Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Inline Hook Detected


  • This topic is locked This topic is locked
19 replies to this topic

#1 eyf21

eyf21

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 08 July 2014 - 11:37 AM

Hi,

 

The result of my AVG scan shows that my laptop has been infected by "";"Inline hook win32k.sys XLATEOBJ_hGetColorTransform+0x66FD -> 0xFFFFF95FF8A5F1FE, <unknown>";"Infected". and
occasionally I do get blue screen when restarting or turning on the laptop.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.51.2
Run by Irene at 0:27:41 on 2014-07-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.1996.459 [GMT 8:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.amaizingsearches.info/?pid=924&r=2014/04/12&hid=12354377340801722509&lg=EN&cc=MY&unqvl=51
mStart Page = hxxp://websearch.amaizingsearches.info/?pid=924&r=2014/04/12&hid=12354377340801722509&lg=EN&cc=MY&unqvl=51
mWinlogon: Userinit = userinit.exe
BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Ads Removal: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Spotify Web Helper] "C:\Users\Irene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [AdobeBridge] <no file>
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{44860DB0-CD22-45A9-A48E-F1B35FE6879C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{44860DB0-CD22-45A9-A48E-F1B35FE6879C}\960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{44860DB0-CD22-45A9-A48E-F1B35FE6879C}\B44455D27457563747 : DHCPNameServer = 8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\vz07lppc.default-1397747501105\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Irene\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-1 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-9-1 224896]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-6-17 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-25 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-8-25 427360]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-17 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-6-17 242968]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-6 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-25 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-4 92008]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-3-3 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-3-3 39464]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2014-7-8 23048]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-11-29 12252192]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2014-7-8 34848]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-29 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2014-7-8 23016]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2010-8-2 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2010-8-2 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2010-8-2 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2010-8-2 33792]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-3-3 329832]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-9 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]
.
=============== Created Last 30 ================
.
2014-07-08 16:18:32    10779000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{143D0AE6-3081-470D-B815-C94C246250C1}\mpengine.dll
2014-07-08 14:27:01    --------    d-----w-    C:\ProgramData\IObit
2014-07-08 14:23:04    --------    d-----w-    C:\Users\Irene\AppData\Roaming\IObit
2014-07-08 14:21:39    --------    d-----w-    C:\Program Files (x86)\IObit
2014-07-08 10:38:09    --------    d-----w-    C:\Users\Irene\AppData\Roaming\AVG2014
2014-07-08 10:37:58    --------    d-----w-    C:\Windows\SysWow64\%systemroot%
2014-07-08 10:37:10    --------    d--h--w-    C:\$AVG
2014-07-08 10:37:02    --------    d-----w-    C:\Windows\System32\%systemroot%
2014-07-08 10:31:28    --------    d-----w-    C:\Users\Irene\AppData\Local\Avg2014
2014-07-07 19:59:48    --------    d-----w-    C:\Windows\System32\%appdata%
2014-07-06 09:06:49    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-07-06 09:06:28    43152    ----a-w-    C:\Windows\avastSS.scr
2014-07-06 07:02:35    --------    d-----w-    C:\Users\Irene\AppData\Roaming\TuneUp Software
2014-07-06 07:01:10    --------    d-----w-    C:\ProgramData\AVG2014
2014-07-06 06:57:23    --------    d-----w-    C:\Users\Irene\AppData\Local\MFAData
2014-07-02 13:49:26    --------    d-----w-    C:\Users\Irene\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-06-28 04:26:43    --------    d-----w-    C:\Users\Irene\AppData\Roaming\PDAppFlex
2014-06-27 18:50:36    --------    d-----w-    C:\ProgramData\regid.1986-12.com.adobe
2014-06-26 12:26:31    --------    d-----w-    C:\Users\Irene\AppData\Local\Nero_AG
2014-06-26 12:25:57    --------    d-----w-    C:\Users\Irene\AppData\Local\Nero
2014-06-17 08:21:34    235800    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2014-06-17 08:07:12    328984    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2014-06-17 08:06:58    269080    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2014-06-17 08:06:24    190744    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2014-06-17 08:06:22    242968    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2014-06-17 08:06:22    153368    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2014-06-17 08:06:20    123672    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2014-06-17 08:06:06    31512    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2014-06-12 18:27:59    8011776    ----a-w-    C:\Program Files\Internet Explorer\F12Resources.dll
2014-06-12 18:26:59    359936    ----a-w-    C:\Program Files\Internet Explorer\IEShims.dll
2014-06-12 18:26:58    977408    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-06-12 18:26:58    293080    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
2014-06-12 18:26:57    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-12 18:18:52    801280    ----a-w-    C:\Windows\System32\usp10.dll
2014-06-12 18:18:52    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2014-06-12 18:18:47    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-06-12 18:18:46    288192    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-12 18:18:10    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2014-06-12 18:18:09    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-06-12 18:18:08    1389056    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2014-06-12 18:18:07    2048    ----a-w-    C:\Windows\SysWow64\msxml6r.dll
2014-06-12 18:18:07    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-06-12 18:18:06    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-06-12 18:18:06    2048    ----a-w-    C:\Windows\System32\msxml6r.dll
2014-06-12 18:18:06    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-06-12 18:12:43    506368    ----a-w-    C:\Windows\System32\aepdu.dll
2014-06-12 18:12:41    424448    ----a-w-    C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-07-06 09:06:36    92008    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-07-06 09:06:35    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-06 09:06:35    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-07-06 09:06:35    224896    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-07-06 09:06:35    1041168    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-07-06 09:06:34    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-05-30 10:02:37    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-05-30 09:08:22    5782528    ----a-w-    C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-05-30 07:56:50    4244992    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10    1790976    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-05-14 16:41:29    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 16:41:29    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-14 16:41:11    17938608    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-04-11 00:07:17    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH:  0:31:58.13 ===============

 

Thanks!!
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 08 July 2014 - 11:42 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 eyf21

eyf21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 09 July 2014 - 03:12 AM

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-09 15:09:05
-----------------------------
15:09:05.295    OS Version: Windows x64 6.1.7601 Service Pack 1
15:09:05.296    Number of processors: 4 586 0x2A07
15:09:05.297    ComputerName: IRENE-HP  UserName: Irene
15:09:12.032    Initialize success
15:09:12.032    VM: initialized successfully
15:09:12.048    VM: Intel CPU BiosDisabled
15:09:25.266    VM: supported disk I/O iaStor.sys
15:09:31.443    AVAST engine defs: 14070801
15:10:03.096    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:10:03.096    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
15:10:03.470    Disk 0 MBR read successfully
15:10:03.470    Disk 0 MBR scan
15:10:03.548    Disk 0 Windows 7 default MBR code
15:10:03.579    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
15:10:03.611    Disk 0 default boot code
15:10:03.689    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       462653 MB offset 409600
15:10:03.751    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13983 MB offset 947922944
15:10:03.798    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
15:10:05.077    Disk 0 scanning C:\Windows\system32\drivers
15:11:38.045    Service scanning
15:13:49.948    Modules scanning
15:13:49.961    Disk 0 trace - called modules:
15:13:49.995    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:13:50.000    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800637a060]
15:13:50.012    3 CLASSPNP.SYS[fffff88001d1143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003b74050]
15:14:12.625    AVAST engine scan C:\Windows
15:14:43.920    AVAST engine scan C:\Windows\system32
15:28:06.280    AVAST engine scan C:\Windows\system32\drivers
15:28:38.195    AVAST engine scan C:\Users\Irene
15:41:21.130    AVAST engine scan C:\ProgramData
15:47:50.028    Scan finished successfully
16:11:22.798    Disk 0 MBR has been saved successfully to "C:\Users\Irene\Desktop\MBR.dat"
16:11:22.848    The log file has been saved successfully to "C:\Users\Irene\Desktop\aswMBR.txt"


Thankyou and do let me know if I missed out anything.


Edited by eyf21, 09 July 2014 - 03:26 AM.


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 09 July 2014 - 03:50 PM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 eyf21

eyf21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 11 July 2014 - 06:29 AM

ComboFix 14-07-11.01 - Irene 11/07/2014  17:47:28.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.1996.696 [GMT 8:00]
Running from: c:\users\Irene\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\YoutubeAdblocker
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\Eo1arH_Ms4fL.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\Who4Dec.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\rqCbpRbVe.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\xiWxN1Z.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\tvLi.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\ZDSFsVditG2.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\Lh53F6.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\lqOmuR9G99.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\AvWJDoZP.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\mYfia.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\iFJCpblY8wa.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\rGv11.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\Eo1arH_Ms4fL.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\Who4Dec.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\rqCbpRbVe.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\xiWxN1Z.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\tvLi.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\ZDSFsVditG2.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\Lh53F6.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\lqOmuR9G99.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\AvWJDoZP.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\mYfia.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\iFJCpblY8wa.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\rGv11.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\Eo1arH_Ms4fL.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\Who4Dec.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\rqCbpRbVe.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\xiWxN1Z.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\tvLi.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\ZDSFsVditG2.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\Lh53F6.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\lqOmuR9G99.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\AvWJDoZP.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\mYfia.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\iFJCpblY8wa.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphckdgknbmgbdkbcdibipmpincjghpe\1.0\rGv11.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\background.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\content.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\Eo1arH_Ms4fL.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\lsdb.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\manifest.json
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmpbmkmgkdohacflfadihjcfemgiej\2.1\newtab.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\background.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\content.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\lsdb.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\manifest.json
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklekjbbjhdagapbkjaomlkkdmhifbmf\5.14\Who4Dec.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\background.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\content.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\lsdb.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\manifest.json
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\newtab.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnkfnnlipfhbemionbgdfghghoflfoa\2.1\rqCbpRbVe.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\background.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\content.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\lsdb.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\manifest.json
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmadlepdmakbojfjlnnfgdkikdgfmkic\5.14\xiWxN1Z.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\background.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\content.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\lsdb.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\manifest.json
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\echbgneenmmopfpihmdiennckahndnbk\5.14\tvLi.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\background.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\content.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\lsdb.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\manifest.json
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\237\ZDSFsVditG2.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\background.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\content.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\Lh53F6.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\lsdb.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\manifest.json
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofiahgpdhkddbplnmmodhlgcblhmjki\2.1\newtab.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\background.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\content.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\lqOmuR9G99.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\lsdb.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\manifest.json
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgalenmpbgpmfnabljcpnegdohebkmpf\2.1\newtab.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\AvWJDoZP.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\background.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\content.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\lsdb.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\manifest.json
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhbcalaggmahbkclmnboglelagdfekl\2.1\newtab.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\background.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\content.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\lsdb.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\manifest.json
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfnflgngjoddobehdibpbgdmhoiofb\5.14\mYfia.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\background.html
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\content.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\iFJCpblY8wa.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\lsdb.js
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnkigbjacellmgkgaicplebihnalmk\5.14\manifest.json
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\agpmpbmkmgkdohacflfadihjcfemgiej
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\agpmpbmkmgkdohacflfadihjcfemgiej\000045.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\agpmpbmkmgkdohacflfadihjcfemgiej\000049.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\agpmpbmkmgkdohacflfadihjcfemgiej\000052.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\agpmpbmkmgkdohacflfadihjcfemgiej\000057.log
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\agpmpbmkmgkdohacflfadihjcfemgiej\CURRENT
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\agpmpbmkmgkdohacflfadihjcfemgiej\LOCK
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\agpmpbmkmgkdohacflfadihjcfemgiej\LOG
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\agpmpbmkmgkdohacflfadihjcfemgiej\LOG.old
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\agpmpbmkmgkdohacflfadihjcfemgiej\MANIFEST-000056
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aklekjbbjhdagapbkjaomlkkdmhifbmf
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aklekjbbjhdagapbkjaomlkkdmhifbmf\000045.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aklekjbbjhdagapbkjaomlkkdmhifbmf\000051.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aklekjbbjhdagapbkjaomlkkdmhifbmf\000056.log
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aklekjbbjhdagapbkjaomlkkdmhifbmf\CURRENT
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aklekjbbjhdagapbkjaomlkkdmhifbmf\LOCK
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aklekjbbjhdagapbkjaomlkkdmhifbmf\LOG
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aklekjbbjhdagapbkjaomlkkdmhifbmf\LOG.old
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aklekjbbjhdagapbkjaomlkkdmhifbmf\MANIFEST-000055
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\apnkfnnlipfhbemionbgdfghghoflfoa
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\apnkfnnlipfhbemionbgdfghghoflfoa\000045.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\apnkfnnlipfhbemionbgdfghghoflfoa\000051.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\apnkfnnlipfhbemionbgdfghghoflfoa\000056.log
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\apnkfnnlipfhbemionbgdfghghoflfoa\CURRENT
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\apnkfnnlipfhbemionbgdfghghoflfoa\LOCK
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\apnkfnnlipfhbemionbgdfghghoflfoa\LOG
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\apnkfnnlipfhbemionbgdfghghoflfoa\LOG.old
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\apnkfnnlipfhbemionbgdfghghoflfoa\MANIFEST-000055
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmadlepdmakbojfjlnnfgdkikdgfmkic
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmadlepdmakbojfjlnnfgdkikdgfmkic\000045.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmadlepdmakbojfjlnnfgdkikdgfmkic\000051.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmadlepdmakbojfjlnnfgdkikdgfmkic\000056.log
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmadlepdmakbojfjlnnfgdkikdgfmkic\CURRENT
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmadlepdmakbojfjlnnfgdkikdgfmkic\LOCK
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmadlepdmakbojfjlnnfgdkikdgfmkic\LOG
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmadlepdmakbojfjlnnfgdkikdgfmkic\LOG.old
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmadlepdmakbojfjlnnfgdkikdgfmkic\MANIFEST-000055
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\echbgneenmmopfpihmdiennckahndnbk
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\echbgneenmmopfpihmdiennckahndnbk\000045.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\echbgneenmmopfpihmdiennckahndnbk\000051.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\echbgneenmmopfpihmdiennckahndnbk\000056.log
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\echbgneenmmopfpihmdiennckahndnbk\CURRENT
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\echbgneenmmopfpihmdiennckahndnbk\LOCK
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\echbgneenmmopfpihmdiennckahndnbk\LOG
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\echbgneenmmopfpihmdiennckahndnbk\LOG.old
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\echbgneenmmopfpihmdiennckahndnbk\MANIFEST-000055
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fofiahgpdhkddbplnmmodhlgcblhmjki
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fofiahgpdhkddbplnmmodhlgcblhmjki\000045.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fofiahgpdhkddbplnmmodhlgcblhmjki\000051.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fofiahgpdhkddbplnmmodhlgcblhmjki\000056.log
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fofiahgpdhkddbplnmmodhlgcblhmjki\CURRENT
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fofiahgpdhkddbplnmmodhlgcblhmjki\LOCK
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fofiahgpdhkddbplnmmodhlgcblhmjki\LOG
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fofiahgpdhkddbplnmmodhlgcblhmjki\LOG.old
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fofiahgpdhkddbplnmmodhlgcblhmjki\MANIFEST-000055
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hgalenmpbgpmfnabljcpnegdohebkmpf
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hgalenmpbgpmfnabljcpnegdohebkmpf\000045.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hgalenmpbgpmfnabljcpnegdohebkmpf\000051.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hgalenmpbgpmfnabljcpnegdohebkmpf\000056.log
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hgalenmpbgpmfnabljcpnegdohebkmpf\CURRENT
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hgalenmpbgpmfnabljcpnegdohebkmpf\LOCK
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hgalenmpbgpmfnabljcpnegdohebkmpf\LOG
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hgalenmpbgpmfnabljcpnegdohebkmpf\LOG.old
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hgalenmpbgpmfnabljcpnegdohebkmpf\MANIFEST-000055
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhhbcalaggmahbkclmnboglelagdfekl
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhhbcalaggmahbkclmnboglelagdfekl\000045.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhhbcalaggmahbkclmnboglelagdfekl\000051.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhhbcalaggmahbkclmnboglelagdfekl\000056.log
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhhbcalaggmahbkclmnboglelagdfekl\CURRENT
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhhbcalaggmahbkclmnboglelagdfekl\LOCK
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhhbcalaggmahbkclmnboglelagdfekl\LOG
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhhbcalaggmahbkclmnboglelagdfekl\LOG.old
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhhbcalaggmahbkclmnboglelagdfekl\MANIFEST-000055
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hjhfnflgngjoddobehdibpbgdmhoiofb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hjhfnflgngjoddobehdibpbgdmhoiofb\000045.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hjhfnflgngjoddobehdibpbgdmhoiofb\000051.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hjhfnflgngjoddobehdibpbgdmhoiofb\000056.log
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hjhfnflgngjoddobehdibpbgdmhoiofb\CURRENT
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hjhfnflgngjoddobehdibpbgdmhoiofb\LOCK
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hjhfnflgngjoddobehdibpbgdmhoiofb\LOG
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hjhfnflgngjoddobehdibpbgdmhoiofb\LOG.old
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hjhfnflgngjoddobehdibpbgdmhoiofb\MANIFEST-000055
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nilnkigbjacellmgkgaicplebihnalmk
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nilnkigbjacellmgkgaicplebihnalmk\000045.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nilnkigbjacellmgkgaicplebihnalmk\000051.ldb
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nilnkigbjacellmgkgaicplebihnalmk\000056.log
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nilnkigbjacellmgkgaicplebihnalmk\CURRENT
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nilnkigbjacellmgkgaicplebihnalmk\LOCK
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nilnkigbjacellmgkgaicplebihnalmk\LOG
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nilnkigbjacellmgkgaicplebihnalmk\LOG.old
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nilnkigbjacellmgkgaicplebihnalmk\MANIFEST-000055
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_agpmpbmkmgkdohacflfadihjcfemgiej_0.localstorage-journal
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_agpmpbmkmgkdohacflfadihjcfemgiej_0.localstorage
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aklekjbbjhdagapbkjaomlkkdmhifbmf_0.localstorage-journal
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aklekjbbjhdagapbkjaomlkkdmhifbmf_0.localstorage
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_apnkfnnlipfhbemionbgdfghghoflfoa_0.localstorage-journal
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_apnkfnnlipfhbemionbgdfghghoflfoa_0.localstorage
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dmadlepdmakbojfjlnnfgdkikdgfmkic_0.localstorage-journal
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dmadlepdmakbojfjlnnfgdkikdgfmkic_0.localstorage
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_echbgneenmmopfpihmdiennckahndnbk_0.localstorage-journal
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_echbgneenmmopfpihmdiennckahndnbk_0.localstorage
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flogpfmjdekjoilcnmmchanikomlidie_0.localstorage-journal
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flogpfmjdekjoilcnmmchanikomlidie_0.localstorage
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fofiahgpdhkddbplnmmodhlgcblhmjki_0.localstorage-journal
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fofiahgpdhkddbplnmmodhlgcblhmjki_0.localstorage
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hgalenmpbgpmfnabljcpnegdohebkmpf_0.localstorage-journal
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hgalenmpbgpmfnabljcpnegdohebkmpf_0.localstorage
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hhhbcalaggmahbkclmnboglelagdfekl_0.localstorage-journal
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hhhbcalaggmahbkclmnboglelagdfekl_0.localstorage
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hjhfnflgngjoddobehdibpbgdmhoiofb_0.localstorage-journal
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hjhfnflgngjoddobehdibpbgdmhoiofb_0.localstorage
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nilnkigbjacellmgkgaicplebihnalmk_0.localstorage-journal
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nilnkigbjacellmgkgaicplebihnalmk_0.localstorage
c:\users\Irene\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgcfg.log
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log.1
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log.2
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log.3
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log.4
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log.5
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log.6
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgdecider.log
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgdecider.log.lock
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgidpagent.log
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgidpagent.log.1
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgidpluascript.log
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgwdsvc.log
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\commonpriv.log
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-11 to 2014-07-11  )))))))))))))))))))))))))))))))
.
.
2014-07-11 10:00 . 2014-07-11 10:00    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-11 09:34 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{05AB6238-7026-4BFE-94D2-FC0E62509A89}\mpengine.dll
2014-07-11 09:28 . 2014-07-11 09:28    --------    d-----w-    c:\windows\system32\%LOCALAPPDATA%
2014-07-10 05:55 . 2014-07-10 09:55    --------    d-----w-    c:\users\Irene\AppData\Local\AVG Web TuneUp
2014-07-10 05:55 . 2014-07-10 09:52    --------    d-----w-    c:\programdata\AVG Security Toolbar
2014-07-10 05:55 . 2014-07-10 05:53    50464    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2014-07-10 05:54 . 2014-07-10 05:54    --------    d-----w-    c:\programdata\AVG Secure Search
2014-07-10 05:54 . 2014-07-10 05:55    --------    d-----w-    c:\program files (x86)\Common Files\AVG Secure Search
2014-07-10 05:54 . 2014-07-10 05:55    --------    d-----w-    c:\programdata\AVG Web TuneUp
2014-07-10 05:53 . 2014-07-10 05:53    --------    d-----w-    c:\program files (x86)\AVG Web TuneUp
2014-07-09 14:16 . 2014-06-03 10:02    1354240    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 14:16 . 2014-06-03 09:29    936960    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 14:16 . 2014-06-30 02:09    519168    ----a-w-    c:\windows\system32\aepdu.dll
2014-07-09 14:16 . 2014-06-30 02:04    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-07-09 14:14 . 2014-06-19 01:06    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-07-09 14:13 . 2014-06-05 14:45    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-07-09 14:13 . 2014-06-05 14:26    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-07-09 14:13 . 2014-06-05 14:25    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-07-09 09:40 . 2014-07-09 09:40    11204096    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-08 14:21 . 2014-07-08 14:21    --------    d-----w-    c:\program files (x86)\IObit
2014-07-08 10:38 . 2014-07-08 10:38    --------    d-----w-    c:\users\Irene\AppData\Roaming\AVG2014
2014-07-08 10:37 . 2014-07-08 10:37    --------    d-----w-    c:\windows\SysWow64\%systemroot%
2014-07-08 10:37 . 2014-07-08 10:37    --------    d-----w-    C:\$AVG
2014-07-08 10:37 . 2014-07-08 10:37    --------    d-----w-    c:\windows\system32\%systemroot%
2014-07-08 10:31 . 2014-07-08 10:41    --------    d-----w-    c:\users\Irene\AppData\Local\Avg2014
2014-07-07 19:59 . 2014-07-07 19:59    --------    d-----w-    c:\windows\system32\%appdata%
2014-07-06 14:12 . 2014-07-06 14:12    --------    d-----w-    c:\program files\Google
2014-07-06 09:06 . 2014-07-06 09:06    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-07-06 09:06 . 2014-07-06 09:06    43152    ----a-w-    c:\windows\avastSS.scr
2014-07-06 07:02 . 2014-07-06 07:02    --------    d-----w-    c:\users\Irene\AppData\Roaming\TuneUp Software
2014-07-06 07:01 . 2014-07-09 08:10    --------    d-----w-    c:\programdata\AVG2014
2014-07-06 06:57 . 2014-07-06 06:57    --------    d-----w-    c:\users\Irene\AppData\Local\MFAData
2014-07-02 13:49 . 2014-07-02 13:49    --------    d-----w-    c:\users\Irene\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-06-28 04:26 . 2014-06-28 04:26    --------    d-----w-    c:\users\Irene\AppData\Roaming\PDAppFlex
2014-06-27 18:50 . 2014-06-27 18:50    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2014-06-27 18:48 . 2014-06-27 18:50    --------    d-----w-    c:\program files\Adobe
2014-06-27 18:43 . 2014-06-27 18:50    --------    d-----w-    c:\program files\Common Files\Adobe
2014-06-26 12:25 . 2014-07-07 19:48    --------    d-----w-    c:\users\Irene\AppData\Local\Nero
2014-06-17 08:21 . 2014-06-17 08:21    235800    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2014-06-17 08:07 . 2014-06-17 08:07    328984    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2014-06-17 08:06 . 2014-06-17 08:06    269080    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2014-06-17 08:06 . 2014-06-17 08:06    190744    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2014-06-17 08:06 . 2014-06-17 08:06    242968    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 08:06 . 2014-06-17 08:06    153368    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2014-06-17 08:06 . 2014-06-17 08:06    123672    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 08:06 . 2014-06-17 08:06    31512    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
2014-06-12 18:18 . 2014-04-25 02:34    801280    ----a-w-    c:\windows\system32\usp10.dll
2014-06-12 18:18 . 2014-04-25 02:06    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
2014-06-12 18:18 . 2014-04-05 02:47    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-06-12 18:18 . 2014-04-05 02:47    288192    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-12 18:18 . 2014-03-26 14:44    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2014-06-12 18:18 . 2014-03-26 14:44    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-06-12 18:18 . 2014-03-26 14:27    1389056    ----a-w-    c:\windows\SysWow64\msxml6.dll
2014-06-12 18:18 . 2014-03-26 14:27    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-06-12 18:18 . 2014-03-26 14:25    2048    ----a-w-    c:\windows\SysWow64\msxml6r.dll
2014-06-12 18:18 . 2014-03-26 14:41    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2014-06-12 18:18 . 2014-03-26 14:41    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-06-12 18:18 . 2014-03-26 14:25    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 19:11 . 2011-05-24 13:43    96441528    ----a-w-    c:\windows\system32\MRT.exe
2014-07-09 09:41 . 2012-04-14 06:46    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 09:41 . 2011-06-02 14:02    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-06 09:07 . 2012-08-25 07:15    427360    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-07-06 09:06 . 2014-04-04 00:57    92008    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-07-06 09:06 . 2013-08-31 17:39    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-07-06 09:06 . 2013-08-31 17:39    224896    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-07-06 09:06 . 2012-08-25 07:20    1041168    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-07-06 09:06 . 2012-08-25 07:20    307344    ----a-w-    c:\windows\system32\aswBoot.exe
2014-07-06 09:06 . 2012-08-25 07:15    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-07-06 09:06 . 2012-08-25 07:21    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}]
2012-07-09 00:09    263272    ----a-w-    c:\program files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"= "c:\program files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll" [2012-07-09 287848]
.
[HKEY_CLASSES_ROOT\clsid\{9e131a93-eed7-4beb-b015-a0adb30b5646}]
[HKEY_CLASSES_ROOT\claro.clarodskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\claro.clarodskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Spotify Web Helper"="c:\users\Irene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-05-13 1171000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-17 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-07-06 4086432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
"vProt"="c:\program files (x86)\AVG Web TuneUp\vprot.exe" [2014-07-10 2575384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-11-19 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe;c:\program files (x86)\BitComet\tools\BitCometService.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 04:29    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 13:30    1077576    ----a-w-    c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 09:41]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-08 02:14]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-08 02:14]
.
2014-07-03 c:\windows\Tasks\HPCeeScheduleForIRENE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-14 20:43]
.
2014-07-06 c:\windows\Tasks\HPCeeScheduleForIrene.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-14 20:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-06 09:06    634872    ----a-w-    c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-11-09 22:16    2238976    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-11-09 22:16    2238976    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-11-09 22:16    2238976    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-11-09 22:16    2238976    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-11-09 22:16    2238976    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 417304]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-02-29 1424896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-06-24 21720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://websearch.amaizingsearches.info/?pid=924&r=2014/04/12&hid=12354377340801722509&lg=EN&cc=MY&unqvl=51
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://websearch.amaizingsearches.info/?pid=924&r=2014/04/12&hid=12354377340801722509&lg=EN&cc=MY&unqvl=51
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\vz07lppc.default-1397747501105\
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\programdata\YoutubeAdblocker\Xf3D.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0} - c:\progra~2\SN0310~1.BOO
AddRemove-{7DD5E91C-3864-77EC-7635-D14910C2A03E} - c:\programdata\savee Neit\ib0yyZkJel.exe
AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - c:\programdata\SNT\pmfRcXo.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-11  18:07:55
ComboFix-quarantined-files.txt  2014-07-11 10:07
.
Pre-Run: 130,163,666,944 bytes free
Post-Run: 133,276,839,936 bytes free
.
- - End Of File - - 0CF9C31EA00FB09F9A3C50B523DB5C5D
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 13 July 2014 - 12:32 PM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 15 July 2014 - 07:42 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 16 July 2014 - 03:27 AM

This topic has been re-opened at the request of the person who originally posted.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 eyf21

eyf21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 16 July 2014 - 06:30 AM

ComboFix 14-07-11.01 - Irene 15/07/2014  22:01:59.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.1996.581 [GMT 8:00]
Running from: c:\users\Irene\Desktop\ComboFix.exe
Command switches used :: c:\users\Irene\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Claro LTD
c:\program files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll
c:\program files (x86)\Claro LTD\claro\1.6.4.1\claroApp.dll
c:\program files (x86)\Claro LTD\claro\1.6.4.1\claroEng.dll
c:\program files (x86)\Claro LTD\claro\1.6.4.1\clarosrv.exe
c:\program files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll
c:\program files (x86)\Claro LTD\claro\1.6.4.1\escortShld.dll
c:\program files (x86)\Claro LTD\claro\1.6.4.1\uninstall.exe
c:\program files (x86)\Claro LTD\claro\ClaroTB.xpi
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgcfg.log
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgcfg.log.lock
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgchjw.log
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgchjw.log.lock
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log.lock
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgidpagent.log
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgidpagent.log.1
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgidpagent.log.lock
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgidpluascript.log
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgidpluascript.log.lock
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\avgwdsvc.log
c:\windows\SysWow64\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg2014\log\commonpriv.log
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-15 to 2014-07-15  )))))))))))))))))))))))))))))))
.
.
2014-07-15 14:14 . 2014-07-15 14:14    --------    d-----w-    c:\users\HomeGroupUser$\AppData\Local\temp
2014-07-15 14:14 . 2014-07-15 14:14    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2014-07-15 14:14 . 2014-07-15 14:14    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-15 14:14 . 2014-07-15 14:14    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2014-07-15 14:14 . 2014-07-13 20:12    10924376    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{55A3D189-FE07-402B-A467-B56442C34978}\mpengine.dll
2014-07-11 09:28 . 2014-07-11 09:28    --------    d-----w-    c:\windows\system32\%LOCALAPPDATA%
2014-07-10 05:55 . 2014-07-10 09:55    --------    d-----w-    c:\users\Irene\AppData\Local\AVG Web TuneUp
2014-07-10 05:55 . 2014-07-10 09:52    --------    d-----w-    c:\programdata\AVG Security Toolbar
2014-07-10 05:55 . 2014-07-10 05:53    50464    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2014-07-10 05:54 . 2014-07-10 05:54    --------    d-----w-    c:\programdata\AVG Secure Search
2014-07-10 05:54 . 2014-07-10 05:55    --------    d-----w-    c:\program files (x86)\Common Files\AVG Secure Search
2014-07-10 05:54 . 2014-07-10 05:55    --------    d-----w-    c:\programdata\AVG Web TuneUp
2014-07-10 05:53 . 2014-07-10 05:53    --------    d-----w-    c:\program files (x86)\AVG Web TuneUp
2014-07-09 14:16 . 2014-06-03 10:02    1354240    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 14:16 . 2014-06-03 09:29    936960    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 14:16 . 2014-06-30 02:09    519168    ----a-w-    c:\windows\system32\aepdu.dll
2014-07-09 14:16 . 2014-06-30 02:04    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-07-09 14:14 . 2014-06-19 01:06    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-07-09 14:13 . 2014-06-05 14:45    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-07-09 14:13 . 2014-06-05 14:26    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-07-09 14:13 . 2014-06-05 14:25    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-07-09 09:40 . 2014-07-09 09:40    11204096    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-08 14:21 . 2014-07-08 14:21    --------    d-----w-    c:\program files (x86)\IObit
2014-07-08 10:38 . 2014-07-08 10:38    --------    d-----w-    c:\users\Irene\AppData\Roaming\AVG2014
2014-07-08 10:37 . 2014-07-08 10:37    --------    d-----w-    c:\windows\SysWow64\%systemroot%
2014-07-08 10:37 . 2014-07-08 10:37    --------    d-----w-    C:\$AVG
2014-07-08 10:37 . 2014-07-08 10:37    --------    d-----w-    c:\windows\system32\%systemroot%
2014-07-08 10:31 . 2014-07-08 10:41    --------    d-----w-    c:\users\Irene\AppData\Local\Avg2014
2014-07-07 19:59 . 2014-07-07 19:59    --------    d-----w-    c:\windows\system32\%appdata%
2014-07-06 14:12 . 2014-07-06 14:12    --------    d-----w-    c:\program files\Google
2014-07-06 09:06 . 2014-07-06 09:06    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-07-06 09:06 . 2014-07-06 09:06    43152    ----a-w-    c:\windows\avastSS.scr
2014-07-06 07:02 . 2014-07-06 07:02    --------    d-----w-    c:\users\Irene\AppData\Roaming\TuneUp Software
2014-07-06 07:01 . 2014-07-09 08:10    --------    d-----w-    c:\programdata\AVG2014
2014-07-06 06:57 . 2014-07-06 06:57    --------    d-----w-    c:\users\Irene\AppData\Local\MFAData
2014-07-02 13:49 . 2014-07-02 13:49    --------    d-----w-    c:\users\Irene\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-06-28 04:26 . 2014-06-28 04:26    --------    d-----w-    c:\users\Irene\AppData\Roaming\PDAppFlex
2014-06-27 18:50 . 2014-06-27 18:50    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2014-06-27 18:48 . 2014-06-27 18:50    --------    d-----w-    c:\program files\Adobe
2014-06-27 18:43 . 2014-06-27 18:50    --------    d-----w-    c:\program files\Common Files\Adobe
2014-06-26 12:25 . 2014-07-07 19:48    --------    d-----w-    c:\users\Irene\AppData\Local\Nero
2014-06-17 08:21 . 2014-06-17 08:21    235800    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2014-06-17 08:07 . 2014-06-17 08:07    328984    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2014-06-17 08:06 . 2014-06-17 08:06    269080    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2014-06-17 08:06 . 2014-06-17 08:06    190744    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2014-06-17 08:06 . 2014-06-17 08:06    242968    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 08:06 . 2014-06-17 08:06    153368    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2014-06-17 08:06 . 2014-06-17 08:06    123672    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 08:06 . 2014-06-17 08:06    31512    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 19:11 . 2011-05-24 13:43    96441528    ----a-w-    c:\windows\system32\MRT.exe
2014-07-09 09:41 . 2012-04-14 06:46    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 09:41 . 2011-06-02 14:02    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-06 09:07 . 2012-08-25 07:15    427360    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-07-06 09:06 . 2014-04-04 00:57    92008    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-07-06 09:06 . 2013-08-31 17:39    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-07-06 09:06 . 2013-08-31 17:39    224896    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-07-06 09:06 . 2012-08-25 07:20    1041168    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-07-06 09:06 . 2012-08-25 07:20    307344    ----a-w-    c:\windows\system32\aswBoot.exe
2014-07-06 09:06 . 2012-08-25 07:15    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-07-06 09:06 . 2012-08-25 07:21    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-04-25 02:34 . 2014-06-12 18:18    801280    ----a-w-    c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-12 18:18    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Spotify Web Helper"="c:\users\Irene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-05-13 1171000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-17 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-07-06 4086432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
"vProt"="c:\program files (x86)\AVG Web TuneUp\vprot.exe" [2014-07-10 2575384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-11-19 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe;c:\program files (x86)\BitComet\tools\BitCometService.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 04:29    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 13:30    1077576    ----a-w-    c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 09:41]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-08 02:14]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-08 02:14]
.
2014-07-03 c:\windows\Tasks\HPCeeScheduleForIRENE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-14 20:43]
.
2014-07-06 c:\windows\Tasks\HPCeeScheduleForIrene.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-14 20:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-06 09:06    634872    ----a-w-    c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-11-09 22:16    2238976    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-11-09 22:16    2238976    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-11-09 22:16    2238976    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-11-09 22:16    2238976    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-11-09 22:16    2238976    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 417304]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-02-29 1424896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-06-24 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://websearch.amaizingsearches.info/?pid=924&r=2014/04/12&hid=12354377340801722509&lg=EN&cc=MY&unqvl=51
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\vz07lppc.default-1397747501105\
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{000F18F2-09EB-4A59-82B2-5AE4184C39C3} - c:\program files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll
AddRemove-claro - c:\program files (x86)\Claro LTD\claro\1.6.4.1\uninstall.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\programdata\YoutubeAdblocker\Xf3D.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0} - c:\progra~2\SN0310~1.BOO
AddRemove-{7DD5E91C-3864-77EC-7635-D14910C2A03E} - c:\programdata\savee Neit\ib0yyZkJel.exe
AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - c:\programdata\SNT\pmfRcXo.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-15  22:17:59
ComboFix-quarantined-files.txt  2014-07-15 14:17
ComboFix2.txt  2014-07-11 10:07
.
Pre-Run: 133,520,953,344 bytes free
Post-Run: 133,044,346,880 bytes free
.
- - End Of File - - 3DD950C170E3A1B3C47AC26FE2D5F146
 

 

Malware

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15/7/2014
Scan Time: 11:14:42 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.15.08
Rootkit Database: v2014.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Irene

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350664
Time Elapsed: 12 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.Babylon.A, HKU\S-1-5-21-1274835307-2202535922-3919552617-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [3a9afda2d2a9d46255c1d281f9097c84],
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\BabylonToolbar, Quarantined, [f4e0693627546ccaa39d8e6dfe05bf41],
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dhkplhfnhceodhffomolpfigojocbpcb, Quarantined, [ede76f3094e791a5f95c1a00679dc13f],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0}, Quarantined, [33a1c3dcbebd4fe7a86f229d8f73867a],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1274835307-2202535922-3919552617-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [6a6a504f92e9f54111df23e4798b2ed2],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1274835307-2202535922-3919552617-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [884c059a91ea4fe79b1752808c76c739],

Registry Values: 1
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1274835307-2202535922-3919552617-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [a430d8c71d5eef47d21f3bcc6a9a35cb]

Registry Data: 1
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.amaizingsearches.info/?pid=924&r=2014/04/12&hid=12354377340801722509&lg=EN&cc=MY&unqvl=51, Good: (www.google.com), Bad: (http://websearch.amaizingsearches.info/?pid=924&r=2014/04/12&hid=12354377340801722509&lg=EN&cc=MY&unqvl=51),Replaced,[e2f2fca3b1ca999dea0fcbcca064f808]

Folders: 9
PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker, Quarantined, [70646d3218633cfa9f3ec4df32d0cf31],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.MultiPlug.A, C:\ProgramData\save NeT, Quarantined, [cc082b743d3e44f28fb985279a68cb35],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\save NeT, Quarantined, [04d0bae5fb801224a2ad19939b67d22e],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\sAve neEt, Quarantined, [8a4a366924570d2994a9347c867ca957],
PUP.Optional.MultiPlug.A, C:\ProgramData\sAve neEt, Quarantined, [d103f0af2c4fd264b18d2f81679b0df3],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\LocalLow\BabylonToolbar, Quarantined, [755ff8a74b306fc703a24a6726dcbe42],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\LocalLow\BabylonToolbar\BabylonToolbar, Quarantined, [755ff8a74b306fc703a24a6726dcbe42],

Files: 19
PUP.Optional.Softonic.A, C:\Users\Irene\Downloads\SoftonicDownloader_for_luckywire.exe, Quarantined, [5b79b6e984f790a662173fe831d08e72],
PUP.Optional.Softonic.A, C:\Users\Irene\Downloads\SoftonicDownloader_for_vlc-media-player.exe, Quarantined, [c113534c09720e284e2b180f29d835cb],
PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker\Xf3D.dat, Quarantined, [70646d3218633cfa9f3ec4df32d0cf31],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabMaint.x, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\babylon48.png, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabylonChromeToolBar.dll, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\bg.html, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\bg.js, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\browser_icon_babylon48.png, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\btns.png, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BUSolution.dll, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\cs.js, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\manifest.json, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\popup.html, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\popup.js, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\redirect.html, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.Babylon.A, C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\redirect.js, Quarantined, [61732f70e89344f2d894f6ae9072758b],
PUP.Optional.MultiPlug.A, C:\ProgramData\save NeT\pxR8hbiYY_.dat, Quarantined, [cc082b743d3e44f28fb985279a68cb35],
PUP.Optional.MultiPlug.A, C:\ProgramData\sAve neEt\HDBy.dat, Quarantined, [d103f0af2c4fd264b18d2f81679b0df3],

Physical Sectors: 0
(No malicious items detected)


(end)



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 18 July 2014 - 07:15 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 eyf21

eyf21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 19 July 2014 - 12:39 AM

C:\Dota\FanSuNet.exe    Win32/GameHack.QJ potentially unsafe application
C:\Dota\w3l.exe    Win32/GameHack.QJ potentially unsafe application
C:\Qoobox\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroApp.dll.vir    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroEng.dll.vir    probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\clarosrv.exe.vir    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll.vir    a variant of Win32/Toolbar.Montiera.F potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\escortShld.dll.vir    Win32/Toolbar.Funmoods potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll.vir    a variant of Win32/Toolbar.Escort.A potentially unwanted application
C:\Users\Irene\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll    a variant of Win32/Toolbar.Babylon.Q potentially unwanted application
C:\Users\Irene\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll    a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\Users\Irene\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll    a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\Users\Irene\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll    a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\Users\Irene\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll    a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\Users\Irene\Documents\Downloads\Integrated_CT2776682.exe    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Irene\Downloads\spotydl_setup.exe    Win32/InstallMonetizer.AF potentially unwanted application
 



#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:19 PM

Posted 20 July 2014 - 04:57 PM

Hi eyf21,

Marius is currently on holidays so I will be stepping in to help you. Are you still having any issues? There is no obvious signs of malware in your logs. Mostly it is toolbars and adware that is bundled with legit programs.

I see that you are running two antivirus programs (Avast and AVG) and four antispywareprograms (avast, avg, iobit and windows defender). While it is ok to have several of the anti spyware programs, the anti virus programs both have an on access scanner and are hooked deeply into the system. It is quite likely that AVG is actually detecting Avast. The two running in parallel might also cause the blue screens. I would therefore recommend removing one of the two and see if the message continues to appear.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 eyf21

eyf21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 22 July 2014 - 07:47 AM

Hi myrti,

Ok I will remove one of the anti virus, but I do remember sometime ago when I was just using one anti virus. I was already having the blue screen. Will uninstall and update you.

Another thing is, usually when I have this blue screen, the only way for me to make the laptop work is to run it in safe mode and after awhile I will restart the laptop, then the laptop won't be having blue screen. Not too sure if this information helps.

Thanks again

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:19 PM

Posted 22 July 2014 - 07:52 AM

Hi,

do you have the error message of the BSOD?

For me it doesn't look like you're infected right now. The logs you have provided are clean and the win32k.sys detection by AVG seems to be a common issue on non-infected machines.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 eyf21

eyf21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 24 July 2014 - 12:52 AM

Hi myrti,

Is there anywhere where I could check the BSOD error message?cause upon restating or turning on the laptop, it goes away too quickly, like a quick scan and it goes to the safe mode options. Did I missed out any steps or could do another scan? Sorry on insisting, just that the blue screen does appear a lot. Appreciate your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users