Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

c:\program~2\browse~1\sprote~1.dll


  • Please log in to reply
13 replies to this topic

#1 w2t

w2t

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 31 January 2014 - 10:39 AM

Hi,
 
I just found this great site, and I was wondering if anyone could help me with my problem.
 
A few days ago, my computer froze, so I had to shut it down manually.  When I restarted it, the start screen wouldn't load, so then I had to shut it down again.  When I restarted it the 2nd time, Windows 7 prompted me to use the StartUp repair.  I let it run for 2 hours, nothing happened, so I shut the computer down and restarted it once again. 
 
It did boot up successfully, but when it was loading all the programs, an error message with the name of the program's .exe file says it has a bad imgae, and then states that the file is "either not designed to run on Windows or it contains an error.  Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."

 

Attached File  sprote.jpg   33.6KB   0 downloads

 

I get this message every single time I open a program.  (I'm able to open any program, but this message pops up.)

 

I've tried restarting again, but Windows 7 still prompts me to use its StartUp repair, which doesn't fix anything, and I end up overriding it and going straight to the start page, but I still keep getting this error message every time a program starts.

 

I've run my ISP's anti-virus (which is pretty good) and it hasn't found anything.

 

Has anyone any thoughts or experience with this problem?


Edited by hamluis, 31 January 2014 - 11:17 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:42 PM

Posted 31 January 2014 - 11:27 AM

Hi,
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

-------------


thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

xXToffeeXx~


Edited by xXToffeeXx, 31 January 2014 - 11:28 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 w2t

w2t
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 31 January 2014 - 01:20 PM

Thanks!  I put (myname) instead of where my actual name was for privacy reasons.  Here we go....

 

Adw Cleaner:

 

 

# AdwCleaner v3.018 - Report created 31/01/2014 at 11:44:48
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : (myname) - (myname)-VAIO
# Running from : C:\Users\(myname)\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Browise2save
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browise2save
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\BrowseToSave
Folder Deleted : C:\Program Files (x86)\HDvidCodec.com
Folder Deleted : C:\Program Files (x86)\Movie2KDownloader.com
Folder Deleted : C:\Program Files (x86)\myfree codec
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Program Files (x86)\Uniblue\SpeedUpMyPC
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\(myname)\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\(myname)\AppData\Local\Smartbar
Folder Deleted : C:\Users\(myname)\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\(myname)\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\(myname)\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\(myname)\AppData\Roaming\Babylon
Folder Deleted : C:\Users\(myname)\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\(myname)\AppData\Roaming\Uniblue\SpeedUpMyPC
Folder Deleted : C:\Users\(myname)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Folder Deleted : C:\Users\(myname)\Documents\optimizer pro
File Deleted : C:\END
File Deleted : C:\Users\(myname)\AppData\Roaming\Mozilla\Firefox\Profiles\l3gc46j4.default-1360367395918\bprotector_extensions.sqlite
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\(myname)\AppData\Roaming\Mozilla\Firefox\Profiles\fya00wr3.default-1360427920273\searchplugins\Web Search.xml
File Deleted : C:\Users\(myname)\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger\View Inbox.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db
Key Deleted : HKCU\Software\596de8ab03eb940
Key Deleted : HKLM\SOFTWARE\596de8ab03eb940
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\sprote~1.dll

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\(myname)\AppData\Roaming\Mozilla\Firefox\Profiles\fya00wr3.default-1360427920273\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.5.0.2");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxps://mail.google.com/mail/?shva%3D1&ss=1&scc=1&ltmpl=default[...]
Line Deleted : user_pref("extensions.51674db3a21b5.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.51674e2f72c23.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

[ File : C:\Users\(myname)\AppData\Roaming\Mozilla\Firefox\Profiles\l3gc46j4.default-1360367395918\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=200c42e10000000000008ca982a96055");
Line Deleted : user_pref("browser.newtabpage.pinned", "[null,{\"url\":\"hxxps://mail.uoguelph.ca/zimbra/\",\"title\":\"Gryph Mail: Inbox (201)\"},{\"url\":\"hxxp://www.cbc.ca/news/\",\"title\":\"CBC News - Latest Ca[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Delta Search");

[ File : C:\Users\(myname)\AppData\Roaming\Mozilla\Firefox\Profiles\oj0z8wg6.default\prefs.js ]

Line Deleted : D:2.1.8.1,2020Player_IKEA%402020Technologies.com:5.0.94.0,%7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145,ffxtlbr%40delta.com:1.5.0,plugin%40yontoo.com:1.20.00,%7B58bd07eb-0ee0-4df0-8121-dc9b6933[...]
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=200c42e10000000000008ca982a96055");
Line Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=200c42e10000000000008ca982a96055");
Line Deleted : user_pref("browser.newtabpage.pinned", "[null,{\"url\":\"hxxp://www.cbc.ca/news/\",\"title\":\"CBC News - Latest Canada, World, Entertainment and Business News\"},{\"url\":\"hxxp://www.theglobeandmail[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=200c42e10000000000008ca982a96055");
Line Deleted : user_pref("de.soerenrinne.googlebuttons.wholeshebang", "eBookstore,Support,Teach Parents Tech,Plus - Games,Plus - Circles,Plus - Profile,Plus - Photos,Wallet,Offers,Places,Music,Plus,Plus One,Reader -[...]
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=200c42e10000000000008ca982a96055");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "8");
Line Deleted : user_pref("extensions.delta.cntry", "CA");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.hdrMd5", "8368CD25D967D73F6AACE107053FE30E");
Line Deleted : user_pref("extensions.delta.id", "200c42e10000000000008ca982a96055");
Line Deleted : user_pref("extensions.delta.instlDay", "15744");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.10.010:50:51");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "none");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.010:50:51");
Line Deleted : user_pref("extensions.enabledAddons", "azan-times%40hamid.net:1.1.7,DivXWebPlayer%40divx.com:2.0.2.039,%7B5C46D283-ABDE-4dce-B83C-08881401921C%7D:2.1.8.1,2020Player_IKEA%402020Technologies.com:5.0.94.[...]

-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\(myname)\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [17730 octets] - [31/01/2014 11:32:30]
AdwCleaner[S0].txt - [17267 octets] - [31/01/2014 11:44:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17328 octets] ##########
 

 

 

JRT:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by (myname) on Fri 01/31/2014 at 11:58:21.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1693587206-1150818767-1700103013-1006\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F953501-3735-362B-F126-4E970055E08B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6F953501-3735-362B-F126-4E970055E08B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C535918-EFFC-33B6-2F33-579919907582}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8C535918-EFFC-33B6-2F33-579919907582}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] C:\Windows\syswow64\sho1A3.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF566.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Users\(myname)\AppData\Roaming\microsoft\windows\start menu\programs\toparcadehits"



~~~ FireFox

Emptied folder: C:\Users\(myname)\AppData\Roaming\mozilla\firefox\profiles\fya00wr3.default-1360427920273\minidumps [180 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/31/2014 at 12:25:30.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Edited by w2t, 31 January 2014 - 01:26 PM.


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:42 PM

Posted 31 January 2014 - 01:29 PM

Hi,

 

Are you still getting that message on startup?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 w2t

w2t
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 01 February 2014 - 03:19 PM

Hi,

 

Are you still getting that message on startup?

 

xXToffeeXx~

 

No I'm not, thank you.  However now Firefox automatically opens up to AVG Safe Search whenever I open a new tab.  Is that from Adw Cleaner or JRT?



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:42 PM

Posted 01 February 2014 - 04:25 PM

Hi,
 
No, it is certainly not. Both those tools remove AVG Safe Search, you may have downloaded it by accident perhaps. That, or if you use AVG then it might have come with that.
 
Just re-run AdwCleaner again, and it should deal with it. 
 
Also I would like you to run this scan to see what needs updating:
 
Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

xXToffeeXx~


Edited by xXToffeeXx, 01 February 2014 - 04:25 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 w2t

w2t
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 02 February 2014 - 05:35 PM

Hi,
 
No, it is certainly not. Both those tools remove AVG Safe Search, you may have downloaded it by accident perhaps. That, or if you use AVG then it might have come with that.
 
Just re-run AdwCleaner again, and it should deal with it. 
 
Also I would like you to run this scan to see what needs updating:
 
Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

xXToffeeXx~

 

Hi Toffee,

 

I checked in Control Panel and Win7 Search and I do not have AVG installed or any AVG files found.

 

I did run Adw Cleaner again.  When it prompted my laptop to shut down, it wouldn't on its own, so I had to do it manually.  When I restarted it, Windows Start Screen wouldn't load again, so I had to restart the computer once more, and I had to run the startup repair.  After letting it run for an hour (with nothing happening), I restarted the laptop in Safe Mode, then when into the Start menu and had it shut down properly.  I then restarted it again and everything seems fine.

 

Except I still have the AVG safe search page automatically open in a new tab in Firefox, and once I load a web page, the address in the address bar does not remain.

 

Adw Cleaner:

 

 

# AdwCleaner v3.018 - Report created 02/02/2014 at 13:29:25
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : (myname) - (myname)-VAIO
# Running from : C:\Users\(myname)\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\(myname)\AppData\Roaming\Mozilla\Firefox\Profiles\fya00wr3.default-1360427920273\prefs.js ]


[ File : C:\Users\(myname)\AppData\Roaming\Mozilla\Firefox\Profiles\l3gc46j4.default-1360367395918\prefs.js ]


[ File : C:\Users\(myname)\AppData\Roaming\Mozilla\Firefox\Profiles\oj0z8wg6.default\prefs.js ]


-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\(myname)\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [17730 octets] - [31/01/2014 11:32:30]
AdwCleaner[R1].txt - [1255 octets] - [02/02/2014 13:20:50]
AdwCleaner[S0].txt - [17449 octets] - [31/01/2014 11:44:48]
AdwCleaner[S1].txt - [1176 octets] - [02/02/2014 13:29:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1236 octets] ##########
 

 

And I ran the Security Check:

 

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Rogers Online Protection Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 22  
 Java 7 Update 9  
 Java version out of Date!
  Adobe Flash Player 12.0.0.43 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (26.0)
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Rogers Online Protection Rogers Online Protection Basic bdagent.exe  
 Rogers Online Protection Rogers Online Protection Basic updatesrv.exe  
 Rogers Online Protection Rogers Online Protection Basic vsserv.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

I also just wanted to say that I really appreciate your help thus far!



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:42 PM

Posted 03 February 2014 - 11:43 AM

Hi,

 

Please reset firefox here, and see if that gets rid of the AVG Search.

 

Does it also appear in Chrome?

 

-------------

 

Some of your programs are out-of-date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system:

 

Uninstall all versions of Java using the control panel and then download the latest version here. However, unless you specifically need Java I suggest not bothering to reinstall.

 

Uninstall Adobe Flash Player and Adobe Reader using the control panel and them download the latest version of these programs here and here.

 

-------------

 

How is your computer running now?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 w2t

w2t
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 03 February 2014 - 07:10 PM

Hi Toffee,

 

I did as you suggested, as well as install the recommended Windows Updates, and my computer seems to be fine.

 

However, in Firefox, AVG Safe Search still opens automatically in a new tab, and now all links in my browser have a colour-coded check mark next to them (although that may be from my ISPs protection software which was prompting me to install Windows updates).

 

Also I ran the Security Check again:

 

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Rogers Online Protection Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player 12.0.0.43 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (26.0)
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Rogers Online Protection Rogers Online Protection Basic updatesrv.exe  
 Rogers Online Protection Rogers Online Protection Basic bdagent.exe  
 Rogers Online Protection Rogers Online Protection Basic vsserv.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


Edited by w2t, 03 February 2014 - 07:13 PM.


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:42 PM

Posted 04 February 2014 - 11:33 AM

Hi,
 
Is this after the Firefox reset?
 
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE

  • Double-click SystemLook.exe to run it.
  • Vista and 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
:filefind
*AVG* 
:folderfind 
*AVG*
:regfind
AVG
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 w2t

w2t
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 07 February 2014 - 10:57 PM

Hi,
 
Is this after the Firefox reset?
 
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE

  • Double-click SystemLook.exe to run it.
  • Vista and 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
:filefind
*AVG* 
:folderfind 
*AVG*
:regfind
AVG
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
 
xXToffeeXx~

 

Hi Toffee,

 

It was after the first reset.  However Firefox kept freezing on me, even after restarting the computer, so I uninstalled and re-installed the program.  No more AVG safe search.  However many websites' scripts are not working.  And for example, I can't even log into the forums here on Firefox; I'm using Chrome right now.

 

I did run SystemLook regardless just to see what it would find:

 

 

SystemLook 30.07.11 by jpshortstuff

Log created at 22:39 on 07/02/2014 by (myname)
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*AVG* "
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\AVG Secure Search.vir --a---- 18456 bytes [03:19 17/11/2013] [05:56 09/01/2014] 193FBAF3CEC24AC2E41BA0A77109CF86
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\AvgComponents.manifest.vir --a---- 234 bytes [23:15 08/12/2013] [05:56 09/01/2014] 039F9831361865AA4C07B49809485188
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\avgMozXPCOM.js.vir --a---- 61311 bytes [22:35 28/09/2013] [05:56 09/01/2014] 0B2DE9003B3AFC18CBFAF17C477683C8
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\crash.avgdx.vir --a---- 2176 bytes [23:15 08/12/2013] [05:56 09/01/2014] 7D08E1CA1FB379128390C3F7DDBB65DC
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\14.0.0.12\AVG Secure Search_toolbar.dll.vir --a---- 1883976 bytes [22:34 03/02/2013] [22:33 03/02/2013] A06B401AF69BE6FED4463A8985316044
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll.vir --a---- 1920688 bytes [03:29 11/02/2013] [03:29 11/02/2013] 1AB87C7D4A14AA1A1D8AE9051FB19BE2
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll.vir --a---- 1929392 bytes [15:02 18/02/2013] [15:02 18/02/2013] 612A05F057928A73276029A6C2DDC414
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll.vir --a---- 1991344 bytes [17:06 20/05/2013] [17:06 20/05/2013] 5EFB4A0B6F794DA7380859F56E16CF8D
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll.vir --a---- 3055280 bytes [06:27 27/06/2013] [06:26 27/06/2013] 125C5FE0306AF63ECC8A5BE4C74B732C
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll.vir --a---- 3086512 bytes [09:01 30/07/2013] [04:49 30/07/2013] 3CD5F21D4FD78839B58076A44BD3A264
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll.vir --a---- 3122864 bytes [09:40 15/08/2013] [09:40 15/08/2013] 659C2301EF2B66E5C8F12DA758E9049F
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\17.0.0.9\AVG Secure Search_toolbar.dll.vir --a---- 3353624 bytes [22:35 28/09/2013] [22:35 28/09/2013] 506AF8E04B50A725B7F0373FF855CE6D
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll.vir --a---- 3353624 bytes [06:32 02/10/2013] [06:32 02/10/2013] AA806DC28AB82B49B65C31ADCC3E7FBA
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll.vir --a---- 3353624 bytes [13:17 11/11/2013] [03:19 17/11/2013] FF51726D743F17A7D15AEA1937482A36
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll.vir --a---- 3333144 bytes [23:15 08/12/2013] [23:15 08/12/2013] BD21B67825C5BB6D4F166610723C8D64
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll.vir --a---- 3349528 bytes [05:56 09/01/2014] [05:56 09/01/2014] AA5FC64706FBA1A63416F4AB371D8875
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\ChromeGuardRes\avg_logo_medium.png.vir --a---- 3568 bytes [23:15 08/12/2013] [05:56 09/01/2014] 438B86EC7A9ADCAC4E5DCADFE13212E7
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\14.0.1\avgdttbx.dll.vir --a---- 568648 bytes [22:34 03/02/2013] [22:33 03/02/2013] AEC57F3E95C5620C0740E76579489F5F
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\14.1.7\avgdttbx.dll.vir --a---- 568496 bytes [03:30 11/02/2013] [03:29 11/02/2013] 7FA4620D653F5C123DD16843464B3DC0
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\14.2.0\avgdttbx.dll.vir --a---- 568496 bytes [15:02 18/02/2013] [15:02 18/02/2013] 59C5A91F4A27B81CB0AE7BF5D0543FBA
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\15.2.0\avgdttbx.dll.vir --a---- 569520 bytes [17:06 20/05/2013] [17:06 20/05/2013] 5F1EC52CED30D4A44369430ADF1B7C6F
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\15.3.0\avgdttbx.dll.vir --a---- 569520 bytes [06:27 27/06/2013] [06:26 27/06/2013] 01B9C1A2037FB4CAB8D6E4ACDB888497
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\15.4.0\avgdttbx.dll.vir --a---- 569520 bytes [09:01 30/07/2013] [04:49 30/07/2013] 0CFCF5240040CC4B87D0DE641B2D931D
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\15.5.0\avgdttbx.dll.vir --a---- 569520 bytes [09:40 15/08/2013] [09:40 15/08/2013] 37019F19796835232088232341CDB365
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.0.1\avgdttbx.dll.vir --a---- 567320 bytes [22:35 28/09/2013] [22:35 28/09/2013] 39A4E94E18A5D44406FED9A5386C74F5
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.0.12\avgdttbx.dll.vir --a---- 567320 bytes [06:32 02/10/2013] [06:32 02/10/2013] 3841620F7B53DAC3CA0DD06650180E2C
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.1.2\avgdttbx.dll.vir --a---- 567320 bytes [13:17 11/11/2013] [13:17 11/11/2013] 962A193FE1239CCE27DB9B04B4AB4915
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.2.0\avgdttbx.dll.vir --a---- 567320 bytes [23:15 08/12/2013] [23:15 08/12/2013] 03BEEC10DDF993E18AA4A973251209FC
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.3.0\avgdttbx.dll.vir --a---- 567320 bytes [05:56 09/01/2014] [05:56 09/01/2014] DFBB8493D14CCDB77DC16EE6AE9B3934
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\14.0.1\AVGRewardsWorker.dll.vir --a---- 562504 bytes [22:34 03/02/2013] [22:33 03/02/2013] 9469EED33BA14427DA899C3F8B98F0EC
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\14.1.7\AVGRewardsWorker.dll.vir --a---- 562352 bytes [03:30 11/02/2013] [03:29 11/02/2013] FB12BE10CF35A6E947987D8CE1DC675B
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\14.2.0\AVGRewardsWorker.dll.vir --a---- 562352 bytes [15:02 18/02/2013] [15:02 18/02/2013] 1A9E34E8F874AE72FAB0C7DAD086D4DB
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.2.0\AVGRewardsWorker.cfg.vir --a---- 437 bytes [17:06 20/05/2013] [17:06 20/05/2013] 6AE28AF476CC595EF0EF4854C4A5E457
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.2.0\AVGRewardsWorker.dll.vir --a---- 578224 bytes [17:06 20/05/2013] [17:06 20/05/2013] 5D1D0C48235F829125D904DC95FA6722
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.3.0\AVGRewardsWorker.cfg.vir --a---- 475 bytes [06:27 27/06/2013] [06:26 27/06/2013] 0EEE772CC080FF3138E54837F76AA5D1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.3.0\AVGRewardsWorker.dll.vir --a---- 581808 bytes [06:27 27/06/2013] [06:26 27/06/2013] 60F6C1DE4D20235290E26FF70D0AF394
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.4.0\AVGRewardsWorker.cfg.vir --a---- 475 bytes [09:01 30/07/2013] [04:49 30/07/2013] 0EEE772CC080FF3138E54837F76AA5D1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.4.0\AVGRewardsWorker.dll.vir --a---- 581808 bytes [09:01 30/07/2013] [04:49 30/07/2013] 6C42321020288F6060007B6A846F3F6C
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.5.0\AVGRewardsWorker.cfg.vir --a---- 475 bytes [09:40 15/08/2013] [09:40 15/08/2013] 0EEE772CC080FF3138E54837F76AA5D1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.5.0\AVGRewardsWorker.dll.vir --a---- 581808 bytes [09:40 15/08/2013] [09:40 15/08/2013] E08C1B0E3C547009DC99D1208EC6CF8E
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.0.1\AVGRewardsWorker.cfg.vir --a---- 475 bytes [22:35 28/09/2013] [22:35 28/09/2013] 0EEE772CC080FF3138E54837F76AA5D1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.0.1\AVGRewardsWorker.dll.vir --a---- 579608 bytes [22:35 28/09/2013] [22:35 28/09/2013] 2DD303A75EE1DCE83FE4706CC96C71BF
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.0.12\AVGRewardsWorker.cfg.vir --a---- 475 bytes [06:32 02/10/2013] [06:32 02/10/2013] 0EEE772CC080FF3138E54837F76AA5D1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.0.12\AVGRewardsWorker.dll.vir --a---- 579608 bytes [06:32 02/10/2013] [06:32 02/10/2013] F57A68AF53302E9A8189F939C9E9B3B6
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.cfg.vir --a---- 475 bytes [13:17 11/11/2013] [13:16 11/11/2013] 0EEE772CC080FF3138E54837F76AA5D1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.dll.vir --a---- 579608 bytes [13:17 11/11/2013] [13:17 11/11/2013] FAD63699F968A6E476F660F26247D619
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml.vir --a---- 3714 bytes [03:41 17/11/2013] [17:06 20/05/2013] EF581D7D6C1FCB38A1DDD8A5D335CA20
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\CrashReport\crash.avgdx.vir --a---- 2176 bytes [23:15 08/12/2013] [23:15 08/12/2013] 7D08E1CA1FB379128390C3F7DDBB65DC
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\14.0.0.12\components\avg-dnt-policy.js.vir --a---- 20191 bytes [22:34 03/02/2013] [22:33 03/02/2013] C65361515C5EB70C5B692B801A31793A
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\14.0.0.12\modules\avg-dnt-adapter.js.vir --a---- 4169 bytes [22:34 03/02/2013] [22:33 03/02/2013] 00EDF0F2F7146D73E214AFBF330B37E6
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\14.0.0.12\modules\avgJsm.js.vir --a---- 2567 bytes [22:34 03/02/2013] [22:33 03/02/2013] 76373F98F9871181EE53F0DBD1354AFD
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\14.1.0.10\components\avg-dnt-policy.js.vir --a---- 20516 bytes [03:30 11/02/2013] [03:29 11/02/2013] 33331694D7E3C174FF846FA96041F72A
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\avg-dnt-adapter.js.vir --a---- 4186 bytes [03:30 11/02/2013] [03:29 11/02/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\avgJsm.js.vir --a---- 2567 bytes [03:30 11/02/2013] [03:29 11/02/2013] 76373F98F9871181EE53F0DBD1354AFD
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1\components\avg-dnt-policy.js.vir --a---- 20618 bytes [15:02 18/02/2013] [15:02 18/02/2013] FA94F570056491E7C6DFFDE860691E17
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1\modules\avg-dnt-adapter.js.vir --a---- 4186 bytes [15:02 18/02/2013] [15:02 18/02/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1\modules\avgJsm.js.vir --a---- 2567 bytes [15:02 18/02/2013] [15:02 18/02/2013] 76373F98F9871181EE53F0DBD1354AFD
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\components\avg-dnt-policy.js.vir --a---- 20594 bytes [17:06 20/05/2013] [17:06 20/05/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\avg-dnt-adapter.js.vir --a---- 4186 bytes [17:06 20/05/2013] [17:06 20/05/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\avgJsm.js.vir --a---- 2567 bytes [17:06 20/05/2013] [17:06 20/05/2013] 76373F98F9871181EE53F0DBD1354AFD
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11\components\avg-dnt-policy.js.vir --a---- 20594 bytes [06:27 27/06/2013] [06:26 27/06/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11\modules\avg-dnt-adapter.js.vir --a---- 4186 bytes [06:27 27/06/2013] [06:26 27/06/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11\modules\avgJsm.js.vir --a---- 2591 bytes [06:27 27/06/2013] [06:26 27/06/2013] 8A996232DD8FCB9D7F01C99F3CE0110B
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5\components\avg-dnt-policy.js.vir --a---- 20594 bytes [09:01 30/07/2013] [04:49 30/07/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5\modules\avg-dnt-adapter.js.vir --a---- 4186 bytes [09:01 30/07/2013] [04:49 30/07/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5\modules\avgJsm.js.vir --a---- 2591 bytes [09:01 30/07/2013] [04:49 30/07/2013] 8A996232DD8FCB9D7F01C99F3CE0110B
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2\components\avg-dnt-policy.js.vir --a---- 20594 bytes [09:40 15/08/2013] [09:40 15/08/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2\modules\avg-dnt-adapter.js.vir --a---- 4186 bytes [09:40 15/08/2013] [09:40 15/08/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2\modules\avgJsm.js.vir --a---- 2591 bytes [09:40 15/08/2013] [09:40 15/08/2013] 8A996232DD8FCB9D7F01C99F3CE0110B
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.0.0.9\components\avg-dnt-policy.js.vir --a---- 20594 bytes [22:35 28/09/2013] [22:35 28/09/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.0.0.9\modules\avg-dnt-adapter.js.vir --a---- 4186 bytes [22:35 28/09/2013] [22:35 28/09/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.0.0.9\modules\avgJsm.js.vir --a---- 2688 bytes [22:35 28/09/2013] [22:35 28/09/2013] 771402B64C2B581BD4E1067A564AF2C1
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12\components\avg-dnt-policy.js.vir --a---- 20594 bytes [06:32 02/10/2013] [06:32 02/10/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12\modules\avg-dnt-adapter.js.vir --a---- 4186 bytes [06:32 02/10/2013] [06:32 02/10/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12\modules\avgJsm.js.vir --a---- 2688 bytes [06:32 02/10/2013] [06:32 02/10/2013] 771402B64C2B581BD4E1067A564AF2C1
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1\chrome\avg.jar.vir --a---- 99059 bytes [03:19 17/11/2013] [03:19 17/11/2013] 551582FFCC250F836E6BB62E75E037AB
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1\components\avg-dnt-policy.js.vir --a---- 20594 bytes [13:17 11/11/2013] [03:19 17/11/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\avg-dnt-adapter.js.vir --a---- 4186 bytes [13:17 11/11/2013] [03:19 17/11/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\avg.xml.vir --a---- 3627 bytes [03:19 17/11/2013] [03:19 17/11/2013] F0D6D3BC80A731F30D89517915413178
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\avg.xul.vir --a---- 13985 bytes [03:19 17/11/2013] [03:19 17/11/2013] DAAE45001FB100B7C77716F0F471961F
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\avgJsm.js.vir --a---- 2688 bytes [13:17 11/11/2013] [03:19 17/11/2013] 771402B64C2B581BD4E1067A564AF2C1
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38\chrome\avg.jar.vir --a---- 76308 bytes [23:15 08/12/2013] [23:14 08/12/2013] F687A014053798B31B1C2EAEECD2634E
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38\components\avg-dnt-policy.js.vir --a---- 19980 bytes [23:15 08/12/2013] [23:14 08/12/2013] 4B22C1D429EADC299207C2CA2B5EB1C8
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38\modules\avg-dnt-adapter.js.vir --a---- 4186 bytes [23:15 08/12/2013] [23:14 08/12/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38\modules\avg.xml.vir --a---- 3619 bytes [23:15 08/12/2013] [23:14 08/12/2013] A67769650ADB5EE2B84F16C1E504E032
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38\modules\avg.xul.vir --a---- 13800 bytes [23:15 08/12/2013] [23:15 08/12/2013] 2214A6EA98EF7586745AD2225E723176
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38\modules\avgJsm.js.vir --a---- 3625 bytes [23:15 08/12/2013] [23:14 08/12/2013] A686B2F9C2687DDFBD7C9B5B287AF8A7
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49\chrome\avg.jar.vir --a---- 76541 bytes [05:56 09/01/2014] [05:56 09/01/2014] A4B6C7D2633CFE5DF6675E30AEC86D5B
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49\components\avg-dnt-policy.js.vir --a---- 19968 bytes [05:56 09/01/2014] [05:56 09/01/2014] 32979A37576EA889CEF937FC357707E4
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\avg-dnt-adapter.js.vir --a---- 4186 bytes [05:56 09/01/2014] [05:56 09/01/2014] 0F144F2C1F29AD1624681292E8762C4D
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\avg.xml.vir --a---- 3619 bytes [05:56 09/01/2014] [05:56 09/01/2014] A67769650ADB5EE2B84F16C1E504E032
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\avg.xul.vir --a---- 13800 bytes [05:56 09/01/2014] [05:56 09/01/2014] 2214A6EA98EF7586745AD2225E723176
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\avgJsm.js.vir --a---- 3625 bytes [05:56 09/01/2014] [05:56 09/01/2014] A686B2F9C2687DDFBD7C9B5B287AF8A7
C:\Program Files\Common Files\Rogers Online Protection\SetupInformation\downloader\extern\avg.xml --a---- 10345 bytes [02:09 27/01/2014] [16:58 25/08/2013] 81B901CD668CB385D9C70978C0DA1058
C:\Program Files\Common Files\Rogers Online Protection\SetupInformation\downloader\extern\avg.xml.md5 --a---- 32 bytes [02:09 27/01/2014] [03:38 02/11/2013] 8A08F01A179E3ECC4E37A59C8CCAE9FA
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml --a---- 3728 bytes [06:26 27/06/2013] [05:56 09/01/2014] 5B85CD90A54EA29A9C9717689FFDF335
C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml --a---- 0 bytes [03:41 17/11/2013] [09:40 15/08/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Program Files (x86)\Mozilla Firefox\browser\components\avgMozXPCOM.js --a---- 61311 bytes [23:15 08/12/2013] [23:14 08/12/2013] 0B2DE9003B3AFC18CBFAF17C477683C8
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml --a---- 3728 bytes [03:41 17/11/2013] [05:56 09/01/2014] 5B85CD90A54EA29A9C9717689FFDF335
C:\Users\(myname)\AppData\Local\Google\Picasa2\db3\imagedata_avgcolor.pmp --a---- 4044 bytes [02:45 24/04/2012] [20:30 01/02/2014] 85B8D509E800C058F9123E3D959E45D5
C:\Users\(myname)\AppData\Roaming\Microsoft\Windows\Recent\avgfile.lnk --a---- 1411 bytes [19:25 03/02/2014] [19:25 03/02/2014] 077AC38C2FA39028A35179C4D38524B3
C:\Users\(myname)\Pictures\avgfile.png --a---- 3217 bytes [19:25 03/02/2014] [19:25 03/02/2014] 1228D99EFEF5195D7AD0E2D7985EA4EB
C:\Windows\Fonts\AVGmdtV183.ttf -ra---- 3841728 bytes [00:13 09/08/2010] [00:13 09/08/2010] 739C7E8378325171A8C022ED2B494444
C:\Windows\System32\drivers\avgtpx64.sys --a---- 46368 bytes [22:34 03/02/2013] [13:17 11/11/2013] A1F53D2A00E64679A1D81B61D2333D06
C:\Windows\Temp\avg-secure-search.xml --a---- 3728 bytes [15:02 18/02/2013] [05:56 09/01/2014] 5B85CD90A54EA29A9C9717689FFDF335
C:\Windows\Temp\avg_secure_search.log --a---- 1389209 bytes [06:27 27/06/2013] [16:12 31/01/2014] 839D3596049B1D6C98DA16D74FC22667
C:\Windows\Temp\avg_secure_search.log.1 --a---- 2048138 bytes [06:27 27/06/2013] [02:40 29/01/2014] 72D63A1308ACBBC3471D4E72C446798C
C:\Windows\Temp\avg_secure_search.log.2 --a---- 2048056 bytes [06:27 27/06/2013] [15:10 27/01/2014] 19AAE478A8A09AEA1099919743BC203E
C:\Windows\Temp\avg_secure_search.log.3 --a---- 2048018 bytes [06:27 27/06/2013] [00:17 25/01/2014] A8965F47816C42DCE3BD65A2EE1FD1DD
C:\Windows\Temp\avg_secure_search.log.4 --a---- 2048047 bytes [06:27 27/06/2013] [09:00 21/01/2014] 40EF3409C53EF3D963743F26C613090A
C:\Windows\Temp\avg_a01516\avg-secure-search-installer.exe --a---- 1260208 bytes [17:06 20/05/2013] [17:06 20/05/2013] 8B4B2530EAA8749A05E3D884B771DA25
C:\Windows\Temp\avg_a01516\CommonFiles\AVG Secure Search\avgdttbx.dll --a---- 569520 bytes [17:06 20/05/2013] [17:06 20/05/2013] 5F1EC52CED30D4A44369430ADF1B7C6F
C:\Windows\Temp\avg_a01516\CommonFiles\AVG Secure Search\AVGRewardsWorker.cfg --a---- 437 bytes [17:06 20/05/2013] [17:06 20/05/2013] 6AE28AF476CC595EF0EF4854C4A5E457
C:\Windows\Temp\avg_a01516\CommonFiles\AVG Secure Search\AVGRewardsWorker.dll --a---- 578224 bytes [17:06 20/05/2013] [17:06 20/05/2013] 5D1D0C48235F829125D904DC95FA6722
C:\Windows\Temp\avg_a01516\CommonFiles\AVG Secure Search\avgtpx64.sys --a---- 45856 bytes [17:06 20/05/2013] [17:06 20/05/2013] 3B5657B6C11CDA87F664DD6F7DD0702D
C:\Windows\Temp\avg_a01516\CommonFiles\AVG Secure Search\avgtpx86.sys --a---- 37664 bytes [17:06 20/05/2013] [17:06 20/05/2013] 02A43ADBA362B89B7D5715221D5F3010
C:\Windows\Temp\avg_a01516\ConfigFiles\avguidx.dll --a---- 247808 bytes [17:06 20/05/2013] [17:06 20/05/2013] AAA7D53D228E76B4291AC61E987BB058
C:\Windows\Temp\avg_a01516\ProgData\avg-secure-search.xml --a---- 3714 bytes [17:06 20/05/2013] [17:06 20/05/2013] CB90676B3241789BD5A521E6723305D2
C:\Windows\Temp\avg_a01516\ProgData\avgMozXPCOM.js --a---- 42163 bytes [17:06 20/05/2013] [17:06 20/05/2013] B4E09F91D4656A34541E54531C0EE3C3
C:\Windows\Temp\avg_a01516\ProgData\AVG Secure Search\ChromeExt\15.2.0.5\avg.crx --a---- 240029 bytes [17:06 20/05/2013] [17:06 20/05/2013] 6A39E27985B2303A46A0620A11FB001D
C:\Windows\Temp\avg_a01516\ProgData\AVG Secure Search\FireFoxExt\15.2.0.5\chrome\avg.jar --a---- 100440 bytes [17:06 20/05/2013] [17:06 20/05/2013] CC24620BEAD16A6D6F70DC0C91BB7DAD
C:\Windows\Temp\avg_a01516\ProgData\AVG Secure Search\FireFoxExt\15.2.0.5\components\avg-dnt-policy.js --a---- 20594 bytes [17:06 20/05/2013] [17:06 20/05/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\Windows\Temp\avg_a01516\ProgData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\avg-dnt-adapter.js --a---- 4186 bytes [17:06 20/05/2013] [17:06 20/05/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\Windows\Temp\avg_a01516\ProgData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\avg.xml --a---- 3662 bytes [17:06 20/05/2013] [17:06 20/05/2013] 73653A0392EBFDC60E5104D32B7A6891
C:\Windows\Temp\avg_a01516\ProgData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\avgJsm.js --a---- 2567 bytes [17:06 20/05/2013] [17:06 20/05/2013] 76373F98F9871181EE53F0DBD1354AFD
C:\Windows\Temp\avg_a01516\ProgFiles\AVG Secure Search\AVG Secure Search --a---- 20144 bytes [17:06 20/05/2013] [17:06 20/05/2013] 7F93C82E9946408ED5A5BDCF1D6FEF4D
C:\Windows\Temp\avg_a01516\ProgFiles\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll --a---- 1991344 bytes [17:06 20/05/2013] [17:06 20/05/2013] 5EFB4A0B6F794DA7380859F56E16CF8D
C:\Windows\Temp\avg_a03296\avg-secure-search-installer.exe --a---- 2335256 bytes [22:35 28/09/2013] [22:35 28/09/2013] BE963AC5CA015D84683A1C54F126DEF3
C:\Windows\Temp\avg_a03296\CommonFiles\AVG Secure Search\avgdttbx.dll --a---- 567320 bytes [22:35 28/09/2013] [22:35 28/09/2013] 39A4E94E18A5D44406FED9A5386C74F5
C:\Windows\Temp\avg_a03296\CommonFiles\AVG Secure Search\AVGRewardsWorker.cfg --a---- 475 bytes [22:35 28/09/2013] [22:35 28/09/2013] 0EEE772CC080FF3138E54837F76AA5D1
C:\Windows\Temp\avg_a03296\CommonFiles\AVG Secure Search\AVGRewardsWorker.dll --a---- 579608 bytes [22:35 28/09/2013] [22:35 28/09/2013] 2DD303A75EE1DCE83FE4706CC96C71BF
C:\Windows\Temp\avg_a03296\CommonFiles\AVG Secure Search\avgtpx64.sys --a---- 46368 bytes [22:35 28/09/2013] [22:35 28/09/2013] A1F53D2A00E64679A1D81B61D2333D06
C:\Windows\Temp\avg_a03296\CommonFiles\AVG Secure Search\avgtpx86.sys --a---- 37664 bytes [22:35 28/09/2013] [22:35 28/09/2013] 15ACA2AD17ACECA4814F249783E63AD3
C:\Windows\Temp\avg_a03296\ConfigFiles\avguidx.dll --a---- 247808 bytes [22:35 28/09/2013] [22:35 28/09/2013] AAA7D53D228E76B4291AC61E987BB058
C:\Windows\Temp\avg_a03296\ProgData\avg-secure-search.xml --a---- 3725 bytes [22:35 28/09/2013] [22:35 28/09/2013] 58EB6093C1984CDD20AB8FA002BF8A34
C:\Windows\Temp\avg_a03296\ProgData\avgMozXPCOM.js --a---- 42163 bytes [22:35 28/09/2013] [22:35 28/09/2013] B4E09F91D4656A34541E54531C0EE3C3
C:\Windows\Temp\avg_a03296\ProgData\AVG Secure Search\ChromeExt\17.0.0.9\avg.crx --a---- 272227 bytes [22:35 28/09/2013] [22:35 28/09/2013] 1788CC725A417026437F66E7F464765F
C:\Windows\Temp\avg_a03296\ProgData\AVG Secure Search\FireFoxExt\17.0.0.9\chrome\avg.jar --a---- 99059 bytes [22:35 28/09/2013] [22:35 28/09/2013] E712F24E6E572F58FEA5AE665522AF92
C:\Windows\Temp\avg_a03296\ProgData\AVG Secure Search\FireFoxExt\17.0.0.9\components\avg-dnt-policy.js --a---- 20594 bytes [22:35 28/09/2013] [22:35 28/09/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\Windows\Temp\avg_a03296\ProgData\AVG Secure Search\FireFoxExt\17.0.0.9\modules\avg-dnt-adapter.js --a---- 4186 bytes [22:35 28/09/2013] [22:35 28/09/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\Windows\Temp\avg_a03296\ProgData\AVG Secure Search\FireFoxExt\17.0.0.9\modules\avg.xml --a---- 3609 bytes [22:35 28/09/2013] [22:35 28/09/2013] 734351BA9054782F2D9A16F42C919D8A
C:\Windows\Temp\avg_a03296\ProgData\AVG Secure Search\FireFoxExt\17.0.0.9\modules\avg.xul --a---- 14367 bytes [22:35 28/09/2013] [22:35 28/09/2013] 4979384B0F2F8DA0D25933910CA67F7A
C:\Windows\Temp\avg_a03296\ProgData\AVG Secure Search\FireFoxExt\17.0.0.9\modules\avgJsm.js --a---- 2688 bytes [22:35 28/09/2013] [22:35 28/09/2013] 771402B64C2B581BD4E1067A564AF2C1
C:\Windows\Temp\avg_a03296\ProgFiles\AVG Secure Search\AVG Secure Search --a---- 18456 bytes [22:35 28/09/2013] [22:35 28/09/2013] 2379B3E39963D3151FE78319049FCEDB
C:\Windows\Temp\avg_a03296\ProgFiles\AVG Secure Search\avgMozXPCOM.js --a---- 42163 bytes [22:35 28/09/2013] [22:35 28/09/2013] B4E09F91D4656A34541E54531C0EE3C3
C:\Windows\Temp\avg_a03296\ProgFiles\AVG Secure Search\17.0.0.9\AVG Secure Search_toolbar.dll --a---- 3353624 bytes [22:35 28/09/2013] [22:35 28/09/2013] 506AF8E04B50A725B7F0373FF855CE6D
C:\Windows\Temp\avg_a04140\avg-secure-search-installer.exe --a---- 2343960 bytes [03:19 17/11/2013] [03:19 17/11/2013] FD6CB1C43B3539359668EE443338E039
C:\Windows\Temp\avg_a04140\CommonFiles\AVG Secure Search\avgdttbx.dll --a---- 567320 bytes [03:19 17/11/2013] [03:19 17/11/2013] 962A193FE1239CCE27DB9B04B4AB4915
C:\Windows\Temp\avg_a04140\CommonFiles\AVG Secure Search\AVGRewardsWorker.cfg --a---- 475 bytes [03:19 17/11/2013] [03:19 17/11/2013] 0EEE772CC080FF3138E54837F76AA5D1
C:\Windows\Temp\avg_a04140\CommonFiles\AVG Secure Search\AVGRewardsWorker.dll --a---- 579608 bytes [03:19 17/11/2013] [03:19 17/11/2013] FAD63699F968A6E476F660F26247D619
C:\Windows\Temp\avg_a04140\CommonFiles\AVG Secure Search\avgtpx64.sys --a---- 46368 bytes [03:19 17/11/2013] [03:19 17/11/2013] A1F53D2A00E64679A1D81B61D2333D06
C:\Windows\Temp\avg_a04140\CommonFiles\AVG Secure Search\avgtpx86.sys --a---- 37664 bytes [03:19 17/11/2013] [03:19 17/11/2013] 15ACA2AD17ACECA4814F249783E63AD3
C:\Windows\Temp\avg_a04140\ConfigFiles\avguidx.dll --a---- 247808 bytes [03:19 17/11/2013] [03:19 17/11/2013] AAA7D53D228E76B4291AC61E987BB058
C:\Windows\Temp\avg_a04140\ProgData\avg-secure-search.xml --a---- 3725 bytes [03:19 17/11/2013] [03:19 17/11/2013] B922A2D4CDF5F4419D5F35201898FEAB
C:\Windows\Temp\avg_a04140\ProgData\avgMozXPCOM.js --a---- 42163 bytes [03:19 17/11/2013] [03:19 17/11/2013] B4E09F91D4656A34541E54531C0EE3C3
C:\Windows\Temp\avg_a04140\ProgData\AVG Secure Search\ChromeExt\17.1.2.1\avg.crx --a---- 272227 bytes [03:19 17/11/2013] [03:19 17/11/2013] 7C3974907529E864D5B00EEBFAE0B3EA
C:\Windows\Temp\avg_a04140\ProgData\AVG Secure Search\FireFoxExt\17.1.2.1\chrome\avg.jar --a---- 99059 bytes [03:19 17/11/2013] [03:19 17/11/2013] 551582FFCC250F836E6BB62E75E037AB
C:\Windows\Temp\avg_a04140\ProgData\AVG Secure Search\FireFoxExt\17.1.2.1\components\avg-dnt-policy.js --a---- 20594 bytes [03:19 17/11/2013] [03:19 17/11/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\Windows\Temp\avg_a04140\ProgData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\avg-dnt-adapter.js --a---- 4186 bytes [03:19 17/11/2013] [03:19 17/11/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\Windows\Temp\avg_a04140\ProgData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\avg.xml --a---- 3627 bytes [03:19 17/11/2013] [03:19 17/11/2013] F0D6D3BC80A731F30D89517915413178
C:\Windows\Temp\avg_a04140\ProgData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\avg.xul --a---- 13985 bytes [03:19 17/11/2013] [03:19 17/11/2013] DAAE45001FB100B7C77716F0F471961F
C:\Windows\Temp\avg_a04140\ProgData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\avgJsm.js --a---- 2688 bytes [03:19 17/11/2013] [03:19 17/11/2013] 771402B64C2B581BD4E1067A564AF2C1
C:\Windows\Temp\avg_a04140\ProgFiles\AVG Secure Search\AVG Secure Search --a---- 18456 bytes [03:19 17/11/2013] [03:19 17/11/2013] 5CF2E7217CBB72E0D19ED207C6E23F73
C:\Windows\Temp\avg_a04140\ProgFiles\AVG Secure Search\avgMozXPCOM.js --a---- 42163 bytes [03:19 17/11/2013] [03:19 17/11/2013] B4E09F91D4656A34541E54531C0EE3C3
C:\Windows\Temp\avg_a04140\ProgFiles\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll --a---- 3353624 bytes [03:19 17/11/2013] [03:19 17/11/2013] FF51726D743F17A7D15AEA1937482A36
C:\Windows\Temp\avg_a04632\avg-secure-search-installer.exe --a---- 2170544 bytes [06:26 27/06/2013] [06:26 27/06/2013] 40D1F5434F4C245B4D162A9001832C70
C:\Windows\Temp\avg_a04632\CommonFiles\AVG Secure Search\avgdttbx.dll --a---- 569520 bytes [06:26 27/06/2013] [06:26 27/06/2013] 01B9C1A2037FB4CAB8D6E4ACDB888497
C:\Windows\Temp\avg_a04632\CommonFiles\AVG Secure Search\AVGRewardsWorker.cfg --a---- 475 bytes [06:26 27/06/2013] [06:26 27/06/2013] 0EEE772CC080FF3138E54837F76AA5D1
C:\Windows\Temp\avg_a04632\CommonFiles\AVG Secure Search\AVGRewardsWorker.dll --a---- 581808 bytes [06:26 27/06/2013] [06:26 27/06/2013] 60F6C1DE4D20235290E26FF70D0AF394
C:\Windows\Temp\avg_a04632\CommonFiles\AVG Secure Search\avgtpx64.sys --a---- 45856 bytes [06:26 27/06/2013] [06:26 27/06/2013] 34E9A86B0EF71BA72B58D72215EBFABC
C:\Windows\Temp\avg_a04632\CommonFiles\AVG Secure Search\avgtpx86.sys --a---- 37664 bytes [06:26 27/06/2013] [06:26 27/06/2013] C6C470CD49FE9DBA0F082540D7AF7642
C:\Windows\Temp\avg_a04632\ConfigFiles\avguidx.dll --a---- 247808 bytes [06:26 27/06/2013] [06:26 27/06/2013] AAA7D53D228E76B4291AC61E987BB058
C:\Windows\Temp\avg_a04632\ProgData\avg-secure-search.xml --a---- 3715 bytes [06:27 27/06/2013] [06:27 27/06/2013] DB74664ED94EFA9B4AE81D8560BAEE8B
C:\Windows\Temp\avg_a04632\ProgData\avgMozXPCOM.js --a---- 42163 bytes [06:26 27/06/2013] [06:26 27/06/2013] B4E09F91D4656A34541E54531C0EE3C3
C:\Windows\Temp\avg_a04632\ProgData\AVG Secure Search\ChromeExt\15.3.0.11\avg.crx --a---- 257165 bytes [06:26 27/06/2013] [06:26 27/06/2013] C094CB3E07BA42DD42D2E257511F3B7A
C:\Windows\Temp\avg_a04632\ProgData\AVG Secure Search\FireFoxExt\15.3.0.11\chrome\avg.jar --a---- 100866 bytes [06:26 27/06/2013] [06:26 27/06/2013] 5BC93C74DF65DC8BF047F42695F96244
C:\Windows\Temp\avg_a04632\ProgData\AVG Secure Search\FireFoxExt\15.3.0.11\components\avg-dnt-policy.js --a---- 20594 bytes [06:26 27/06/2013] [06:26 27/06/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\Windows\Temp\avg_a04632\ProgData\AVG Secure Search\FireFoxExt\15.3.0.11\modules\avg-dnt-adapter.js --a---- 4186 bytes [06:26 27/06/2013] [06:26 27/06/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\Windows\Temp\avg_a04632\ProgData\AVG Secure Search\FireFoxExt\15.3.0.11\modules\avg.xml --a---- 3662 bytes [06:26 27/06/2013] [06:26 27/06/2013] 73653A0392EBFDC60E5104D32B7A6891
C:\Windows\Temp\avg_a04632\ProgData\AVG Secure Search\FireFoxExt\15.3.0.11\modules\avgJsm.js --a---- 2591 bytes [06:26 27/06/2013] [06:26 27/06/2013] 8A996232DD8FCB9D7F01C99F3CE0110B
C:\Windows\Temp\avg_a04632\ProgFiles\AVG Secure Search\AVG Secure Search --a---- 20144 bytes [06:26 27/06/2013] [06:26 27/06/2013] DF7E0F99F16EB05D5F4B0D3A070EE240
C:\Windows\Temp\avg_a04632\ProgFiles\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll --a---- 3055280 bytes [06:26 27/06/2013] [06:26 27/06/2013] 125C5FE0306AF63ECC8A5BE4C74B732C
C:\Windows\Temp\avg_a04632\ProgFiles\AVG Secure Search\ChromeGuardRes\avg_logo_medium.png --a---- 3568 bytes [06:26 27/06/2013] [06:26 27/06/2013] 438B86EC7A9ADCAC4E5DCADFE13212E7
C:\Windows\Temp\avg_a04816\avg-secure-search-installer.exe --a---- 2348568 bytes [23:15 08/12/2013] [23:15 08/12/2013] CB4A39910D693F76EB197DFECB4D8012
C:\Windows\Temp\avg_a04816\CommonFiles\AVG Secure Search\avgdttbx.dll --a---- 567320 bytes [23:15 08/12/2013] [23:15 08/12/2013] 03BEEC10DDF993E18AA4A973251209FC
C:\Windows\Temp\avg_a04816\CommonFiles\AVG Secure Search\avgtpx64.sys --a---- 46368 bytes [23:15 08/12/2013] [23:15 08/12/2013] A1F53D2A00E64679A1D81B61D2333D06
C:\Windows\Temp\avg_a04816\CommonFiles\AVG Secure Search\avgtpx86.sys --a---- 37664 bytes [23:15 08/12/2013] [23:15 08/12/2013] 15ACA2AD17ACECA4814F249783E63AD3
C:\Windows\Temp\avg_a04816\ConfigFiles\avguidx.dll --a---- 247808 bytes [23:15 08/12/2013] [23:15 08/12/2013] AAA7D53D228E76B4291AC61E987BB058
C:\Windows\Temp\avg_a04816\ProgData\avg-secure-search.xml --a---- 3727 bytes [23:15 08/12/2013] [23:15 08/12/2013] 868E5D4D54258B83FFAFCEAE4B82EFE0
C:\Windows\Temp\avg_a04816\ProgData\avgMozXPCOM.js --a---- 61311 bytes [23:14 08/12/2013] [23:14 08/12/2013] 0B2DE9003B3AFC18CBFAF17C477683C8
C:\Windows\Temp\avg_a04816\ProgData\AVG Secure Search\ChromeExt\17.2.0.38\avg.crx --a---- 255624 bytes [23:15 08/12/2013] [23:15 08/12/2013] DDD6C31A2BB9FD3ECF3F0EA08D7816A9
C:\Windows\Temp\avg_a04816\ProgData\AVG Secure Search\FireFoxExt\17.2.0.38\chrome\avg.jar --a---- 76308 bytes [23:14 08/12/2013] [23:14 08/12/2013] F687A014053798B31B1C2EAEECD2634E
C:\Windows\Temp\avg_a04816\ProgData\AVG Secure Search\FireFoxExt\17.2.0.38\components\avg-dnt-policy.js --a---- 19980 bytes [23:14 08/12/2013] [23:14 08/12/2013] 4B22C1D429EADC299207C2CA2B5EB1C8
C:\Windows\Temp\avg_a04816\ProgData\AVG Secure Search\FireFoxExt\17.2.0.38\modules\avg-dnt-adapter.js --a---- 4186 bytes [23:14 08/12/2013] [23:14 08/12/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\Windows\Temp\avg_a04816\ProgData\AVG Secure Search\FireFoxExt\17.2.0.38\modules\avg.xml --a---- 3619 bytes [23:14 08/12/2013] [23:14 08/12/2013] A67769650ADB5EE2B84F16C1E504E032
C:\Windows\Temp\avg_a04816\ProgData\AVG Secure Search\FireFoxExt\17.2.0.38\modules\avg.xul --a---- 13800 bytes [23:15 08/12/2013] [23:15 08/12/2013] 2214A6EA98EF7586745AD2225E723176
C:\Windows\Temp\avg_a04816\ProgData\AVG Secure Search\FireFoxExt\17.2.0.38\modules\avgJsm.js --a---- 3625 bytes [23:14 08/12/2013] [23:14 08/12/2013] A686B2F9C2687DDFBD7C9B5B287AF8A7
C:\Windows\Temp\avg_a04816\ProgFiles\AVG Secure Search\AVG Secure Search --a---- 18456 bytes [23:14 08/12/2013] [23:14 08/12/2013] 00B502FFFE4219123902B7CF3687445E
C:\Windows\Temp\avg_a04816\ProgFiles\AVG Secure Search\AvgComponents.manifest --a---- 234 bytes [23:14 08/12/2013] [23:14 08/12/2013] 039F9831361865AA4C07B49809485188
C:\Windows\Temp\avg_a04816\ProgFiles\AVG Secure Search\avgMozXPCOM.js --a---- 61311 bytes [23:14 08/12/2013] [23:14 08/12/2013] 0B2DE9003B3AFC18CBFAF17C477683C8
C:\Windows\Temp\avg_a04816\ProgFiles\AVG Secure Search\crash.avgdx --a---- 2176 bytes [23:15 08/12/2013] [23:15 08/12/2013] 7D08E1CA1FB379128390C3F7DDBB65DC
C:\Windows\Temp\avg_a04816\ProgFiles\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll --a---- 3333144 bytes [23:15 08/12/2013] [23:15 08/12/2013] BD21B67825C5BB6D4F166610723C8D64
C:\Windows\Temp\avg_a04816\ProgFiles\AVG Secure Search\ChromeGuardRes\avg_logo_medium.png --a---- 3568 bytes [23:14 08/12/2013] [23:14 08/12/2013] 438B86EC7A9ADCAC4E5DCADFE13212E7
C:\Windows\Temp\avg_a08328\avg-secure-search-installer.exe --a---- 2341400 bytes [06:32 02/10/2013] [06:32 02/10/2013] 35FDDC8B98334B20202DA26A11B25BEC
C:\Windows\Temp\avg_a08328\CommonFiles\AVG Secure Search\avgdttbx.dll --a---- 567320 bytes [06:32 02/10/2013] [06:32 02/10/2013] 3841620F7B53DAC3CA0DD06650180E2C
C:\Windows\Temp\avg_a08328\CommonFiles\AVG Secure Search\AVGRewardsWorker.cfg --a---- 475 bytes [06:32 02/10/2013] [06:32 02/10/2013] 0EEE772CC080FF3138E54837F76AA5D1
C:\Windows\Temp\avg_a08328\CommonFiles\AVG Secure Search\AVGRewardsWorker.dll --a---- 579608 bytes [06:32 02/10/2013] [06:32 02/10/2013] F57A68AF53302E9A8189F939C9E9B3B6
C:\Windows\Temp\avg_a08328\CommonFiles\AVG Secure Search\avgtpx64.sys --a---- 46368 bytes [06:32 02/10/2013] [06:32 02/10/2013] A1F53D2A00E64679A1D81B61D2333D06
C:\Windows\Temp\avg_a08328\CommonFiles\AVG Secure Search\avgtpx86.sys --a---- 37664 bytes [06:32 02/10/2013] [06:32 02/10/2013] 15ACA2AD17ACECA4814F249783E63AD3
C:\Windows\Temp\avg_a08328\ConfigFiles\avguidx.dll --a---- 247808 bytes [06:32 02/10/2013] [06:32 02/10/2013] AAA7D53D228E76B4291AC61E987BB058
C:\Windows\Temp\avg_a08328\ProgData\avg-secure-search.xml --a---- 3725 bytes [06:32 02/10/2013] [06:32 02/10/2013] AE74CA5A209D8C582A2983A712E2E7C3
C:\Windows\Temp\avg_a08328\ProgData\avgMozXPCOM.js --a---- 42163 bytes [06:32 02/10/2013] [06:32 02/10/2013] B4E09F91D4656A34541E54531C0EE3C3
C:\Windows\Temp\avg_a08328\ProgData\AVG Secure Search\ChromeExt\17.0.1.12\avg.crx --a---- 272228 bytes [06:32 02/10/2013] [06:32 02/10/2013] F02238BEDC3110358CF1A34A00B1F1F1
C:\Windows\Temp\avg_a08328\ProgData\AVG Secure Search\FireFoxExt\17.0.1.12\chrome\avg.jar --a---- 99058 bytes [06:32 02/10/2013] [06:32 02/10/2013] 94C29B7EECECC45C0FD742CBEC974BB5
C:\Windows\Temp\avg_a08328\ProgData\AVG Secure Search\FireFoxExt\17.0.1.12\components\avg-dnt-policy.js --a---- 20594 bytes [06:32 02/10/2013] [06:32 02/10/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\Windows\Temp\avg_a08328\ProgData\AVG Secure Search\FireFoxExt\17.0.1.12\modules\avg-dnt-adapter.js --a---- 4186 bytes [06:32 02/10/2013] [06:32 02/10/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\Windows\Temp\avg_a08328\ProgData\AVG Secure Search\FireFoxExt\17.0.1.12\modules\avg.xml --a---- 3609 bytes [06:32 02/10/2013] [06:32 02/10/2013] 734351BA9054782F2D9A16F42C919D8A
C:\Windows\Temp\avg_a08328\ProgData\AVG Secure Search\FireFoxExt\17.0.1.12\modules\avg.xul --a---- 14367 bytes [06:32 02/10/2013] [06:32 02/10/2013] 4979384B0F2F8DA0D25933910CA67F7A
C:\Windows\Temp\avg_a08328\ProgData\AVG Secure Search\FireFoxExt\17.0.1.12\modules\avgJsm.js --a---- 2688 bytes [06:32 02/10/2013] [06:32 02/10/2013] 771402B64C2B581BD4E1067A564AF2C1
C:\Windows\Temp\avg_a08328\ProgFiles\AVG Secure Search\AVG Secure Search --a---- 18456 bytes [06:32 02/10/2013] [06:32 02/10/2013] 4775D22099CF7FCA11E71D8BB35ACF3F
C:\Windows\Temp\avg_a08328\ProgFiles\AVG Secure Search\avgMozXPCOM.js --a---- 42163 bytes [06:32 02/10/2013] [06:32 02/10/2013] B4E09F91D4656A34541E54531C0EE3C3
C:\Windows\Temp\avg_a08328\ProgFiles\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll --a---- 3353624 bytes [06:32 02/10/2013] [06:32 02/10/2013] AA806DC28AB82B49B65C31ADCC3E7FBA
C:\Windows\Temp\avg_a10096\avg-secure-search-installer.exe --a---- 1203888 bytes [15:02 18/02/2013] [15:02 18/02/2013] 5A126425528C891C207119A64B8C9FCA
C:\Windows\Temp\avg_a10096\CommonFiles\AVG Secure Search\avgdttbx.dll --a---- 568496 bytes [15:02 18/02/2013] [15:02 18/02/2013] 59C5A91F4A27B81CB0AE7BF5D0543FBA
C:\Windows\Temp\avg_a10096\CommonFiles\AVG Secure Search\AVGRewardsWorker.dll --a---- 562352 bytes [15:02 18/02/2013] [15:02 18/02/2013] 1A9E34E8F874AE72FAB0C7DAD086D4DB
C:\Windows\Temp\avg_a10096\CommonFiles\AVG Secure Search\avgtpx64.sys --a---- 39768 bytes [15:02 18/02/2013] [15:02 18/02/2013] 4C05242DC361A217223E9B8EC2B3A76B
C:\Windows\Temp\avg_a10096\CommonFiles\AVG Secure Search\avgtpx86.sys --a---- 33112 bytes [15:02 18/02/2013] [15:02 18/02/2013] CAE7B6E4D7EB17829C526153D19B9C95
C:\Windows\Temp\avg_a10096\ConfigFiles\avguidx.dll --a---- 247808 bytes [15:02 18/02/2013] [15:02 18/02/2013] AAA7D53D228E76B4291AC61E987BB058
C:\Windows\Temp\avg_a10096\ProgData\avg-secure-search.xml --a---- 3715 bytes [15:02 18/02/2013] [15:02 18/02/2013] 729D13E431C5464525A3D3FB389BD9B9
C:\Windows\Temp\avg_a10096\ProgData\avgMozXPCOM.js --a---- 42163 bytes [15:02 18/02/2013] [15:02 18/02/2013] B4E09F91D4656A34541E54531C0EE3C3
C:\Windows\Temp\avg_a10096\ProgData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx --a---- 237111 bytes [15:02 18/02/2013] [15:02 18/02/2013] FD9EA986137004BC570AF1C1E03AB9E7
C:\Windows\Temp\avg_a10096\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\chrome\avg.jar --a---- 97636 bytes [15:02 18/02/2013] [15:02 18/02/2013] EDA0080D942F4FC6468A94E8D2EBEAF1
C:\Windows\Temp\avg_a10096\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\components\avg-dnt-policy.js --a---- 20618 bytes [15:02 18/02/2013] [15:02 18/02/2013] FA94F570056491E7C6DFFDE860691E17
C:\Windows\Temp\avg_a10096\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\modules\avg-dnt-adapter.js --a---- 4186 bytes [15:02 18/02/2013] [15:02 18/02/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\Windows\Temp\avg_a10096\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\modules\avg.xml --a---- 3662 bytes [15:02 18/02/2013] [15:02 18/02/2013] 73653A0392EBFDC60E5104D32B7A6891
C:\Windows\Temp\avg_a10096\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\modules\avgJsm.js --a---- 2567 bytes [15:02 18/02/2013] [15:02 18/02/2013] 76373F98F9871181EE53F0DBD1354AFD
C:\Windows\Temp\avg_a10096\ProgFiles\AVG Secure Search\AVG Secure Search --a---- 19120 bytes [15:02 18/02/2013] [15:02 18/02/2013] 5EF076A8608DCD5181083DAED6403F0B
C:\Windows\Temp\avg_a10096\ProgFiles\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll --a---- 1929392 bytes [15:02 18/02/2013] [15:02 18/02/2013] 612A05F057928A73276029A6C2DDC414
C:\Windows\Temp\avg_a11220\avg-secure-search-installer.exe --a---- 1197744 bytes [03:29 11/02/2013] [03:29 11/02/2013] 20C2902C1E9A9D4A18AE1D249B259410
C:\Windows\Temp\avg_a11220\CommonFiles\AVG Secure Search\avgdttbx.dll --a---- 568496 bytes [03:29 11/02/2013] [03:29 11/02/2013] 7FA4620D653F5C123DD16843464B3DC0
C:\Windows\Temp\avg_a11220\CommonFiles\AVG Secure Search\AVGRewardsWorker.dll --a---- 562352 bytes [03:29 11/02/2013] [03:29 11/02/2013] FB12BE10CF35A6E947987D8CE1DC675B
C:\Windows\Temp\avg_a11220\CommonFiles\AVG Secure Search\avgtpx64.sys --a---- 39768 bytes [03:29 11/02/2013] [03:29 11/02/2013] B4FBFADDA6B39AB24456C45C03EF3991
C:\Windows\Temp\avg_a11220\CommonFiles\AVG Secure Search\avgtpx86.sys --a---- 33112 bytes [03:29 11/02/2013] [03:29 11/02/2013] F3D2D8D48E3B0CA83D70A420240E509B
C:\Windows\Temp\avg_a11220\ConfigFiles\avguidx.dll --a---- 247808 bytes [03:29 11/02/2013] [03:29 11/02/2013] AAA7D53D228E76B4291AC61E987BB058
C:\Windows\Temp\avg_a11220\ProgData\avg-secure-search.xml --a---- 3592 bytes [03:29 11/02/2013] [03:29 11/02/2013] 93FE30042BB71EDEE4A43C2648FF8FF4
C:\Windows\Temp\avg_a11220\ProgData\avgMozXPCOM.js --a---- 42163 bytes [03:29 11/02/2013] [03:29 11/02/2013] B4E09F91D4656A34541E54531C0EE3C3
C:\Windows\Temp\avg_a11220\ProgData\AVG Secure Search\ChromeExt\14.1.0.10\avg.crx --a---- 237077 bytes [03:29 11/02/2013] [03:29 11/02/2013] 2F9BBA66997014FA1A1C28C6C5A3B647
C:\Windows\Temp\avg_a11220\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\chrome\avg.jar --a---- 97635 bytes [03:29 11/02/2013] [03:29 11/02/2013] D91E0F516FF4951FB6E63538B933895A
C:\Windows\Temp\avg_a11220\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\components\avg-dnt-policy.js --a---- 20516 bytes [03:29 11/02/2013] [03:29 11/02/2013] 33331694D7E3C174FF846FA96041F72A
C:\Windows\Temp\avg_a11220\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\avg-dnt-adapter.js --a---- 4186 bytes [03:29 11/02/2013] [03:29 11/02/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\Windows\Temp\avg_a11220\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\avg.xml --a---- 3662 bytes [03:29 11/02/2013] [03:29 11/02/2013] 73653A0392EBFDC60E5104D32B7A6891
C:\Windows\Temp\avg_a11220\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\avgJsm.js --a---- 2567 bytes [03:29 11/02/2013] [03:29 11/02/2013] 76373F98F9871181EE53F0DBD1354AFD
C:\Windows\Temp\avg_a11220\ProgFiles\AVG Secure Search\AVG Secure Search --a---- 19120 bytes [03:29 11/02/2013] [03:29 11/02/2013] 73BD6F69E2899427323CF243B65967FD
C:\Windows\Temp\avg_a11220\ProgFiles\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll --a---- 1920688 bytes [03:29 11/02/2013] [03:29 11/02/2013] 1AB87C7D4A14AA1A1D8AE9051FB19BE2
C:\Windows\Temp\avg_a12108\avg-secure-search-installer.exe --a---- 2343960 bytes [13:16 11/11/2013] [13:16 11/11/2013] FD6CB1C43B3539359668EE443338E039
C:\Windows\Temp\avg_a12108\CommonFiles\AVG Secure Search\avgdttbx.dll --a---- 567320 bytes [13:17 11/11/2013] [13:17 11/11/2013] 962A193FE1239CCE27DB9B04B4AB4915
C:\Windows\Temp\avg_a12108\CommonFiles\AVG Secure Search\AVGRewardsWorker.cfg --a---- 475 bytes [13:16 11/11/2013] [13:16 11/11/2013] 0EEE772CC080FF3138E54837F76AA5D1
C:\Windows\Temp\avg_a12108\CommonFiles\AVG Secure Search\AVGRewardsWorker.dll --a---- 579608 bytes [13:17 11/11/2013] [13:17 11/11/2013] FAD63699F968A6E476F660F26247D619
C:\Windows\Temp\avg_a12108\CommonFiles\AVG Secure Search\avgtpx64.sys --a---- 46368 bytes [13:17 11/11/2013] [13:17 11/11/2013] A1F53D2A00E64679A1D81B61D2333D06
C:\Windows\Temp\avg_a12108\CommonFiles\AVG Secure Search\avgtpx86.sys --a---- 37664 bytes [13:17 11/11/2013] [13:17 11/11/2013] 15ACA2AD17ACECA4814F249783E63AD3
C:\Windows\Temp\avg_a12108\ConfigFiles\avguidx.dll --a---- 247808 bytes [13:17 11/11/2013] [13:17 11/11/2013] AAA7D53D228E76B4291AC61E987BB058
C:\Windows\Temp\avg_a12108\ProgData\avg-secure-search.xml --a---- 3726 bytes [13:17 11/11/2013] [13:17 11/11/2013] CF04738F232548651D184D86A7CF7E93
C:\Windows\Temp\avg_a12108\ProgData\avgMozXPCOM.js --a---- 42163 bytes [13:16 11/11/2013] [13:16 11/11/2013] B4E09F91D4656A34541E54531C0EE3C3
C:\Windows\Temp\avg_a12108\ProgData\AVG Secure Search\ChromeExt\17.1.2.1\avg.crx --a---- 272227 bytes [13:16 11/11/2013] [13:16 11/11/2013] 7C3974907529E864D5B00EEBFAE0B3EA
C:\Windows\Temp\avg_a12108\ProgData\AVG Secure Search\FireFoxExt\17.1.2.1\chrome\avg.jar --a---- 99059 bytes [13:16 11/11/2013] [13:16 11/11/2013] 551582FFCC250F836E6BB62E75E037AB
C:\Windows\Temp\avg_a12108\ProgData\AVG Secure Search\FireFoxExt\17.1.2.1\components\avg-dnt-policy.js --a---- 20594 bytes [13:16 11/11/2013] [13:16 11/11/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\Windows\Temp\avg_a12108\ProgData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\avg-dnt-adapter.js --a---- 4186 bytes [13:16 11/11/2013] [13:16 11/11/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\Windows\Temp\avg_a12108\ProgData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\avg.xml --a---- 3627 bytes [13:16 11/11/2013] [13:16 11/11/2013] F0D6D3BC80A731F30D89517915413178
C:\Windows\Temp\avg_a12108\ProgData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\avg.xul --a---- 13985 bytes [13:16 11/11/2013] [13:16 11/11/2013] DAAE45001FB100B7C77716F0F471961F
C:\Windows\Temp\avg_a12108\ProgData\AVG Secure Search\FireFoxExt\17.1.2.1\modules\avgJsm.js --a---- 2688 bytes [13:16 11/11/2013] [13:16 11/11/2013] 771402B64C2B581BD4E1067A564AF2C1
C:\Windows\Temp\avg_a12108\ProgFiles\AVG Secure Search\AVG Secure Search --a---- 18456 bytes [13:16 11/11/2013] [13:16 11/11/2013] 5CF2E7217CBB72E0D19ED207C6E23F73
C:\Windows\Temp\avg_a12108\ProgFiles\AVG Secure Search\avgMozXPCOM.js --a---- 42163 bytes [13:16 11/11/2013] [13:16 11/11/2013] B4E09F91D4656A34541E54531C0EE3C3
C:\Windows\Temp\avg_a12108\ProgFiles\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll --a---- 3353624 bytes [13:16 11/11/2013] [13:17 11/11/2013] FF51726D743F17A7D15AEA1937482A36
C:\Windows\Temp\avg_a15908\avg-secure-search-installer.exe --a---- 2355736 bytes [05:56 09/01/2014] [05:56 09/01/2014] 9E17EA392256B0D47C945EA3F04294E9
C:\Windows\Temp\avg_a15908\CommonFiles\AVG Secure Search\avgdttbx.dll --a---- 567320 bytes [05:56 09/01/2014] [05:56 09/01/2014] DFBB8493D14CCDB77DC16EE6AE9B3934
C:\Windows\Temp\avg_a15908\CommonFiles\AVG Secure Search\avgtpx64.sys --a---- 46368 bytes [05:56 09/01/2014] [05:56 09/01/2014] A1F53D2A00E64679A1D81B61D2333D06
C:\Windows\Temp\avg_a15908\CommonFiles\AVG Secure Search\avgtpx86.sys --a---- 37664 bytes [05:56 09/01/2014] [05:56 09/01/2014] 15ACA2AD17ACECA4814F249783E63AD3
C:\Windows\Temp\avg_a15908\ConfigFiles\avguidx.dll --a---- 247808 bytes [05:56 09/01/2014] [05:56 09/01/2014] AAA7D53D228E76B4291AC61E987BB058
C:\Windows\Temp\avg_a15908\ProgData\avg-secure-search.xml --a---- 3728 bytes [05:56 09/01/2014] [05:56 09/01/2014] 1521E38EEF4AACC2006BECBE742A060A
C:\Windows\Temp\avg_a15908\ProgData\avgMozXPCOM.js --a---- 61311 bytes [05:56 09/01/2014] [05:56 09/01/2014] 0B2DE9003B3AFC18CBFAF17C477683C8
C:\Windows\Temp\avg_a15908\ProgData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx --a---- 255575 bytes [05:56 09/01/2014] [05:56 09/01/2014] 488D322A4291CF0C2C152CC3470C7E1A
C:\Windows\Temp\avg_a15908\ProgData\AVG Secure Search\FireFoxExt\17.3.0.49\chrome\avg.jar --a---- 76541 bytes [05:56 09/01/2014] [05:56 09/01/2014] A4B6C7D2633CFE5DF6675E30AEC86D5B
C:\Windows\Temp\avg_a15908\ProgData\AVG Secure Search\FireFoxExt\17.3.0.49\components\avg-dnt-policy.js --a---- 19968 bytes [05:56 09/01/2014] [05:56 09/01/2014] 32979A37576EA889CEF937FC357707E4
C:\Windows\Temp\avg_a15908\ProgData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\avg-dnt-adapter.js --a---- 4186 bytes [05:56 09/01/2014] [05:56 09/01/2014] 0F144F2C1F29AD1624681292E8762C4D
C:\Windows\Temp\avg_a15908\ProgData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\avg.xml --a---- 3619 bytes [05:56 09/01/2014] [05:56 09/01/2014] A67769650ADB5EE2B84F16C1E504E032
C:\Windows\Temp\avg_a15908\ProgData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\avg.xul --a---- 13800 bytes [05:56 09/01/2014] [05:56 09/01/2014] 2214A6EA98EF7586745AD2225E723176
C:\Windows\Temp\avg_a15908\ProgData\AVG Secure Search\FireFoxExt\17.3.0.49\modules\avgJsm.js --a---- 3625 bytes [05:56 09/01/2014] [05:56 09/01/2014] A686B2F9C2687DDFBD7C9B5B287AF8A7
C:\Windows\Temp\avg_a15908\ProgFiles\AVG Secure Search\AVG Secure Search --a---- 18456 bytes [05:56 09/01/2014] [05:56 09/01/2014] 193FBAF3CEC24AC2E41BA0A77109CF86
C:\Windows\Temp\avg_a15908\ProgFiles\AVG Secure Search\AvgComponents.manifest --a---- 234 bytes [05:56 09/01/2014] [05:56 09/01/2014] 039F9831361865AA4C07B49809485188
C:\Windows\Temp\avg_a15908\ProgFiles\AVG Secure Search\avgMozXPCOM.js --a---- 61311 bytes [05:56 09/01/2014] [05:56 09/01/2014] 0B2DE9003B3AFC18CBFAF17C477683C8
C:\Windows\Temp\avg_a15908\ProgFiles\AVG Secure Search\crash.avgdx --a---- 2176 bytes [05:56 09/01/2014] [05:56 09/01/2014] 7D08E1CA1FB379128390C3F7DDBB65DC
C:\Windows\Temp\avg_a15908\ProgFiles\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll --a---- 3349528 bytes [05:56 09/01/2014] [05:56 09/01/2014] AA5FC64706FBA1A63416F4AB371D8875
C:\Windows\Temp\avg_a15908\ProgFiles\AVG Secure Search\ChromeGuardRes\avg_logo_medium.png --a---- 3568 bytes [05:56 09/01/2014] [05:56 09/01/2014] 438B86EC7A9ADCAC4E5DCADFE13212E7
C:\Windows\Temp\avg_a18624\avg-secure-search-installer.exe --a---- 2196656 bytes [04:49 30/07/2013] [04:49 30/07/2013] 4F11E85CAE13A8881746B8FBB189EAA6
C:\Windows\Temp\avg_a18624\CommonFiles\AVG Secure Search\avgdttbx.dll --a---- 569520 bytes [04:49 30/07/2013] [04:49 30/07/2013] 0CFCF5240040CC4B87D0DE641B2D931D
C:\Windows\Temp\avg_a18624\CommonFiles\AVG Secure Search\AVGRewardsWorker.cfg --a---- 475 bytes [04:49 30/07/2013] [04:49 30/07/2013] 0EEE772CC080FF3138E54837F76AA5D1
C:\Windows\Temp\avg_a18624\CommonFiles\AVG Secure Search\AVGRewardsWorker.dll --a---- 581808 bytes [04:49 30/07/2013] [04:49 30/07/2013] 6C42321020288F6060007B6A846F3F6C
C:\Windows\Temp\avg_a18624\CommonFiles\AVG Secure Search\avgtpx64.sys --a---- 45856 bytes [04:49 30/07/2013] [04:49 30/07/2013] 18AAAC7ED383C465E319B5DD07D0A0B6
C:\Windows\Temp\avg_a18624\CommonFiles\AVG Secure Search\avgtpx86.sys --a---- 37664 bytes [04:49 30/07/2013] [04:49 30/07/2013] BB83BDE5C9EB8A1B932D4A8374758EF8
C:\Windows\Temp\avg_a18624\ConfigFiles\avguidx.dll --a---- 257712 bytes [04:49 30/07/2013] [04:49 30/07/2013] 18714DD1C65A6B1DBBBA1BACF505A5D5
C:\Windows\Temp\avg_a18624\ProgData\avg-secure-search.xml --a---- 3716 bytes [04:49 30/07/2013] [04:49 30/07/2013] 12047C6946BE7E0DE4A26CF2B6346A43
C:\Windows\Temp\avg_a18624\ProgData\avgMozXPCOM.js --a---- 42163 bytes [04:49 30/07/2013] [04:49 30/07/2013] B4E09F91D4656A34541E54531C0EE3C3
C:\Windows\Temp\avg_a18624\ProgData\AVG Secure Search\ChromeExt\15.4.0.5\avg.crx --a---- 257167 bytes [04:49 30/07/2013] [04:49 30/07/2013] 5294DEE34D094B14D7E2697E9BB880B5
C:\Windows\Temp\avg_a18624\ProgData\AVG Secure Search\FireFoxExt\15.4.0.5\chrome\avg.jar --a---- 101093 bytes [04:49 30/07/2013] [04:49 30/07/2013] 85CDD895FDB362C9C1E10C62725AD652
C:\Windows\Temp\avg_a18624\ProgData\AVG Secure Search\FireFoxExt\15.4.0.5\components\avg-dnt-policy.js --a---- 20594 bytes [04:49 30/07/2013] [04:49 30/07/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\Windows\Temp\avg_a18624\ProgData\AVG Secure Search\FireFoxExt\15.4.0.5\modules\avg-dnt-adapter.js --a---- 4186 bytes [04:49 30/07/2013] [04:49 30/07/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\Windows\Temp\avg_a18624\ProgData\AVG Secure Search\FireFoxExt\15.4.0.5\modules\avg.xml --a---- 3662 bytes [04:49 30/07/2013] [04:49 30/07/2013] 73653A0392EBFDC60E5104D32B7A6891
C:\Windows\Temp\avg_a18624\ProgData\AVG Secure Search\FireFoxExt\15.4.0.5\modules\avgJsm.js --a---- 2591 bytes [04:49 30/07/2013] [04:49 30/07/2013] 8A996232DD8FCB9D7F01C99F3CE0110B
C:\Windows\Temp\avg_a18624\ProgFiles\AVG Secure Search\AVG Secure Search --a---- 20144 bytes [04:49 30/07/2013] [04:49 30/07/2013] 9BBA0C311E826E4879C4C9C4CCCF8F1C
C:\Windows\Temp\avg_a18624\ProgFiles\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll --a---- 3086512 bytes [04:49 30/07/2013] [04:49 30/07/2013] 3CD5F21D4FD78839B58076A44BD3A264
C:\Windows\Temp\avg_a18624\ProgFiles\AVG Secure Search\ChromeGuardRes\avg_logo_medium.png --a---- 3568 bytes [04:49 30/07/2013] [04:49 30/07/2013] 438B86EC7A9ADCAC4E5DCADFE13212E7
C:\Windows\Temp\avg_a27032\avg-secure-search-installer.exe --a---- 2226864 bytes [09:40 15/08/2013] [09:40 15/08/2013] 2C1B0965CB65797001053D8956F9CD54
C:\Windows\Temp\avg_a27032\CommonFiles\AVG Secure Search\avgdttbx.dll --a---- 569520 bytes [09:40 15/08/2013] [09:40 15/08/2013] 37019F19796835232088232341CDB365
C:\Windows\Temp\avg_a27032\CommonFiles\AVG Secure Search\AVGRewardsWorker.cfg --a---- 475 bytes [09:40 15/08/2013] [09:40 15/08/2013] 0EEE772CC080FF3138E54837F76AA5D1
C:\Windows\Temp\avg_a27032\CommonFiles\AVG Secure Search\AVGRewardsWorker.dll --a---- 581808 bytes [09:40 15/08/2013] [09:40 15/08/2013] E08C1B0E3C547009DC99D1208EC6CF8E
C:\Windows\Temp\avg_a27032\CommonFiles\AVG Secure Search\avgtpx64.sys --a---- 45856 bytes [09:40 15/08/2013] [09:40 15/08/2013] E647C4315F36756DF5FA38BDEB51F224
C:\Windows\Temp\avg_a27032\CommonFiles\AVG Secure Search\avgtpx86.sys --a---- 37664 bytes [09:40 15/08/2013] [09:40 15/08/2013] 311C5A8D894563CD2712CD297A34FAFB
C:\Windows\Temp\avg_a27032\ConfigFiles\avguidx.dll --a---- 257712 bytes [09:40 15/08/2013] [09:40 15/08/2013] 1976F1950A9C7EEA8040D7A1EECB7A84
C:\Windows\Temp\avg_a27032\ProgData\avg-secure-search.xml --a---- 3715 bytes [09:40 15/08/2013] [09:40 15/08/2013] 38B2A05F841D64778E2918E52B0C4219
C:\Windows\Temp\avg_a27032\ProgData\avgMozXPCOM.js --a---- 42163 bytes [09:40 15/08/2013] [09:40 15/08/2013] B4E09F91D4656A34541E54531C0EE3C3
C:\Windows\Temp\avg_a27032\ProgData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx --a---- 257167 bytes [09:40 15/08/2013] [09:40 15/08/2013] 8A196063A0F0305A8A05CCEC1AF746C3
C:\Windows\Temp\avg_a27032\ProgData\AVG Secure Search\FireFoxExt\15.5.0.2\chrome\avg.jar --a---- 101205 bytes [09:40 15/08/2013] [09:40 15/08/2013] B74EB4314736817FF265BE003A805A38
C:\Windows\Temp\avg_a27032\ProgData\AVG Secure Search\FireFoxExt\15.5.0.2\components\avg-dnt-policy.js --a---- 20594 bytes [09:40 15/08/2013] [09:40 15/08/2013] A3452896E8B226D523B37EB6BB75BAC8
C:\Windows\Temp\avg_a27032\ProgData\AVG Secure Search\FireFoxExt\15.5.0.2\modules\avg-dnt-adapter.js --a---- 4186 bytes [09:40 15/08/2013] [09:40 15/08/2013] 0F144F2C1F29AD1624681292E8762C4D
C:\Windows\Temp\avg_a27032\ProgData\AVG Secure Search\FireFoxExt\15.5.0.2\modules\avg.xml --a---- 3662 bytes [09:40 15/08/2013] [09:40 15/08/2013] 73653A0392EBFDC60E5104D32B7A6891
C:\Windows\Temp\avg_a27032\ProgData\AVG Secure Search\FireFoxExt\15.5.0.2\modules\avgJsm.js --a---- 2591 bytes [09:40 15/08/2013] [09:40 15/08/2013] 8A996232DD8FCB9D7F01C99F3CE0110B
C:\Windows\Temp\avg_a27032\ProgFiles\AVG Secure Search\AVG Secure Search --a---- 20144 bytes [09:40 15/08/2013] [09:40 15/08/2013] E8D18C7B524F1586D25E5F875032329A
C:\Windows\Temp\avg_a27032\ProgFiles\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll --a---- 3122864 bytes [09:40 15/08/2013] [09:40 15/08/2013] 659C2301EF2B66E5C8F12DA758E9049F
C:\Windows\Temp\avg_a27032\ProgFiles\AVG Secure Search\ChromeGuardRes\avg_logo_medium.png --a---- 3568 bytes [09:40 15/08/2013] [09:40 15/08/2013] 438B86EC7A9ADCAC4E5DCADFE13212E7
 
========== folderfind ==========
 
Searching for "*AVG*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search d------ [16:45 31/01/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\ChromeRes\AVG Nation toolbar d------ [16:45 31/01/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\ChromeRes\AVG SafeGuard toolbar d------ [16:45 31/01/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\ChromeRes\AVG Secure Search d------ [16:45 31/01/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search d------ [16:45 31/01/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search d------ [16:44 31/01/2014]
C:\AdwCleaner\Quarantine\C\Users\(myname)\AppData\Local\AVG Secure Search d------ [16:45 31/01/2014]
C:\AdwCleaner\Quarantine\C\Users\(myname)\AppData\LocalLow\AVG Secure Search d------ [16:45 31/01/2014]
C:\Users\(myname)\Documents\Old Firefox Data\fya00wr3.default-1360427920273\avg d------ [18:54 03/02/2014]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search d------ [03:30 11/02/2013]
C:\Windows\Temp\avg_a01516 d------ [17:06 20/05/2013]
C:\Windows\Temp\avg_a03296 d------ [22:35 28/09/2013]
C:\Windows\Temp\avg_a04140 d------ [03:19 17/11/2013]
C:\Windows\Temp\avg_a04632 d------ [06:26 27/06/2013]
C:\Windows\Temp\avg_a04816 d------ [23:14 08/12/2013]
C:\Windows\Temp\avg_a08328 d------ [06:32 02/10/2013]
C:\Windows\Temp\avg_a10096 d------ [15:02 18/02/2013]
C:\Windows\Temp\avg_a11220 d------ [03:29 11/02/2013]
C:\Windows\Temp\avg_a12108 d------ [13:16 11/11/2013]
C:\Windows\Temp\avg_a15908 d------ [05:56 09/01/2014]
C:\Windows\Temp\avg_a18624 d------ [04:49 30/07/2013]
C:\Windows\Temp\avg_a27032 d------ [09:40 15/08/2013]
C:\Windows\Temp\avg_a01516\CommonFiles\AVG Secure Search d------ [17:06 20/05/2013]
C:\Windows\Temp\avg_a01516\ProgData\AVG Secure Search d------ [17:06 20/05/2013]
C:\Windows\Temp\avg_a01516\ProgFiles\AVG Secure Search d------ [17:06 20/05/2013]
C:\Windows\Temp\avg_a03296\CommonFiles\AVG Secure Search d------ [22:35 28/09/2013]
C:\Windows\Temp\avg_a03296\ProgData\AVG Secure Search d------ [22:35 28/09/2013]
C:\Windows\Temp\avg_a03296\ProgFiles\AVG Secure Search d------ [22:35 28/09/2013]
C:\Windows\Temp\avg_a03296\ProgFiles\AVG Secure Search\ChromeRes\AVG SafeGuard toolbar d------ [22:35 28/09/2013]
C:\Windows\Temp\avg_a03296\ProgFiles\AVG Secure Search\ChromeRes\AVG Secure Search d------ [22:35 28/09/2013]
C:\Windows\Temp\avg_a04140\CommonFiles\AVG Secure Search d------ [03:19 17/11/2013]
C:\Windows\Temp\avg_a04140\ProgData\AVG Secure Search d------ [03:19 17/11/2013]
C:\Windows\Temp\avg_a04140\ProgFiles\AVG Secure Search d------ [03:19 17/11/2013]
C:\Windows\Temp\avg_a04140\ProgFiles\AVG Secure Search\ChromeRes\AVG Nation toolbar d------ [03:19 17/11/2013]
C:\Windows\Temp\avg_a04140\ProgFiles\AVG Secure Search\ChromeRes\AVG SafeGuard toolbar d------ [03:19 17/11/2013]
C:\Windows\Temp\avg_a04140\ProgFiles\AVG Secure Search\ChromeRes\AVG Secure Search d------ [03:19 17/11/2013]
C:\Windows\Temp\avg_a04632\CommonFiles\AVG Secure Search d------ [06:26 27/06/2013]
C:\Windows\Temp\avg_a04632\ProgData\AVG Secure Search d------ [06:26 27/06/2013]
C:\Windows\Temp\avg_a04632\ProgFiles\AVG Secure Search d------ [06:26 27/06/2013]
C:\Windows\Temp\avg_a04816\CommonFiles\AVG Secure Search d------ [23:15 08/12/2013]
C:\Windows\Temp\avg_a04816\ProgData\AVG Secure Search d------ [23:14 08/12/2013]
C:\Windows\Temp\avg_a04816\ProgFiles\AVG Secure Search d------ [23:14 08/12/2013]
C:\Windows\Temp\avg_a04816\ProgFiles\AVG Secure Search\ChromeRes\AVG Nation toolbar d------ [23:14 08/12/2013]
C:\Windows\Temp\avg_a04816\ProgFiles\AVG Secure Search\ChromeRes\AVG SafeGuard toolbar d------ [23:14 08/12/2013]
C:\Windows\Temp\avg_a04816\ProgFiles\AVG Secure Search\ChromeRes\AVG Secure Search d------ [23:14 08/12/2013]
C:\Windows\Temp\avg_a08328\CommonFiles\AVG Secure Search d------ [06:32 02/10/2013]
C:\Windows\Temp\avg_a08328\ProgData\AVG Secure Search d------ [06:32 02/10/2013]
C:\Windows\Temp\avg_a08328\ProgFiles\AVG Secure Search d------ [06:32 02/10/2013]
C:\Windows\Temp\avg_a08328\ProgFiles\AVG Secure Search\ChromeRes\AVG Nation toolbar d------ [06:32 02/10/2013]
C:\Windows\Temp\avg_a08328\ProgFiles\AVG Secure Search\ChromeRes\AVG SafeGuard toolbar d------ [06:32 02/10/2013]
C:\Windows\Temp\avg_a08328\ProgFiles\AVG Secure Search\ChromeRes\AVG Secure Search d------ [06:32 02/10/2013]
C:\Windows\Temp\avg_a10096\CommonFiles\AVG Secure Search d------ [15:02 18/02/2013]
C:\Windows\Temp\avg_a10096\ProgData\AVG Secure Search d------ [15:02 18/02/2013]
C:\Windows\Temp\avg_a10096\ProgFiles\AVG Secure Search d------ [15:02 18/02/2013]
C:\Windows\Temp\avg_a11220\CommonFiles\AVG Secure Search d------ [03:29 11/02/2013]
C:\Windows\Temp\avg_a11220\ProgData\AVG Secure Search d------ [03:29 11/02/2013]
C:\Windows\Temp\avg_a11220\ProgFiles\AVG Secure Search d------ [03:29 11/02/2013]
C:\Windows\Temp\avg_a12108\CommonFiles\AVG Secure Search d------ [13:16 11/11/2013]
C:\Windows\Temp\avg_a12108\ProgData\AVG Secure Search d------ [13:16 11/11/2013]
C:\Windows\Temp\avg_a12108\ProgFiles\AVG Secure Search d------ [13:16 11/11/2013]
C:\Windows\Temp\avg_a12108\ProgFiles\AVG Secure Search\ChromeRes\AVG Nation toolbar d------ [13:16 11/11/2013]
C:\Windows\Temp\avg_a12108\ProgFiles\AVG Secure Search\ChromeRes\AVG SafeGuard toolbar d------ [13:16 11/11/2013]
C:\Windows\Temp\avg_a12108\ProgFiles\AVG Secure Search\ChromeRes\AVG Secure Search d------ [13:16 11/11/2013]
C:\Windows\Temp\avg_a15908\CommonFiles\AVG Secure Search d------ [05:56 09/01/2014]
C:\Windows\Temp\avg_a15908\ProgData\AVG Secure Search d------ [05:56 09/01/2014]
C:\Windows\Temp\avg_a15908\ProgFiles\AVG Secure Search d------ [05:56 09/01/2014]
C:\Windows\Temp\avg_a15908\ProgFiles\AVG Secure Search\ChromeRes\AVG Nation toolbar d------ [05:56 09/01/2014]
C:\Windows\Temp\avg_a15908\ProgFiles\AVG Secure Search\ChromeRes\AVG SafeGuard toolbar d------ [05:56 09/01/2014]
C:\Windows\Temp\avg_a15908\ProgFiles\AVG Secure Search\ChromeRes\AVG Secure Search d------ [05:56 09/01/2014]
C:\Windows\Temp\avg_a18624\CommonFiles\AVG Secure Search d------ [04:49 30/07/2013]
C:\Windows\Temp\avg_a18624\ProgData\AVG Secure Search d------ [04:49 30/07/2013]
C:\Windows\Temp\avg_a18624\ProgFiles\AVG Secure Search d------ [04:49 30/07/2013]
C:\Windows\Temp\avg_a27032\CommonFiles\AVG Secure Search d------ [09:40 15/08/2013]
C:\Windows\Temp\avg_a27032\ProgData\AVG Secure Search d------ [09:40 15/08/2013]
C:\Windows\Temp\avg_a27032\ProgFiles\AVG Secure Search d------ [09:40 15/08/2013]
 
========== regfind ==========
 
Searching for "AVG"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File8"="C:\Users\(myname)\Pictures\avgfile.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AVGRewardsWorker.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D5D3F69B-C202-42f3-AF22-61C1768CF002}]
@="AVG Rewards"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGRewards.AVGRewardsWorker]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGRewards.AVGRewardsWorker]
@="AVG Rewards"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGRewards.AVGRewardsWorker\CurVer]
@="AVGRewards.AVGRewardsWorker.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGRewards.AVGRewardsWorker.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGRewards.AVGRewardsWorker.1]
@="AVG Rewards"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:|Program Files (x86)|Microsoft Silverlight|5.1.20913.0|pl|mscorlib.resources.dll]
"mscorlib.resources,culture="pl",fileVersion="5.1.20913.0",processorArchitecture="MSIL",publicKeyToken="7cec85d7bea7798e",version="5.0.5.0""="3PgDT0$gy?~Dc}DI]?&!Complete5.1.20913.0>d9pc6DT6a?]5U}8ric(f 3PgDT0$gy?~Dc}DI]?&!Complete5.1.20913.0>D-AvgirCg8~K)8ISuCC6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.3.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}]
@="AVG Rewards"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}\InprocServer32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}\ProgID]
@="AVGRewards.AVGRewardsWorker.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}\VersionIndependentProgID]
@="AVGRewards.AVGRewardsWorker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\AVGRewardsWorker.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D5D3F69B-C202-42f3-AF22-61C1768CF002}]
@="AVG Rewards"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.3.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"="avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A3CBD8088D8DC646B65C79AE7BD3B84]
"79BC6538F84ABC4438A71A8283CD6496"="C:\Windows\Fonts\AVGmdtV183.ttf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A3CBD8088D8DC646B65C79AE7BD3B84]
"00000000000000000000000000000000"="C:\Windows\Fonts\AVGmdtV183.ttf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\02E261FAF71464940AD65637944859F7\Features]
"WIFI_Software"="-6cH%bCi-=E]LST]o(su0UWZrF@W{874uOHPF^XfF9!b3P1@0=,w}$oy5%bhzwkTec'xH9wa*]!DKPh^8^cX]4M=q?x9P,XVXlVl&}+dwJgxFA3sXJL,+QtvGQzb[ygN_=fXkY(K'4uu?*VWxUe7p8t1GZFpv+duU@M[EMVwN?IvH~j4_]Vz_APL]=(=*?Y`+o+uMN@mB?G&1KA5g@2RsWxYPy`,J!LtpF~yP9umy$z(-Pii{jlJ!'o599Wh+vG-e]hiF_'-7-q84?cZvQ^CZCRAQtE+,?w9n9A*+@7vbT~*U3O6pM{))=Tns?VxVxjLjwUCDe^)(@_cG&JeYm^FTNxAw8V0y9m$+5JQ}_?Wz74AYZPTb8Jt@}3]i+-9eeEZTEziW=wumxg1I$8TkbRY4m+y}=m'rw@%R~Z=nL&(%!WYZ=^t_TV&*uXJ]G~]e}!5P?EYP.7T3y@Ao0[0gxS4D?rylk*Mzvryg_w}Ow`qX9K0m}uI&cgfUSCNJ7lSv?CsJ3WcpM}5WcdqzIxY[@s1qbKr(oN8Jvm-x7Hj0=4QPp0M)kx0O'iKb].Py?WlRgJv62$L9)+'2b]!7?1KDQ'1^,!1{yA*JJkn==(~kJ9!Oa'5E+JpcJ(U[@J^n5?BnCS.tE3a7!3)i?Zn%gCx.Qd&KhZIb[Mjm@,KFGkhHwY3Hp4.gZ,_!?z{pQD=AdAqdq-)gs`q[=Mooy.6QtO=q%JC.c{O+@Kt2gpBPZrzZf$JF]nd5?6(TnKSI&K[K2{BT)I%%@Khb-^o~}Mke4^C@c0sz8[`@B$Bc+EbNSi5Mb,D89&cP'84XFEtPT2Z&Zl=O@UMq,S'cf!_]OZwiui(p=KD-D)R[x30(X?S
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\14D02E18772C625439D42F83A09FB187\Features]
"iCloud"="%Lpsgsd&a=saO{vy}(gAz3HIpgpi)@}_Iqbv1T''}0D1GXG_p={7iow,Gj%mdy`vS]@Eh(uJQ%&+$wkR51J'-,zRh(H8,4ms3MzY'UL![]@Eh(dfN)&+$wkROCUn]]@Eh(g`%*&+$wkR,sN~`]@Eh(*h-*&+$wkRZl]dDk}Rh(f'%i3u3MzYt&onGk}Rh({!5i3u3MzY1T~m-yIVv@VIv3Q!kDy.mUEht^@Eh(xmyS&+$wkR584(Tx5Kh(]kq5t,lVnY'F5Wo]@Eh([$E6&+$wkRN$Dx2-{x8=fRjcKj0R&TxJ'e?b.[h(iM1~et3MzYLkEX(!2[h(2~M,ft3MzYw7j.,^@Eh(P&6?&+$wkR&}ehv+6Ih(ptGgH,lVnY18Px4^@Eh(=U)A&+$wkRgq9s*,6Ih(4AimH,lVnY]o@6-T6Wh($3gY+u3MzYa{I(Zj2Rh(mJ2xqt3MzY-2%lA4UEh(Pn(D6+$wkR*tNBBx}Hh(^r@?.-lVnY_(+MHWuRh(N6w`At3MzYP^F['k!Sh(3+H^nt3MzYOoYhACzHh(eLoQ!,lVnY~unnFCzHh(Sv3V!,lVnYrx~@k^@Eh(i!)P&+$wkR6}p]m^@Eh(7[JP&+$wkR&6svo^@Eh(cHgS&+$wkR}@c4r^@Eh(?tpS&+$wkR1{2(w^@Eh(rC*T&+$wkR+lZqz^@Eh($HsW&+$wkRgY(.&_@Eh(-P&X&+$wkR+Wi{EIUFh(P3C&d+$wkRX]DrGIUFh(Y%{(d+$wkRw.8tHIUFh(T&H)d+$wkR6Ih$[^QKh(}?nvw,lVnYf7=IKZ_wk9eAu?'(kMI&&Wfp]^QKh(fJ6ww,lVnY6yV-ZhpQh(nxPEb!`@v*k-w6ceBSh(U
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BE08307221881E2428983507D08B042D\Features]
"ClicktoDisc"="7y)eW8l7_eO9MkbIdFwUpR^pXI`Quoe8MkbIdFwUHBe_989vKlu8MkbIdFwUHBe_989vKl*9MkbIdFwU7y)eW8l7_e?9MkbIdFwUpR^pXI`Quou8MkbIdFwUpR^pXI`Quo*9MkbIdFwU53^pXAtQuou8MkbIdFwUj&^pX@{Quou8MkbIdFwUr$^pX.}Quou8MkbIdFwUv!^pXW}Quou8MkbIdFwU53^pXAtQuo*9MkbIdFwU^)^pX$zQuou8MkbIdFwUb(^pXMzQuou8MkbIdFwUv!^pXW}Quo*9MkbIdFwUn%^pXe{Quou8MkbIdFwUf'^pXrzQuou8MkbIdFwUr$^pX.}Quo*9MkbIdFwUn%^pXe{Quo*9MkbIdFwUj&^pX@{Quo*9MkbIdFwU8_IsYU6Oi(u8MkbIdFwUOy!sY(Vti(u8MkbIdFwUf'^pXrzQuo*9MkbIdFwUpQn_9%AlKlu8MkbIdFwUVOAsYKAXi(u8MkbIdFwUb(^pXMzQuo*9MkbIdFwU1-,sY3Oki(u8MkbIdFwU^)^pX$zQuo*9MkbIdFwUg6,sYGKki(u8MkbIdFwU8_IsYU6Oi(*9MkbIdFwUIcb_9gKzKlu8MkbIdFwUVOAsYKAXi(*9MkbIdFwU1-,sY3Oki(*9MkbIdFwU-'v_9xpcKlu8MkbIdFwUOy!sY(Vti(*9MkbIdFwU{3^rY&wBj(u8MkbIdFwUJG'`9U{UKlu8MkbIdFwUg6,sYGKki(*9MkbIdFwUYZc_9hlwKlu8MkbIdFwU{3^rY&wBj(*9MkbIdFwUpQn_9%AlKl*9MkbIdFwU6O&`90kVKlu8MkbIdFwUYZc_9hlwKl*9MkbIdFwUIcb_9g
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.10411.0"="[8^t7$bqk9[ty^P_,I1C-7w644~F(=E2cI6H{hLrG+15*M~pv8,h$q'y!(4j5=w?*DIPh9m@Aza,.6n1CW$rbyIhE?{NIZzs%.v0w(HYt2lh&?wv~~v?^yWQ$UQDhcD%A9=LQYEvA8}-^e%st6)55?ZB@Rk}3SD)EJE$Sn`ry=09RA4xorGZRFIe4_)@$=lKBIW82NnY]VPN4VF+_98mCuCPZl}U^DCTeUIFO?%n0M*9bSCO@`z]*LI2FARvx)df$&vWvGH*-J%?k=$9]]tBRw5]]S)]zH!KU@U8Jp+LE-DKvs[aCGI7~9Z_]-@@WfR&}5Z9MrC__9LMAA6OZ@qNR,Y,9g?R5AyaF}i0]m%lYG?.gF88X@NxG4rn5a_w'dceM^oU$A!M0K[Msw2Nf_6b%PFSK@_{lK]DvS1,M[a`ayLI3?`8jJt9`(,_i6qwR=w9C?31cX*_F~h^C06=IVm1R9UBDkJZFqTQS~SmlyJ2A9NmSF(TZ]x,3g5_&$g$}?eQ82%cB^5v2C^2,YQy@@L-Vs+yFK.IFwhb%[OLc9r9p.[D-2yLDmA~r1,~L=lNFQ,rI.i&nnM=dBMoy?_X*uMIwxuy*-^Ho{)QX9D6)792w05-gr3S4~(+w8=TA~.6~*WR{?s-['zW*@K8Pgr,lUVtttTI7SfoZ=7QUc)gUQ*6%=X(g3=P)ALP{0SKGaUQd{j&SNZJ_9&9OH=fs,q)^69na,_4&?D5[NAxpP+A79N_Ypx.l9gy3Vm8%RE1,,jV(ck93?L+Uc`mNj27cL=PHTE9^A)}EeOR}f[_1_DvIXvrT9yi5^ix~?&4p+fRd9Fji@RInnv_hKO'{wr^z@Zn@?bSI?.kln
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.20125.0"="[8^t7$bqk9[ty^P_,I1C-7w644~F(=E2cI6H{hLrG+15*M~pv8,h$q'y!(4j5=w?*DIPh9m@Aza,.6n1CW$rbyIhE?{NIZzs%.v0w(HYt2lh&?wv~~v?^yWQ$UQDhcD%A9=LQYEvA8}-^e%st6)55?ZB@Rk}3SD)EJE$Sn`ry=09RA4xorGZRFIe4_)@$=lKBIW82NnY]VPN4VF+_98mCuCPZl}U^DCTeUIFO?%n0M*9bSCO@`z]*LI2FARvx)df$&vWvGH*-J%?k=$9]]tBRw5]]S)]zH!KU@U8Jp+LE-DKvs[aCGI7~9Z_]-@@WfR&}5Z9MrC__9LMAA6OZ@qNR,Y,9g?R5AyaF}i0]m%lYG?.gF88X@NxG4rn5a_w'dceM^oU$A!M0K[Msw2Nf_6b%PFSK@_{lK]DvS1,M[a`ayLI3?`8jJt9`(,_i6qwR=w9C?31cX*_F~h^C06=IVm1R9UBDkJZFqTQS~SmlyJ2A9NmSF(TZ]x,3g5_&$g$}?eQ82%cB^5v2C^2,YQy@@L-Vs+yFK.IFwhb%[OLc9r9p.[D-2yLDmA~r1,~L=lNFQ,rI.i&nnM=dBMoy?_X*uMIwxuy*-^Ho{)QX9D6)792w05-gr3S4~(+w8=TA~.6~*WR{?s-['zW*@K8Pgr,lUVtttTI7SfoZ=7QUc)gUQ*6%=X(g3=P)ALP{0SKGaUQd{j&SNZJ_9&9OH=fs,q)^69na,_4&?D5[NAxpP+A79N_Ypx.l9gy3Vm8%RE1,,jV(ck93?L+Uc`mNj27cL=PHTE9^A)}EeOR}f[_1_DvIXvrT9yi5^ix~?&4p+fRd9Fji@RInnv_hKO'{wr^z@Zn@?bSI?.kln
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.20513.0"="[8^t7$bqk9[ty^P_,I1C-7w644~F(=E2cI6H{hLrG+15*M~pv8,h$q'y!(4j5=w?*DIPh9m@Aza,.6n1CW$rbyIhE?{NIZzs%.v0w(HYt2lh&?wv~~v?^yWQ$UQDhcD%A9=LQYEvA8}-^e%st6)55?ZB@Rk}3SD)EJE$Sn`ry=09RA4xorGZRFIe4_)@$=lKBIW82NnY]VPN4VF+_98mCuCPZl}U^DCTeUIFO?%n0M*9bSCO@`z]*LI2FARvx)df$&vWvGH*-J%?k=$9]]tBRw5]]S)]zH!KU@U8Jp+LE-DKvs[aCGI7~9Z_]-@@WfR&}5Z9MrC__9LMAA6OZ@qNR,Y,9g?R5AyaF}i0]m%lYG?.gF88X@NxG4rn5a_w'dceM^oU$A!M0K[Msw2Nf_6b%PFSK@_{lK]DvS1,M[a`ayLI3?`8jJt9`(,_i6qwR=w9C?31cX*_F~h^C06=IVm1R9UBDkJZFqTQS~SmlyJ2A9NmSF(TZ]x,3g5_&$g$}?eQ82%cB^5v2C^2,YQy@@L-Vs+yFK.IFwhb%[OLc9r9p.[D-2yLDmA~r1,~L=lNFQ,rI.i&nnM=dBMoy?_X*uMIwxuy*-^Ho{)QX9D6)792w05-gr3S4~(+w8=TA~.6~*WR{?s-['zW*@K8Pgr,lUVtttTI7SfoZ=7QUc)gUQ*6%=X(g3=P)ALP{0SKGaUQd{j&SNZJ_9&9OH=fs,q)^69na,_4&?D5[NAxpP+A79N_Ypx.l9gy3Vm8%RE1,,jV(ck93?L+Uc`mNj27cL=PHTE9^A)}EeOR}f[_1_DvIXvrT9yi5^ix~?&4p+fRd9Fji@RInnv_hKO'{wr^z@Zn@?bSI?.kln
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\Features]
"Complete5.1.20913.0"="[8^t7$bqk9[ty^P_,I1C-7w644~F(=E2cI6H{hLrG+15*M~pv8,h$q'y!(4j5=w?*DIPh9m@Aza,.6n1CW$rbyIhE?{NIZzs%.v0w(HYt2lh&?wv~~v?^yWQ$UQDhcD%A9=LQYEvA8}-^e%st6)55?ZB@Rk}3SD)EJE$Sn`ry=09RA4xorGZRFIe4_)@$=lKBIW82NnY]VPN4VF+_98mCuCPZl}U^DCTeUIFO?%n0M*9bSCO@`z]*LI2FARvx)df$&vWvGH*-J%?k=$9]]tBRw5]]S)]zH!KU@U8Jp+LE-DKvs[aCGI7~9Z_]-@@WfR&}5Z9MrC__9LMAA6OZ@qNR,Y,9g?R5AyaF}i0]m%lYG?.gF88X@NxG4rn5a_w'dceM^oU$A!M0K[Msw2Nf_6b%PFSK@_{lK]DvS1,M[a`ayLI3?`8jJt9`(,_i6qwR=w9C?31cX*_F~h^C06=IVm1R9UBDkJZFqTQS~SmlyJ2A9NmSF(TZ]x,3g5_&$g$}?eQ82%cB^5v2C^2,YQy@@L-Vs+yFK.IFwhb%[OLc9r9p.[D-2yLDmA~r1,~L=lNFQ,rI.i&nnM=dBMoy?_X*uMIwxuy*-^Ho{)QX9D6)792w05-gr3S4~(+w8=TA~.6~*WR{?s-['zW*@K8Pgr,lUVtttTI7SfoZ=7QUc)gUQ*6%=X(g3=P)ALP{0SKGaUQd{j&SNZJ_9&9OH=fs,q)^69na,_4&?D5[NAxpP+A79N_Ypx.l9gy3Vm8%RE1,,jV(ck93?L+Uc`mNj27cL=PHTE9^A)}EeOR}f[_1_DvIXvrT9yi5^ix~?&4p+fRd9Fji@RInnv_hKO'{wr^z@Zn@?bSI?.kln
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"AVGmdBU (TrueType)"="AVGmdtV183.ttf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object  consists of counters that describe the behavior of physical and virtual memory on the computer.  Physical memory is the amount of random access memory on the computer.  Virtual memory consists of the space in physical memory and on disk.  Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory.  Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object  consists of counters that describe the behavior of physical and virtual memory on the computer.  Physical memory is the amount of random access memory on the computer.  Virtual memory consists of the space in physical memory and on disk.  Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory.  Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0\manifest.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"="avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\Registration\{91120000-002F-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgAyADAAMAA3ACAATQBJAEMAUgBPAFMATwBGAFQAIABPAEYARgBJAEMARQAgAFMAWQBTAFQARQBNACAARABFAFMASwBUAE8AUAAgAEEAUABQAEwASQBDAEEAVABJAE8ATgAgAFMATwBGAFQAVwBBAFIARQANAAoAQgBlAGwAbwB3ACAAYQByAGUAIAB0AGgAcgBlAGUAIABzAGUAcABhAHIAYQB0AGUAIABzAGUAdABzACAAbwBmACAATABpAGMAZQBuAHMAZQAgAFQAZQByAG0AcwAuAKAAIABPAG4AbAB5ACAAbwBuAGUAIABzAGUAdAAgAGEAcABwAGwAaQBlAHMAIAB0AG8AIAB5AG8AdQAuAKAAIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAEwAaQBjAGUAbgBzAGUAIABUAGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAdQB0AGgAZQBuAHQA
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts]
"AVGmdBU (TrueType)"="AVGmdtV183.ttf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object  consists of counters that describe the behavior of physical and virtual memory on the computer.  Physical memory is the amount of random access memory on the computer.  Virtual memory consists of the space in physical memory and on disk.  Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory.  Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object  consists of counters that describe the behavior of physical and virtual memory on the computer.  Physical memory is the amount of random access memory on the computer.  Virtual memory consists of the space in physical memory and on disk.  Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory.  Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}]
@="AVG Rewards"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}\InprocServer32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}\ProgID]
@="AVGRewards.AVGRewardsWorker.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}\VersionIndependentProgID]
@="AVGRewards.AVGRewardsWorker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\AVGRewardsWorker.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{D5D3F69B-C202-42f3-AF22-61C1768CF002}]
@="AVG Rewards"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\15.3.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTP]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTP\0000]
"Service"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTP\0000]
"DeviceDesc"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTP\0000\Control]
"ActiveService"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgtp]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgtp]
"ImagePath"="\??\C:\Windows\system32\drivers\avgtpx64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgtp]
"DisplayName"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgtp\Instances]
"DefaultInstance"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgtp\Instances\avgtp]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgtp\Enum]
"0"="Root\LEGACY_AVGTP\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater17.3.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTP]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTP\0000]
"Service"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTP\0000]
"DeviceDesc"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avgtp]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avgtp]
"ImagePath"="\??\C:\Windows\system32\drivers\avgtpx64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avgtp]
"DisplayName"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avgtp\Instances]
"DefaultInstance"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avgtp\Instances\avgtp]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater17.3.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTP\0000]
"Service"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTP\0000]
"DeviceDesc"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTP\0000\Control]
"ActiveService"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avgtp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avgtp]
"ImagePath"="\??\C:\Windows\system32\drivers\avgtpx64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avgtp]
"DisplayName"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avgtp\Instances]
"DefaultInstance"="avgtp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avgtp\Instances\avgtp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avgtp\Enum]
"0"="Root\LEGACY_AVGTP\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater17.3.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-1693587206-1150818767-1700103013-1006\02fqumagntbo]
"DeviceId"="<Data><User username="02FQUMAGNTBO"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA2/uMYXJECEyR+EbpiEravwQAAAACAAAAAAAQZgAAAAEAACAAAABl4AEM/2j+c/jY9/9rTmop6rgJDG/W4O9glWw/v9G/qwAAAAAOgAAAAAIAACAAAABUGpvFD3bOjqYnU32oJeqci/HwppPLEWYZ4DZHEq3HaDAAAADrfmjfOpxI9Te6GiLDNOzNJhnBSBWe/3Rev7F05rIysI/yARzbeX8cW/0A+YTBADdAAAAAJ/FHojHwOtpCG7IycCr4gpgHtY+CB3PNluFqZCpmh9uRVjQODraAuu20QhAxZuhbGBQELTDyUoVLj3QzaW9O7w==</Pwd><Certificate targetname="WindowsLive:(cert):name=02fqumagntbo;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAOQB6AGIAYwBYADIAegBYAHAARQBpADYARgA2AFgAMABHAEYAZwA2AFQAUQBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEAVwBHAFkAaAB1ADMAMgBkAEQAZgBRAHIAagBNAEwA
[HKEY_USERS\S-1-5-21-1693587206-1150818767-1700103013-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File8"="C:\Users\(myname)\Pictures\avgfile.png"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-1693587206-1150818767-1700103013-1006\02fqumagntbo]
"DeviceId"="<Data><User username="02FQUMAGNTBO"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA2/uMYXJECEyR+EbpiEravwQAAAACAAAAAAAQZgAAAAEAACAAAABl4AEM/2j+c/jY9/9rTmop6rgJDG/W4O9glWw/v9G/qwAAAAAOgAAAAAIAACAAAABUGpvFD3bOjqYnU32oJeqci/HwppPLEWYZ4DZHEq3HaDAAAADrfmjfOpxI9Te6GiLDNOzNJhnBSBWe/3Rev7F05rIysI/yARzbeX8cW/0A+YTBADdAAAAAJ/FHojHwOtpCG7IycCr4gpgHtY+CB3PNluFqZCpmh9uRVjQODraAuu20QhAxZuhbGBQELTDyUoVLj3QzaW9O7w==</Pwd><Certificate targetname="WindowsLive:(cert):name=02fqumagntbo;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAOQB6AGIAYwBYADIAegBYAHAARQBpADYARgA2AFgAMABHAEYAZwA2AFQAUQBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEAVwBHAFkAaAB1ADMAMgBkAEQAZgBRAHIAagBNAEwA
 
-= EOF =-


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:42 PM

Posted 08 February 2014 - 03:35 PM

Hi,

 

See if running firefox in safe mode makes a difference.

 

Download Temp File Cleaner (TFC) - alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 w2t

w2t
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 25 February 2014 - 12:19 AM

Hi Toffee,

 

Sorry for the delayed response.

 

I seem to have fixed the problems with Firefox by deleting the old profile and creating a new one.  Then I just transferred all my bookmarks to it.  It's worked for two weeks now without a glitch.

 

Thank you for all of your suggestions and help.



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:42 PM

Posted 25 February 2014 - 11:25 AM

Hi,
 
Glad to hear that worked. You are welcome.
Just need to clean up the tools used with one more scan:
 
Download 51a5ce45263de-delfix.pngDelfix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
 
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC (non-applicable on XP)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't need to copy and paste it into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users