2013-10-03 23:11 - 2013-07-07 20:12 - 01583968 _____ C:\Windows\WindowsUpdate.log
2013-10-03 23:10 - 2013-10-02 20:12 - 00000000 ____D C:\Users\Donna D\Desktop\Threats
2013-10-03 22:50 - 2013-07-21 10:45 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-537090867-3198969609-3560918095-1001UA.job
2013-10-03 22:28 - 2013-07-15 10:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-03 22:26 - 2013-07-07 20:17 - 00000000 ____D C:\ProgramData\MFAData
2013-10-03 22:12 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-03 22:12 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-03 22:08 - 2013-07-07 19:16 - 00000000 ____D C:\Users\Donna D\Documents\Bluetooth Folder
2013-10-03 22:08 - 2009-07-14 01:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-03 22:06 - 2013-07-10 13:31 - 00000000 ____D C:\Users\Donna D\AppData\Local\Htc
2013-10-03 22:06 - 2013-07-07 19:45 - 00000000 ____D C:\Users\Donna D\AppData\Roaming\ASUS WebStorage
2013-10-03 22:05 - 2013-07-07 20:17 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-10-03 22:05 - 2013-07-07 19:16 - 00000380 _____ C:\Users\Donna D\AppData\Roaming\sp_data.sys
2013-10-03 22:03 - 2013-07-07 20:13 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-03 22:03 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-03 22:03 - 2009-07-14 00:51 - 00065107 _____ C:\Windows\setupact.log
2013-10-03 16:34 - 2013-07-07 20:17 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-10-03 10:50 - 2013-07-21 10:45 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-537090867-3198969609-3560918095-1001Core.job
2013-10-02 22:40 - 2013-10-02 22:40 - 00503808 _____ C:\Users\Donna D\Downloads\FCV26277_FB.rfa
2013-10-02 22:40 - 2013-10-02 22:40 - 00401408 _____ C:\Users\Donna D\Downloads\FCV26_WH.rfa
2013-10-02 22:39 - 2013-10-02 22:38 - 02813952 _____ C:\Users\Donna D\Downloads\FL44SolidLens_CH.rfa
2013-10-02 22:38 - 2013-10-02 22:38 - 02093056 _____ C:\Users\Donna D\Downloads\FL44WW120_FB.rfa
2013-10-02 22:37 - 2013-10-02 22:37 - 00847872 _____ C:\Users\Donna D\Downloads\FRCL_CH.rfa
2013-10-02 22:34 - 2013-10-02 22:34 - 00487424 _____ C:\Users\Donna D\Downloads\FMNR26_CH.rfa
2013-10-02 22:34 - 2013-10-02 22:34 - 00479232 _____ C:\Users\Donna D\Downloads\FMNR21_CH.rfa
2013-10-02 22:33 - 2013-10-02 22:33 - 00507904 _____ C:\Users\Donna D\Downloads\FMNSM_WH.rfa
2013-10-02 22:33 - 2013-10-02 22:33 - 00319488 _____ C:\Users\Donna D\Downloads\FMNSR_CH.rfa
2013-10-02 22:29 - 2013-08-18 11:10 - 00797184 ___SH C:\Users\Donna D\Desktop\Thumbs.db
2013-10-02 19:58 - 2013-07-09 16:19 - 00000000 ____D C:\Users\Donna D\Documents\Monthly Expenses
2013-10-02 19:52 - 2013-10-02 19:52 - 00000000 ____D C:\Users\Donna D\AppData\Roaming\PDAppFlex
2013-10-02 19:52 - 2013-07-10 13:28 - 00000000 ____D C:\Users\Donna D\AppData\Local\Adobe
2013-10-01 13:33 - 2013-07-07 20:31 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-01 13:33 - 2013-07-07 20:31 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-01 13:33 - 2009-07-14 00:45 - 05113656 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-01 13:32 - 2012-02-18 03:15 - 00084044 _____ C:\Windows\PFRO.log
2013-09-30 22:15 - 2013-07-07 19:14 - 00143768 _____ C:\Users\Donna D\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-30 22:02 - 2013-09-30 22:02 - 00127874 _____ C:\Users\Donna D\Downloads\199675.dwg
2013-09-30 21:46 - 2013-09-30 21:45 - 01642496 _____ C:\Users\Donna D\Downloads\Ceiling_System-Sauder-WoodTrac.rvt
2013-09-30 20:55 - 2013-09-30 20:55 - 00002028 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2013-09-30 20:55 - 2013-07-13 18:06 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-09-30 20:54 - 2012-02-18 03:36 - 00000000 ____D C:\ProgramData\Adobe
2013-09-30 20:54 - 2012-02-18 03:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-30 08:31 - 2013-07-13 17:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-30 08:24 - 2013-07-07 20:29 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-30 08:07 - 2013-07-07 20:51 - 00000000 ____D C:\Users\Donna D\Documents\Donna School
2013-09-29 20:28 - 2013-09-29 20:28 - 00333791 _____ C:\Users\Donna D\Downloads\Group_68.skp
2013-09-29 20:27 - 2013-09-29 20:27 - 00331692 _____ C:\Users\Donna D\Downloads\Plant-030-ok.skp
2013-09-29 20:24 - 2013-09-29 20:24 - 00298082 _____ C:\Users\Donna D\Downloads\lilly2.skp
2013-09-29 20:23 - 2013-09-29 20:23 - 00104947 _____ C:\Users\Donna D\Downloads\Spathaphylum.skp
2013-09-29 20:23 - 2013-09-29 20:23 - 00079745 _____ C:\Users\Donna D\Downloads\Plant_Bougainvillea_Trellis_HighPoly.skp
2013-09-29 20:23 - 2013-09-29 20:23 - 00052521 _____ C:\Users\Donna D\Downloads\Grass_Regal_Mist.skp
2013-09-29 20:23 - 2013-09-29 20:22 - 01766191 _____ C:\Users\Donna D\Downloads\Untitled (2).skp
2013-09-29 12:30 - 2013-07-07 19:14 - 00000000 ____D C:\Users\Donna D\AppData\Local\VirtualStore
2013-09-28 20:04 - 2013-09-28 18:52 - 00323584 _____ C:\Users\Donna D\Downloads\Patio_table_6207.rfa
2013-09-28 19:18 - 2013-09-28 19:18 - 01523712 _____ C:\Users\Donna D\Downloads\Bean_Bag_Seat_14602.rfa
2013-09-28 19:17 - 2013-09-28 19:17 - 00360448 _____ C:\Users\Donna D\Downloads\Bean_bag_chair_family_RA_2010_10284.rfa
2013-09-28 18:59 - 2013-09-28 18:59 - 00249856 _____ C:\Users\Donna D\Downloads\Nimbus_Ottoman_Round_-_HighTower_13327.rfa
2013-09-28 18:58 - 2013-09-28 18:58 - 00278528 _____ C:\Users\Donna D\Downloads\SM400_10964.rfa
2013-09-28 18:53 - 2013-09-28 18:53 - 00487424 _____ C:\Users\Donna D\Downloads\Kolbe_Ultra_Series_Garden-Aire_Sliding_Patio_Elliptical_Direct_Set_Units_6813.rfa
2013-09-28 18:52 - 2013-09-28 18:52 - 00278528 _____ C:\Users\Donna D\Downloads\Patio_table_6207.0001.rfa
2013-09-28 18:50 - 2013-09-28 18:50 - 00630784 _____ C:\Users\Donna D\Downloads\Wardrobe__Guarda_roupas_12865.rfa
2013-09-28 17:13 - 2013-09-28 17:13 - 00107634 _____ C:\Users\Donna D\Downloads\Untitled (1).skp
2013-09-28 16:49 - 2013-08-11 12:33 - 00892928 _____ C:\Users\Donna D\Downloads\fireplace_10905.rfa
2013-09-28 16:38 - 2013-09-28 16:38 - 00000000 ____D C:\Users\Donna D\AppData\Roaming\SketchUp
2013-09-28 16:33 - 2013-07-14 10:03 - 00000000 ____D C:\Users\Donna D\AppData\Local\cache
2013-09-28 16:10 - 2013-09-28 16:08 - 00400223 _____ C:\Users\Donna D\Downloads\LNV55BNF-82 ME.dwg
2013-09-28 16:10 - 2013-09-28 16:08 - 00370387 _____ C:\Users\Donna D\Downloads\LNV55BNF-82 YES.dwg
2013-09-28 16:08 - 2013-09-28 16:08 - 00379432 _____ C:\Users\Donna D\Downloads\LNV55BNF-82.dwg
2013-09-28 16:08 - 2013-09-28 16:08 - 00367593 _____ C:\Users\Donna D\Downloads\LNV55BNF-82 YES.bak
2013-09-28 14:15 - 2013-08-11 12:33 - 00512000 _____ C:\Users\Donna D\Downloads\fireplace_10905.0004.rfa
2013-09-28 13:49 - 2013-08-11 12:33 - 00512000 _____ C:\Users\Donna D\Downloads\fireplace_10905.0003.rfa
2013-09-28 13:22 - 2013-09-28 13:22 - 00348996 _____ C:\Users\Donna D\Downloads\3245 Cortona TO MODIFY.dwg
2013-09-28 12:49 - 2013-09-28 12:49 - 00346830 _____ C:\Users\Donna D\Downloads\3245 Cortona.dwg
2013-09-27 21:03 - 2013-09-27 21:03 - 00003694 _____ C:\Windows\System32\Tasks\Adobe online update program
2013-09-27 21:03 - 2013-09-27 21:00 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-27 21:03 - 2013-07-10 13:28 - 00000000 ____D C:\Users\Donna D\AppData\Local\Downloaded Installations
2013-09-27 21:03 - 2013-07-08 19:25 - 00000000 ____D C:\Users\Donna D\AppData\Local\Microsoft Help
2013-09-27 21:01 - 2013-09-27 21:01 - 00000000 ____D C:\Users\Donna D\AppData\Roaming\AVG
2013-09-27 21:01 - 2013-09-27 21:00 - 00000000 ____D C:\ProgramData\AVG
2013-09-27 20:59 - 2013-09-27 20:58 - 78411688 _____ (AVG) C:\Users\Donna D\Downloads\avg_tuh_stf_all_2014_174_24c4.exe
2013-09-27 08:19 - 2013-08-30 23:32 - 00000000 ____D C:\Users\Donna D\AppData\Roaming\Skype
2013-09-27 08:17 - 2013-09-27 08:17 - 1414627198 _____ C:\Windows\MEMORY.DMP
2013-09-27 08:17 - 2013-09-27 08:17 - 00291592 _____ C:\Windows\Minidump\092713-42806-01.dmp
2013-09-27 08:17 - 2013-09-27 08:17 - 00000000 ____D C:\Windows\Minidump
2013-09-27 00:57 - 2013-09-27 00:57 - 00368554 _____ C:\Users\Donna D\Downloads\gmer.zip
2013-09-26 10:49 - 2013-09-26 10:49 - 00000190 _____ C:\Users\Donna D\Desktop\International Academy of Design & Technology - Tampa.url
2013-09-26 10:32 - 2013-07-07 20:30 - 00000000 ___HD C:\$AVG
2013-09-25 21:24 - 2013-09-25 21:24 - 00196738 _____ C:\Users\Donna D\Downloads\Attachments_2013925.zip
2013-09-25 15:31 - 2013-07-09 16:20 - 00000000 ____D C:\Users\Donna D\Documents\Resume
2013-09-24 22:13 - 2013-09-24 21:59 - 219758814 _____ C:\Users\Donna D\Downloads\Centiva_Material_Images.zip
2013-09-24 21:13 - 2013-09-16 23:50 - 00000000 ____D C:\Users\Donna D\Desktop\Imperial Library
2013-09-24 17:05 - 2013-09-20 19:15 - 00000000 ____D C:\Users\Donna D\AppData\Local\Avg2014
2013-09-24 08:08 - 2013-09-24 08:08 - 00003087 _____ C:\Users\Donna D\Desktop\INTR420 Senior 2 - Shortcut.lnk
2013-09-23 21:15 - 2013-07-07 20:14 - 00000000 ____D C:\Users\Donna D\AppData\Roaming\Adobe
2013-09-23 20:50 - 2013-07-08 19:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-23 20:50 - 2009-07-13 22:34 - 00000510 _____ C:\Windows\win.ini
2013-09-22 20:24 - 2013-07-15 10:43 - 00000000 ____D C:\Users\Donna D\AppData\Local\CrashDumps
2013-09-22 20:24 - 2013-07-10 12:39 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-20 19:28 - 2013-09-20 19:28 - 00000000 ____D C:\Users\Donna D\AppData\Roaming\AVG2014
2013-09-20 19:26 - 2013-09-20 19:24 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-20 19:26 - 2013-07-07 20:30 - 00000000 ____D C:\ProgramData\AVG2013
2013-09-19 19:28 - 2013-07-15 10:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 19:28 - 2013-07-15 10:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 19:28 - 2013-07-15 10:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 13:57 - 2013-07-09 16:18 - 00000000 ____D C:\Users\Donna D\Documents\Internship
2013-09-18 14:30 - 2013-09-16 18:53 - 00000000 ____D C:\Users\Donna D\Desktop\IADT Student Services
2013-09-18 09:20 - 2013-09-18 09:20 - 00000000 ____D C:\Users\Donna D\Documents\Asus WebStorage
2013-09-18 09:19 - 2013-09-17 00:07 - 00001771 _____ C:\Users\Donna D\Desktop\MySyncFolder.lnk
2013-09-17 23:22 - 2013-08-11 12:33 - 00512000 _____ C:\Users\Donna D\Downloads\fireplace_10905.0002.rfa
2013-09-16 19:41 - 2013-09-16 19:41 - 00000000 __SHD C:\aws
2013-09-16 19:41 - 2013-09-16 19:41 - 00000000 ____D C:\ASUS WebStorage
2013-09-16 18:59 - 2013-07-18 11:07 - 00000000 ____D C:\Users\Donna D\Documents\zSTUFF FROM IADT FLASH DRIVE - NEED TO ORGANIZE
2013-09-16 18:52 - 2013-07-20 14:38 - 00000000 ____D C:\Users\Donna D\Documents\My Photos
2013-09-16 18:51 - 2013-07-09 16:20 - 00000000 ____D C:\Users\Donna D\Documents\Tax Returns
2013-09-16 18:50 - 2013-09-16 18:50 - 00001833 _____ C:\Users\Donna D\Documents\Donna School - Shortcut.lnk
2013-09-13 21:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 13:28 - 2013-07-07 19:14 - 00000000 ___RD C:\Users\Donna D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 13:28 - 2013-07-07 19:14 - 00000000 ___RD C:\Users\Donna D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 08:25 - 2013-07-10 13:47 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 08:22 - 2013-07-08 21:33 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 18:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-11 21:28 - 2013-09-11 20:36 - 00010254 _____ C:\Users\Donna D\Downloads\INTR 490 job data base.xlsb
2013-09-11 20:29 - 2013-07-09 16:18 - 00000000 ____D C:\Users\Donna D\Documents\Bankruptcy
2013-09-10 08:40 - 2013-09-10 08:40 - 00031744 ____H C:\Users\Donna D\Downloads\~WRL0005.tmp
2013-09-08 22:11 - 2013-09-08 22:11 - 00031544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-09-08 18:42 - 2013-09-08 18:42 - 01199681 _____ C:\Users\Donna D\Downloads\DinnerSet.skp
2013-09-08 18:38 - 2013-09-08 18:38 - 00310529 _____ C:\Users\Donna D\Downloads\Untitled.skp
2013-09-08 18:34 - 2013-09-08 18:34 - 00157360 _____ C:\Users\Donna D\Downloads\quad shelf.skp
2013-09-08 18:33 - 2013-09-08 18:33 - 00181434 _____ C:\Users\Donna D\Downloads\Shelves-Tetris.skp
2013-09-08 16:36 - 2013-09-08 16:36 - 00003120 _____ C:\Windows\SysWOW64\ALLFSAF13a.ocx
2013-09-08 16:35 - 2013-09-08 16:35 - 00000000 ____D C:\ProgramData\SketchUp
2013-09-08 16:35 - 2013-09-08 16:35 - 00000000 ____D C:\Program Files (x86)\SketchUp
2013-09-07 20:57 - 2013-09-07 20:57 - 00000000 ____D C:\Users\Donna D\AppData\Roaming\Roxio Log Files
2013-09-06 21:41 - 2013-09-06 21:41 - 00000000 ____D C:\Users\Donna D\Documents\OneNote Notebooks
2013-09-06 21:41 - 2013-08-20 20:13 - 00000000 ____D C:\Users\Donna D\AppData\Local\Windows Live
2013-09-04 22:32 - 2013-07-10 11:43 - 00000000 ____D C:\Users\Donna D\Documents\Scholarship folder

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 15:28

==================== End Of Log ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Donna D at 2013-10-03 23:14:14
Running from C:\Users\Donna D\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Adobe Acrobat XI Pro (x32 Version: 11.0)
Adobe Acrobat XI Pro (x32 Version: 11.0.00)
Adobe AIR (x32 Version: 3.8.0.1280)
Adobe Creative Cloud (x32 Version: 2.1.2.232)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Digital Editions 2.0 (x32 Version: 2.0.1)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe® Content Viewer (x32 Version: 3.3.0)
Akamai NetSession Interface (HKCU)
Alcor Micro USB Card Reader (x32 Version: 3.1.142.60386)
ASUS AI Recovery (x32 Version: 1.0.24)
ASUS Fan Filter Checker (x32 Version: 1.0.0001)
ASUS LifeFrame3 (x32 Version: 3.0.29)
ASUS Live Update (x32 Version: 3.1.7)
ASUS Power4Gear Hybrid (Version: 1.1.50)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0040)
ASUS USB Charger Plus (x32 Version: 2.0.9)
ASUS Virtual Camera (x32 Version: 1.0.25)
ASUS WebStorage (x32 Version: 3.0.143.296)
AsusScr_G75 Series_ENG (x32 Version: 1.0.0001)
AsusVibe2.0 (x32 Version: 2.0.9.157)
Atheros Bluetooth Suite (64) (Version: 7.4.0.115)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.8.8)
Atheros Driver Installation Program (x32 Version: 9.2)
ATK Package (x32 Version: 1.0.0016)
AutoCAD 2013 - English (Version: 19.0.204.0)
AutoCAD 2013 - English (Version: 19.0.55.0)
AutoCAD 2013 - English SP2 (Version: 1)
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0)
Autodesk Content Service (x32 Version: 3.0.84.0)
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230)
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230)
Autodesk Material Library 2013 (x32 Version: 3.0.13)
Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13)
Autodesk Material Library Low Resolution Image Library 2013 (x32 Version: 3.0.13)
Autodesk Material Library Medium Resolution Image Library 2013 (x32 Version: 3.0.13)
Autodesk Revit 2013 (Version: 12.02.21203)
Autodesk Sync (Version: 3.5.102.0)
AVG 2014 (Version: 14.0.3604)
AVG 2014 (Version: 14.0.4142)
AVG 2014 (Version: 2014.0.4142)
AVG SafeGuard toolbar (x32 Version: 17.0.1.12)
CyberLink LabelPrint (x32 Version: 2.5.3624)
CyberLink Media Suite (x32 Version: 8.0.2926)
CyberLink Power2Go (x32 Version: 7.0.0.1126)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DirectX 9 Runtime (x32 Version: 1.00.0000)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
FARO LS 1.1.408.2 (x32 Version: 4.8.2.25521)
FARO LS 4.8.2.25521 (x32)
Galeria de Fotografias (x32 Version: 16.4.3508.0205)
Galería de fotos (x32 Version: 16.4.3508.0205)
Galerie de photos (x32 Version: 16.4.3508.0205)
GameFast (Version: 1.0.1.1)
Guild Wars 2 (x32)
HTC BMP USB Driver (x32 Version: 1.0.5375)
HTC Driver Installer (x32 Version: 4.0.1.001)
HTC Sync (x32 Version: 3.3.21)
InstantOn for NB (x32 Version: 2.2.0)
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342)
Intel® Management Engine Components (x32 Version: 8.0.3.1427)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
IPTInstaller (x32 Version: 4.0.8)
Junk Mail filter update (x32 Version: 16.4.3508.0205)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Movie Maker (x32 Version: 16.4.3508.0205)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NVIDIA 3D Vision Driver 311.44 (Version: 311.44)
NVIDIA Control Panel 311.44 (Version: 311.44)
NVIDIA Graphics Driver 311.44 (Version: 311.44)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA PhysX (x32 Version: 9.11.1111)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1144)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
PDF Settings CS6 (x32 Version: 11.0)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
Platform (x32 Version: 1.39)
Revit 2013 Language Pack - English (Version: 12.02.21203)
Rotation Desktop for G Series (Version: 1.1.3.2)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
SketchUp 2013 (x32 Version: 13.0.4812)
Skype™ 6.7 (x32 Version: 6.7.102)
Synaptics Pointing Device Driver (Version: 15.3.43.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
VIA Platform Device Manager (x32 Version: 1.39)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (x32 Version: 9.0.30729.177)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (x32 Version: 9.0.30729.177)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows Live (x32 Version: 16.4.3508.0205)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live Family Safety (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
Windows Live 程式集 (x32 Version: 16.4.3508.0205)
Windows Live 软件包 (x32 Version: 16.4.3508.0205)
WinFlash (x32 Version: 2.41.0)
Wireless Console 3 (x32 Version: 3.0.27)
影像中心 (x32 Version: 16.4.3508.0205)
照片库 (x32 Version: 16.4.3508.0205)

==================== Restore Points  =========================

29-09-2013 02:06:47 Scheduled Checkpoint
30-09-2013 12:23:13 Removed AVG PC TuneUp 2014
30-09-2013 12:24:23 Removed AVG PC TuneUp 2014 (en-US)

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05DF8672-4D04-4CA5-830C-9AD7D9C81E56} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2012-03-09] (ASUSTek Computer Inc.)
Task: {0D91446C-BB05-451C-9436-81BD176CF647} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {1352E2BB-78E1-435F-967D-F39622617F6B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {218B004D-7B53-4652-A7BB-9F830EC2CAFA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-537090867-3198969609-3560918095-1001UA => C:\Users\Donna D\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-21] (Facebook Inc.)
Task: {4AE8E49B-5EB1-4844-A239-4583FB17EC55} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {5193E725-85A9-4983-8227-293DEBF6F122} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {51EDE1F9-2286-47B6-B90D-11B36D840149} - System32\Tasks\AdobeAAMUpdater-1.0-DonnaD-PC-Donna D => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {5434FB91-CAA1-43B6-ADB3-A39429D8145C} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {5F0DB65C-7B1A-4C25-8987-41D87397B695} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-12-12] ()
Task: {7A32A657-8CF7-488C-9DE7-626EB52EC064} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)
Task: {7B537571-45B6-4433-86A0-1933A4B8C265} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {8E79D88A-D614-4A50-97CB-44F9AE69DE64} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {BA727FAC-08E1-4C32-AC19-5DBCEEF89F5E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-537090867-3198969609-3560918095-1001Core => C:\Users\Donna D\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-21] (Facebook Inc.)
Task: {BC1E8726-3554-43F2-B77C-07FBDA55CCF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19] (Adobe Systems Incorporated)
Task: {FDBA7924-ABD5-4B47-9FFC-34BFB75B8414} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-537090867-3198969609-3560918095-1001Core.job => C:\Users\Donna D\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-537090867-3198969609-3560918095-1001UA.job => C:\Users\Donna D\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-08-30 10:01 - 2013-08-30 10:01 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300432 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-07-07 20:17 - 2012-03-30 08:01 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-07-07 20:17 - 2012-03-30 08:01 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-10-01 13:33 - 2013-10-01 13:33 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 00292272 _____ () C:\Users\Donna D\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 21014960 _____ () C:\Users\Donna D\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 00179632 _____ () C:\Users\Donna D\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
2012-01-31 12:25 - 2012-01-31 12:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-02-06 22:32 - 2012-02-06 22:32 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-20 12:57 - 2010-08-20 12:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 12:57 - 2010-08-20 12:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-10-01 13:33 - 2013-10-01 13:33 - 00142360 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
2012-12-12 15:56 - 2012-12-12 15:56 - 00028672 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2012-12-12 15:56 - 2012-12-12 15:56 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2012-12-12 15:56 - 2012-12-12 15:56 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2012-12-12 15:56 - 2012-12-12 15:56 - 00405504 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2012-12-12 15:56 - 2012-12-12 15:56 - 00159744 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2012-12-12 15:56 - 2012-12-12 15:56 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2012-12-12 15:56 - 2012-12-12 15:56 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2012-12-12 15:56 - 2012-12-12 15:56 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
2011-09-05 03:19 - 2011-09-05 03:19 - 00028672 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AxInterop.ShockwaveFlashObjects.dll
2013-09-03 15:25 - 2013-09-03 15:25 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-03-13 13:42 - 2013-06-05 14:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2013-08-30 10:00 - 2013-08-30 10:00 - 00381808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
2013-07-07 20:16 - 2012-02-21 15:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2013 08:24:11 AM) (Source: Microsoft-Windows-RestartManager) (User: DonnaD-PC)
Description: Application or service 'Windows Explorer' could not be shut down.

Error: (09/28/2013 01:24:07 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16686 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10f8

Start Time: 01cebc60d20344f0

Termination Time: 50

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: bfa65373-2862-11e3-9cea-94dbc9b64b2e

Error: (09/28/2013 11:05:00 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16686 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b7c

Start Time: 01cebc4d5c3403a7

Termination Time: 57

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/23/2013 02:58:24 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16686 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f40

Start Time: 01ceb85a38fa4dbc

Termination Time: 65

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 14d6bbd0-2482-11e3-adcb-94dbc9b64b2e

Error: (09/23/2013 08:41:12 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16686 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 20e4

Start Time: 01ceb85769a52eb4

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (09/23/2013 08:21:21 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16686 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2130

Start Time: 01ceb8551459ecb5

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (09/23/2013 08:04:39 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16686 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d7c

Start Time: 01ceb852dc7e0263

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (09/23/2013 07:47:13 AM) (Source: Google Update) (User: DonnaD-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (09/22/2013 08:23:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: Revit.exe, version: 2013.0.2012.221, time stamp: 0x4f445896
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xc000041d
Fault offset: 0x000000000000940d
Faulting process id: 0x2164
Faulting application start time: 0xRevit.exe0
Faulting application path: Revit.exe1
Faulting module path: Revit.exe2
Report Id: Revit.exe3

Error: (09/22/2013 08:23:43 PM) (Source: .NET Runtime) (User: DonnaD-PC)
Description: .NET Runtime version 4.0.30319.1008 - Loading profiler failed.  COR_PROFILER is set to an invalid CLSID: 'Revit.BorderSentinel'.  HRESULT: 0x800401f3.  Process ID (decimal): 8548.  Message ID: [0x2502].

System errors:
=============
Error: (10/03/2013 10:06:55 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (10/03/2013 10:06:55 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/03/2013 04:35:07 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (10/03/2013 01:05:57 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (10/03/2013 07:55:35 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (10/03/2013 07:55:35 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/02/2013 05:45:28 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (10/02/2013 05:45:28 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/02/2013 00:26:11 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/02/2013 00:26:09 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Microsoft Office Sessions:
=========================
Error: (09/30/2013 08:24:11 AM) (Source: Microsoft-Windows-RestartManager)(User: DonnaD-PC)
Description: 1C:\Windows\explorer.exeWindows Explorer0411718720

Error: (09/28/2013 01:24:07 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.1668610f801cebc60d20344f050C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEbfa65373-2862-11e3-9cea-94dbc9b64b2e

Error: (09/28/2013 11:05:00 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.166861b7c01cebc4d5c3403a757C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/23/2013 02:58:24 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.166861f4001ceb85a38fa4dbc65C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE14d6bbd0-2482-11e3-adcb-94dbc9b64b2e

Error: (09/23/2013 08:41:12 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.1668620e401ceb85769a52eb40C:\Program Files\Internet Explorer\iexplore.exe

Error: (09/23/2013 08:21:21 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16686213001ceb8551459ecb50C:\Program Files\Internet Explorer\iexplore.exe

Error: (09/23/2013 08:04:39 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.166861d7c01ceb852dc7e02630C:\Program Files\Internet Explorer\iexplore.exe

Error: (09/23/2013 07:47:13 AM) (Source: Google Update)(User: DonnaD-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (09/22/2013 08:23:59 PM) (Source: Application Error)(User: )
Description: Revit.exe2013.0.2012.2214f445896KERNELBASE.dll6.1.7601.1822951fb1677c000041d000000000000940d216401ceb7f322d797c1C:\Program Files\Autodesk\Revit 2013\Program\Revit.exeC:\Windows\system32\KERNELBASE.dll702126cf-23e6-11e3-adcb-94dbc9b64b2e

Error: (09/22/2013 08:23:43 PM) (Source: .NET Runtime)(User: DonnaD-PC)
Description: .NET Runtime version 4.0.30319.1008 - Loading profiler failed.  COR_PROFILER is set to an invalid CLSID: 'Revit.BorderSentinel'.  HRESULT: 0x800401f3.  Process ID (decimal): 8548.  Message ID: [0x2502].

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 12247.92 MB
Available physical RAM: 8945.54 MB
Total Pagefile: 24494.02 MB
Available Pagefile: 20650.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:254.13 GB) (Free:136.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:419.18 GB) (Free:369.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: FE50551B)

Partition: GPT Partition Type
==================== End Of Log ============================

 



#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:41 AM

Posted 04 October 2013 - 11:55 AM

Hello again,
 
There's not much in the way of malware showing in your logs, but let's look a bit further:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.
  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.
Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

bloopie

#8 dddali33

dddali33
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:41 AM

Posted 04 October 2013 - 05:15 PM

Good evening Bloopie,  I did as instructed and ran combofix. The log is below;

 

ComboFix 13-10-04.02 - Donna D 10/04/2013  17:20:33.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12248.9761 [GMT -4:00]
Running from: c:\users\Donna D\Downloads\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-04 to 2013-10-04  )))))))))))))))))))))))))))))))
.
.
2013-10-04 21:28 . 2013-10-04 21:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-04 21:28 . 2013-10-04 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-04 03:12 . 2013-10-04 03:12 -------- d-----w- C:\FRST
2013-10-02 23:52 . 2013-10-02 23:52 -------- d-----w- c:\users\Donna D\AppData\Roaming\PDAppFlex
2013-09-28 20:38 . 2013-09-28 20:38 -------- d-----w- c:\users\Donna D\AppData\Roaming\SketchUp
2013-09-28 01:01 . 2013-09-28 01:01 -------- d-----w- c:\users\Donna D\AppData\Roaming\AVG
2013-09-28 01:00 . 2013-09-28 01:01 -------- d-----w- c:\programdata\AVG
2013-09-28 01:00 . 2013-09-28 01:03 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-20 23:15 . 2013-09-24 21:05 -------- d-----w- c:\users\Donna D\AppData\Local\Avg2014
2013-09-16 23:41 . 2013-09-16 23:41 -------- d-----w- C:\aws
2013-09-16 23:41 . 2013-09-16 23:41 -------- d-----w- C:\ASUS WebStorage
2013-09-12 20:02 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-12 20:02 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-09 02:11 . 2013-09-09 02:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-08 20:35 . 2013-09-08 20:35 -------- d-----w- c:\programdata\SketchUp
2013-09-08 20:35 . 2013-09-08 20:35 -------- d-----w- c:\program files (x86)\SketchUp
2013-09-08 00:57 . 2013-09-08 00:57 -------- d-----w- c:\users\Donna D\AppData\Roaming\Roxio Log Files
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-04 20:57 . 2013-07-07 23:16 380 ----a-w- c:\users\Donna D\AppData\Roaming\sp_data.sys
2013-10-01 17:33 . 2013-07-08 00:31 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-09-19 23:28 . 2013-07-15 14:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-19 23:28 . 2013-07-15 14:40 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 12:22 . 2013-07-09 01:33 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-02 14:59 . 2013-09-02 14:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-09-02 14:29 . 2013-09-02 14:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-09-02 14:26 . 2013-09-02 14:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-09-02 14:26 . 2013-09-02 14:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-21 02:53 . 2013-08-21 02:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-21 00:18 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-08-06 14:37 . 2013-08-06 14:37 644400 ----a-w- c:\windows\SysWow64\mscomct2.ocx
2013-08-02 01:48 . 2013-09-12 20:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 20:07 . 2013-08-01 20:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 20:06 . 2013-08-01 20:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-07-25 09:25 . 2013-08-14 12:15 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 12:15 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 12:16 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 12:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 12:21 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 12:15 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 12:21 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 12:21 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 12:21 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 12:15 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 12:21 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 12:21 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 12:21 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 12:21 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-09 02:11 . 2013-07-09 02:11 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-07-09 02:11 . 2013-07-09 02:11 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-07-09 02:11 . 2013-07-09 02:11 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-07-09 02:11 . 2013-07-09 02:11 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-09 02:11 . 2013-07-09 02:11 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-07-09 02:11 . 2013-07-09 02:11 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-07-09 02:11 . 2013-07-09 02:11 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-07-09 02:11 . 2013-07-09 02:11 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-07-09 02:11 . 2013-07-09 02:11 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-07-09 02:11 . 2013-07-09 02:11 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-07-09 02:11 . 2013-07-09 02:11 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-07-09 02:11 . 2013-07-09 02:11 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-09 02:11 . 2013-07-09 02:11 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-07-09 02:11 . 2013-07-09 02:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-07-09 02:11 . 2013-07-09 02:11 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-07-09 02:11 . 2013-07-09 02:11 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-07-09 02:11 . 2013-07-09 02:11 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-07-09 02:11 . 2013-07-09 02:11 441856 ----a-w- c:\windows\system32\html.iec
2013-07-09 02:11 . 2013-07-09 02:11 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-07-09 02:11 . 2013-07-09 02:11 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-07-09 02:11 . 2013-07-09 02:11 216064 ----a-w- c:\windows\system32\msls31.dll
2013-07-09 02:11 . 2013-07-09 02:11 197120 ----a-w- c:\windows\system32\msrating.dll
2013-07-09 02:11 . 2013-07-09 02:11 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-07-09 02:11 . 2013-07-09 02:11 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-07-09 02:11 . 2013-07-09 02:11 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-09 02:11 . 2013-07-09 02:11 81408 ----a-w- c:\windows\system32\icardie.dll
2013-07-09 02:11 . 2013-07-09 02:11 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-07-09 02:11 . 2013-07-09 02:11 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-07-09 02:11 . 2013-07-09 02:11 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-09 02:11 . 2013-07-09 02:11 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-07-09 02:11 . 2013-07-09 02:11 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-07-09 02:11 . 2013-07-09 02:11 235008 ----a-w- c:\windows\system32\url.dll
2013-07-09 02:11 . 2013-07-09 02:11 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-07-09 02:11 . 2013-07-09 02:11 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-09 02:11 . 2013-07-09 02:11 144896 ----a-w- c:\windows\system32\wextract.exe
2013-07-09 02:11 . 2013-07-09 02:11 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-07-09 02:11 . 2013-07-09 02:11 102912 ----a-w- c:\windows\system32\inseng.dll
2013-07-09 02:10 . 2013-07-09 02:10 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-09 02:10 . 2013-07-09 02:10 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-07-09 02:10 . 2013-07-09 02:10 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-07-09 02:10 . 2013-07-09 02:10 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-07-09 02:10 . 2013-07-09 02:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-09 02:10 . 2013-07-09 02:10 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-09 02:10 . 2013-07-09 02:10 149504 ----a-w- c:\windows\system32\occache.dll
2013-07-09 02:10 . 2013-07-09 02:10 13824 ----a-w- c:\windows\system32\mshta.exe
2013-07-09 02:10 . 2013-07-09 02:10 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-07-09 02:10 . 2013-07-09 02:10 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-09 02:10 . 2013-07-09 02:10 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-07-09 02:10 . 2013-07-09 02:10 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-07-09 02:05 . 2013-07-09 02:05 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-09 02:05 . 2013-07-09 02:05 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-09 02:05 . 2013-07-09 02:05 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-09 02:05 . 2013-07-09 02:05 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-07-09 02:05 . 2013-07-09 02:05 3928064 ----a-w- c:\windows\system32\d2d1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-10-01 17:33 3353624 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll" [2013-10-01 3353624]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-21 00:16 220632 ----a-w- c:\users\Donna D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-21 00:16 220632 ----a-w- c:\users\Donna D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-21 00:16 220632 ----a-w- c:\users\Donna D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Donna D\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Facebook Update"="c:\users\Donna D\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-21 138096]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 3331312]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-03-30 5138032]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2013-07-08 3058304]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-09-16 4851760]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-10-01 2404376]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-12-12 655360]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe" [2012-08-03 740736]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-09-03 2237328]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-24 3477640]
.
c:\users\Donna D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Donna D\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-2-18 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="d:\todays ps6\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 FanChkService;Fan Filter Checker Service;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15 23:28]
.
2013-10-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-537090867-3198969609-3560918095-1001Core.job
- c:\users\Donna D\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-21 14:45]
.
2013-10-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-537090867-3198969609-3560918095-1001UA.job
- c:\users\Donna D\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-21 14:45]
.
2013-10-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-10-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-08-30 14:01 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-08-30 14:01 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-08-30 14:01 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-21 00:16 244696 ----a-w- c:\users\Donna D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-21 00:16 244696 ----a-w- c:\users\Donna D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-21 00:16 244696 ----a-w- c:\users\Donna D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-08-03 09:39 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-08-03 09:39 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-08-03 09:39 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2012-03-28 373248]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-07-25 418280]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-13 472984]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-04  18:03:25
ComboFix-quarantined-files.txt  2013-10-04 22:03
.
Pre-Run: 149,659,222,016 bytes free
Post-Run: 149,677,154,304 bytes free
.
- - End Of File - - 726F02D44D389795BA2987EA3DBB662F
 



#9 dddali33

dddali33
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:41 AM

Posted 04 October 2013 - 05:18 PM

I want to confess that I did click combofix after fix#50 as it wasn't doing anything......hope that didn't adversely affect it....?



#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:41 AM

Posted 04 October 2013 - 05:40 PM

Hello again,

No, Combofix ran fine. :)

What are the current issues you are experiencing with the machine?

==========

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Full Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

==========

After posting the MBAM log, please let me know how the computer is running now, and are you still getting the detections from AVG as stated in your first post?

bloopie



#11 dddali33

dddali33
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:41 AM

Posted 05 October 2013 - 08:24 AM

Good morning! :hello:

 

The computer is slow - seems slower than normal, internet  frequently displays "page unable to load- you're not connected to internet" msgs. When I select something with the mouse it doesn't always take the 1st click (if that makes sense?)     Maybe its psychological as I still see the 16 threats in AVG, I'm just really concerned, its a pretty new laptop for me, and I'm in my final term at school with a HUGE project that I will be devastated to lose - it is backed up of course, but still DL'ing Autodesk programs can be a lonnnnng process sometimes!

 

Eeeeek I do have a free version of malwarebytes installed, I checked the "turn off virus protection" instructions and it said only the paid version could be turned off (?) - yikes does this make a difference?

I have the version with the blue piece of pie looking icon - do you know which one I'm referring to?   Also note that this version I'm running has not to date detected any of the hooks that AVG claims are there. Can I upload/insert jpegs here?  

 

Ok, so *deep breath* should I still DL malwarebytes above as you have instructed?



#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:41 AM

Posted 05 October 2013 - 11:13 AM

Good morni.....ah...good afternoon rather! :lol:

 

Eeeeek I do have a free version of malwarebytes installed, I checked the "turn off virus protection" instructions and it said only the paid version could be turned off (?) - yikes does this make a difference?

I have the version with the blue piece of pie looking icon - do you know which one I'm referring to?

The version you have installed is fine, I just missed it in your installed programs list. No need to download a new copy, just click the "Updates" tab in MBAM, search for and install any new updates, then run the scan I instructed in my last post.

 

Let me know how things are afterwards! :)

 

bloopie



#13 dddali33

dddali33
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:41 AM

Posted 06 October 2013 - 01:58 PM

Hi! OK performing scan w/ MWB - thx



#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:41 AM

Posted 06 October 2013 - 02:13 PM

My pleasure! :)

 

Please post me the resultant log when finished!

 

bloopie



#15 dddali33

dddali33
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:41 AM

Posted 06 October 2013 - 02:50 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.06.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Donna D :: DONNAD-PC [administrator]

10/6/2013 2:57:08 PM
mbam-log-2013-10-06 (14-57-08).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 466956
Time elapsed: 52 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users