Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exploit Fake Flash Player (type 1747)


  • This topic is locked This topic is locked
9 replies to this topic

#1 donjohn4

donjohn4

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 31 August 2014 - 05:23 AM

Hello, since the past 10 day I keep getting the Exploit Fake Flash Player (type 1747). This happens whenever i try using Facebook, Google, Youtube or Gmail. When i try accessing these sites any page of the site won't load immediately after which my AVG anti-virus will pop-up with the Exploit Fake Flash Player (type 1747) notification. Mostly it occurs just for one of the 4 sites although at times multiple sites won't work. As per my knowledge it happens only with these 4 sites.

 

Details of my Laptop:

Manufacturer: Dell

Model: N5110

Processor Intel® Core™ i5-2450M CPU @ 2.50GHz

Installed memory (RAM): 4.00 GB

System type: 64-bit Operating System

Operating Systems: Dual-boot

Windows 7 Home Basic Service Pack 1 (Pre-installed at time of purchase)

Ubuntu (Don't remember which version as i use it 2-3 times a year)

Windows Firewall enabled

AVG AntiVirus Free Edition 2014

 

 

I have tried solving the problem on my own couple of times. When I first came across the problem i figure it must be a malware so i ran a MalwareBytes Anti Malware scan on my laptop. Here are the results of the scan. I have quarantined everything that was detected.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 25-08-2014
Scan Time: 08:27:03
Logfile: mbam 25-8-2014.txt
Administrator: No
 
Version: 2.00.2.1012
Malware Database: v2014.08.24.07
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Delwin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355242
Time Elapsed: 42 min, 43 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 9
PUP.Optional.Babylon.A, HKU\S-1-5-21-4076033807-1738934085-3749268866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [145327a337441620a7397100a062ff01], 
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ejpbbhjlbipncjklfjjaedaieimbmdda, Quarantined, [ee793694e2993402c7a2737b3ac8837d], 
PUP.Optional.PCPerformer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PERFORMERSOFT\PC Performer, Quarantined, [2f3801c9720959dde848949af80c57a9], 
PUP.Optional.TornTV.A, HKU\S-1-5-21-4076033807-1738934085-3749268866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V7.0, Quarantined, [4e19bd0d43387cba077b28e9ff0433cd], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-4076033807-1738934085-3749268866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ejpbbhjlbipncjklfjjaedaieimbmdda, Quarantined, [2542a62409726acc0d5d579718eaa65a], 
PUP.Optional.VideoPerformer.A, HKU\S-1-5-21-4076033807-1738934085-3749268866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PERFORMERSOFT LLC\Video Performer, Quarantined, [6bfc9b2f15662b0be77d42aeee147a86], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-4076033807-1738934085-3749268866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [c1a6ccfe0e6dce684dc90600d03354ac], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110411901140}, Quarantined, [79eed6f40d6e65d145863ca862a217e9], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411901140}, Quarantined, [79eed6f40d6e65d145863ca862a217e9], 
 
Registry Values: 2
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-4076033807-1738934085-3749268866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, Quarantined, [82e53793a9d2bb7b37ea334257abc040], 
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-4076033807-1738934085-3749268866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, ½¶stâ??FDG¨+xTë=p¶, Quarantined, [82e53793a9d2bb7b37ea334257abc040]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 12
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\userCode, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\icons, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\icons\actions, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\api, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\popupResource, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.SpecialSavings.A, C:\Users\Delwin\AppData\Roaming\SpecialSavings, Quarantined, [e1868f3b106bdc5aeee949879f6331cf], 
 
Files: 67
PUP.Optional.OpenCandy, C:\Users\Delwin\AppData\Roaming\PowerISO\Upgrade\PowerISO5-x64.exe, Quarantined, [dd8aa5256d0ef93dde1b12f164a149b7], 
PUP.Optional.Bundlore, C:\$RECYCLE.BIN\S-1-5-21-4076033807-1738934085-3749268866-1001\$RRX7FKV.exe, Quarantined, [184f676356255bdb8acac1e3b94bc53b], 
PUP.Optional.Firseria, C:\$RECYCLE.BIN\S-1-5-21-4076033807-1738934085-3749268866-1001\$RT5URDB.exe, Quarantined, [c99e1eacc1ba51e5372633d2df26cf31], 
PUP.Optional.Conduit.A, C:\Users\Delwin\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx, Quarantined, [60074f7bfd7ea096472147a71ae8857b], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\background.html, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\crossriderManifest.json, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\manifest.json, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\popup.html, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\manifest.xml, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins.json, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\22_resources.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\1000020_analytics.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\1000025_analyticsFront.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\1000030_mz.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\175_coolmirage_m.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\177_crossriderDashboard.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\17_jQuery.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\182_openUrl.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\183_tabsWrapper.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\19_CHAppAPIWrapper.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\1_base.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\21_debug.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\28_initializer.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\47_resources_background.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\64_appApiMessage.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\72_appApiValidation.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\80_CHPopupAppAPI.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\plugins\97_resourceApiWrapper.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\userCode\background.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\extensionData\userCode\extension.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\icons\icon128.png, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\icons\icon16.png, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\icons\icon48.png, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\icons\actions\1.png, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\background.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\main.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\platformVersion.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\api\chrome.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\api\cookie.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\api\message.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\api\pageAction.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\api\pageActionBG.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\app_api.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\bg_app_api.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\consts.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\cookie_store.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\crossriderAPI.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\delegate.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\events.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\extensionDataStore.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\installer.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\logFile.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\logging.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\onBGDocumentLoad.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\reports.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\storageWrapper.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\updateManager.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\util.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\xhr.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\popupResource\newPopup.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.CrossRider.A, C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\eikjfnpbaomplficjoennadfnacbmiaa\1.26.13_0\js\lib\popupResource\popup.js, Quarantined, [91d6dbef1467ef474124775352b0f60a], 
PUP.Optional.SpecialSavings.A, C:\Users\Delwin\AppData\Roaming\SpecialSavings\SpecialSavings_2.0.0.crx, Quarantined, [e1868f3b106bdc5aeee949879f6331cf], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
After this the problem disappeared but returned back in a few days. After that i performed an AVG AntiVirus Whole System scan. It did detect around 5-7 infected files I guess which I did delete. Unfortunately i couldn't find the report for that scan. Again the problem went for 2 days and then returned after which I tried resetting my wireless router. Belkin N300 Surf. The problem again went for a day after which i tried uninstalling and reinstalling Adobe Flash Player. However this didn't work either. I did a MalwareBytes scan as well as AVG scan again today. MalwareBytes came back clean. AVG shows me a ton of notifications which it doesn't solve and 2 detections which I usually restore since its for my Android rooting and I've had it for months without giving rise to any issues in the past. below are the results of my scans today and the DDS file that I read I was supposed to submit. Also i have attached the Attach.txt file.
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 31-08-2014
Scan Time: 11:24:40
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.31.01
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Delwin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345061
Time Elapsed: 1 hr, 24 min, 53 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Whole Computer Scan
High severity;"2";"2";"0"
Notifications;"394";"0";"394"
Scanned folders:;"Scan Whole Computer"
Started:;"31-08-2014, 11:21:54"
Finished:;"31-08-2014, 14:27:10"
Scanned items:;"1572546"
Launched by:;"Delwin"
 
Name;"Description";"Status";"Status";"Priority"
C:\Users\Public\Documents\My Pictures\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\FAAD7D567E76CAB10704AFD7C0488F23.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG\AWL2012\TTUSvclrt.tt;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Template Data\tempdb.mdf;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\42355E8E232EF8CADD187D531DEC55DD.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Prefetch\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Application Server-Applications%4Admin.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Audio%4CaptureMonitor.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\5FE81F25D4D51D8C38065E285F42F0BF.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Logs\CBS\CBS.log;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\32C943873CC624333BD0BF2A77384240.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\2C142C4C15E3B8D139B98154CD083071.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\C81ACF420917AA0F87487BC4D958BEB4.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\SysWOW64\Msdtc\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\451233ED13E097000776690B79D8D753.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Default\Documents\My Videos\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\LogFiles\WMI\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Delwin\Desktop\John2013_ITR1_PR8.xls;"Contains macros";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\OAlerts.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\A3C60C5E59327EB453EAA631B41AE407.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files (x86)\Google\CrashReports\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Temp\vmware-SYSTEM\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\sysprep\Panther\setupact.log;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_0d707e34-22ba-47d2-8f40-10def20d3ded.zip;"Password-protected";"Notification";"Infected";"Message"
C:\System Volume Information\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Delwin\AppData\Local\History\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\41648FA3AF58F3ACA0843F25FC7B4D28.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\779E080B33F322115205BB50F1E0B8D1.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_fb282229-bf1b-47d2-b2c6-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\A7575F8DE31A912FFE91A7A41B1E382A.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\sysprep\Panther\IE\diagerr.xml;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Delwin\Desktop\Don\Android\DooMLoRD_v4_ROOT-zergRush-busybox-su (2)\files\zergRush;"Trojan horse Exploit_c.WPD";"Secured";"Healed";"High"
C:\WINDOWS\System32\wbem\AutoRecover\F019C9391A5436446565E5387F8D40F3.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\repository\MAPPING1.MAP;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Galileo 2.5\Gd 2.5\viewpoint0550.exe;"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Logs\HomeGroup\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\0685DC0C8684127BE5DEFF585FDD8FEC.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-PrintService%4Admin.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\3FA3650B664BC96A8672EC85A7AE4225.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_9477990b-1bc4-47d2-9ecd-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\AD0B790C2468A8DCF73E8E2925527653.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\PLA\System\System Performance.xml;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Key Management Service.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\PLA\Reports\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\973858E80F1DA2CA957FCCD54F9B65F4.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Default\AppData\Local\History\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ClientUSBDevices%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\EDBF963FB003D0670AA9C2219BD091FB.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_b0892301-ffec-47d2-bc04-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-RMS-MSIPC%4Debug.etl;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\D0AF13028629A5F0CCB192C1731C5791.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\Microsoft\Protect\Recovery\Recovery.dat{2c4b50a6-4e55-11e2-9436-642737ec9bda}.TMContainer00000000000000000001.regtrans-ms;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\com\dmp\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\Msdtc\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wfp\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\MOF\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\8BA265A7154F292011E74F9B0803BACC.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\sysprep\Panther\setuperr.log;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\14C5A2A3C41254184B007011E5565E5B.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NlaSvc%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Logs\SystemRestore\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\SysWOW64\com\dmp\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\9D6DC6D14F2C168D63B2B58AA6CB3F86.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\RsFx\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Logs\WindowsBackup\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files (x86)\Microsoft Office\Office14\Library\Analysis\PROCDB.XLAM;"Contains macros";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\spool\PRINTERS\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Template Data\MS_AgentSigningCertificate.cer;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\88744D2A29102FC88ECF505DD2E984FC.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\7C45C8B7490D3AD44A961494C7FBFAFD.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\26869DC91CC97FBAE032BEA74B1F7AB8.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\LogFiles\Fax\Incoming\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\50A61596E5C5ECE8862EAE9A241E4D56.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Dell.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\MFAData\msistorg.dat.bkp;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\Microsoft\Protect\Recovery\Recovery.dat;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\hiberfil.sys;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkLocationWizard%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\A9325A7FC13EE1821F6BC28637472FC3.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\C848E1EED73B9992693EEDD7389E07F8.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\sysprep\Panther\diagerr.xml;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Internet Explorer.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\DebugChannel.etl;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\104B2FD1904F0BA87919834D1D3F04AF.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Delwin\PrintHood\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\VMware\SSL\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\NetworkList\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\ModemLogs\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\D38FFA40EC29A055EB37EBD604093C62.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MUI%4Admin.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\repository\MAPPING2.MAP;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\0AF2D09C9745E5FA1EC76370242D29C9.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\070646108BD2E03A20D78B04D8233FF3.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Delwin\Desktop\Don\Computer Books\Hacking\Ankit Fadia Hacking Books\Ankit Fadia Hacking Book Collections.exe;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\6F09C6FB03C02F6E4834D78C451F4681.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WPD-ClassInstaller%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ClientUSBDevices%4Admin.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\43AF8F4749656456F363ECA1D9B30B00.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Application Server-Applications%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_f372b7eb-2b15-47d2-b7ab-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\38EE6C630467A006990C5977C3058C94.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Recovery%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Public\Documents\My Videos\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\341285245F81AA74FE6654017E06C685.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\MFAData\aviupd.cfg;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\8248F723BBFE53441DB78BB98E9C7B04.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\DC999686F8B85B326CEDFA199DD07F72.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Installer\MSIF7D2.tmp;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\1D961330565A2637568D2A3CAF79E790.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Default\Documents\My Pictures\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\542DC56D520FDDEDA279A0D2F398203D.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\89C6E5E55DD254D61AB9D75B580C8C53.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\32F115CE72FEC63DDEAF0F4135546FA0.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\Documents\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\A070E510DD6FB900742044F2CD306750.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files (x86)\Microsoft Office\Office14\Library\Analysis\FUNCRES.XLAM;"Contains macros";"Notification";"Infected";"Message"
C:\WINDOWS\LiveKernelReports\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_6e7a5c9d-af34-47d2-9fb9-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\4D63DBC2E2F583689FBD5757DE239E05.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\26A5A04A346330E389400293E01228AC.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\AD27078EB452D9411CD733B764D61FDF.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\DBEB89FFB44F7953FE6991F49B1381A7.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\F920E83E4677DE19916C341DEFAEEE0D.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_d799871c-0ace-47d2-a6e4-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\Users\Default\AppData\Local\Temporary Internet Files\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\fp\swdir\localdata.mdb;"Contains macros";"Notification";"Infected";"Message"
C:\Users\Default\NetHood\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\CF8C0786491B25E81EAF9CD909AF06EA.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\D03C2AE022DEF1F4FA41826F3F82F3F6.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\2A05E3F4C9132FDF73BB3D12F6886F31.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\7073EBB8E2F3C70E0FA1F650B7DEA970.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\0268B349FB528F7A876A79DE14717B95.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\System.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\E202116242F1882D9B7334BA3590782D.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\D361F8B496FD6DAF7BEEF497E09C0DC1.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\8636DC7F9479DACE6778109CB4FB4B01.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Public\Documents\My Music\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\SOLVSAMP.XLS;"Contains macros";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteApp and Desktop Connections%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\C3F053947C9C22B6AEC644E83DEFC5D2.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\D04CF75CF95177478D7A2AB8BA487705.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\SysWOW64\config\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\6792FDA793556851BD20EA3DD8BD4F6B.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\77AF494807BB41A0B4B67AEEC51F85C6.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Audio%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\941DCF248EC1D3F6B717F53E6F950A65.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\FEDCF0C5E194376CBD64963452F9A8E1.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Template Data\templog.ldf;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Setup.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_ff3387a1-c24f-47d2-bc04-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\Users\Delwin\NetHood\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\A0925B7CAE67304DB8A7D8B009B810D1.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\CF881EBD6F50B8BAA9BD57DC3DAC5CB2.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\092389D621F5A8834203DAAC74CCA279.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\8528BAB554033EDA3A4EA8DDAF8F3598.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_c410cc1d-e1ac-47d2-abdd-29176b4be61b.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WPD-MTPClassDriver%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\SysWOW64\NetworkList\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\321F79808E7C79BD91941C94E53929EB.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\42C894EEACAD83A4E41154685841B3E1.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\37134956F76D3C30C9BE0C12571CAF43.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files (x86)\Microsoft Office\Office14\Library\SOLVER\SOLVER.XLAM;"Contains macros";"Notification";"Infected";"Message"
C:\WINDOWS\System32\LogFiles\HTTPERR\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\SysWOW64\Tasks\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\TuneUp.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\3E2EEA84B9C48DACD55F3E7EF12AC696.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\4B3B0B9371E89215C02D5E6BEF817802.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\UpdatusUser\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Delwin\AppData\Roaming\PCDr\Update\Binaries\patch_dsc_642214to642622_64_03.exe;"The file is signed with a broken digital signature, issued by: PC-Doctor.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WPD-CompositeClassDriver%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\LogFiles\Fax\Outgoing\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\PLA\System\System Diagnostics.xml;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Log\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\D5D6BB480217F9DCEC357F57222DEE59.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\sysprep\Panther\IE\setupact.log;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_0762b30d-765d-47d3-8fe9-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\F2A9E27ED0ADBE84061535EF7C9C13A5.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\pagefile.sys;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\security\database\secedit.sdb;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\SMINST\history.log;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\EDB534A0AD75CF6CD3441C25046B8E9A.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\EDB67A550428BB2A8DBDA687D67BEDE0.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\3EDC3F5A95D3A0FDFE1F87C15DC9636A.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_37eba446-a9a6-47d2-b7af-661124984394.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\14CD238ACDCF64FEFFB0CBD55E8E7ADC.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Default\Templates\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\Microsoft\Windows\Sqm\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\LogFiles\Firewall\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\Tasks\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\088F2BF65584EEA866644BC7F977EFF8.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Delwin\Documents\My Videos\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Panther\UnattendGC\diagerr.xml;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\ACB4D7F86FEC98F3823883B78D5BC4F2.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Default\Cookies\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Panther\UnattendGC\diagwrn.xml;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CAPI2%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\F74C0CFA45BE5D905C3ADF2EC8BF9EA1.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\7F269E749ABFFBDB9D9CDEE2B0A41AAF.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\6FFF7467A5B40765D5740A413CA8BB8A.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\Templates\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\PLA\Rules\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\MSOCache\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\C59549B4F20BC001A0A645775AB7BE45.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\sysprep\Panther\IE\diagwrn.xml;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\22BD4E705855FAECE7FFAB23C49D3662.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_6c9042f1-824e-47d2-8911-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\B3D1279CF76B72D4874D43A6EF458EF8.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\ServiceProfiles\LocalService\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wdi\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\56110EEE7F067A75407D9F58F62F7E1D.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\9F02CC08C7F26FE46495B38730E2C1CB.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_4fce8cff-8aeb-47d2-b2bc-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\repository\MAPPING3.MAP;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\20133BC3FFA56BBCD6A1356879D9B41E.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\C599AFA5A6F053BAD70179501868318E.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Backup\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_677a1471-2e7d-47d2-b7ab-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_788f02fb-784d-47d3-a28e-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\PLA\Templates\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\repository\INDEX.BTR;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\ias\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\AC7364DB8095313CD61CF47141AF3F0B.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\1BA88ACB624E02A260404A9D8F7BD8E5.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Documents and Settings\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\ServiceProfiles\NetworkService\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Windows PowerShell.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\AD1621C948A4E41C8ABE8FC09AC11633.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Delwin\Desktop\Don\Android\DooMLoRD_v4_ROOT-zergRush-busybox-su (2).zip;"Trojan horse Exploit_c.WPD";"Secured";"Healed";"High"
C:\WINDOWS\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_485c3508-db99-47d2-843b-191d7eb054bc.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\C9D18202AA357A22C174FCBBAA8AFC56.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_b68aa835-1964-47d2-9ecd-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\A851D3BCFCE697C24E7112D24AFBE9E3.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\DF2FB1F3C8DCD25B01FDE5A4697177CB.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Delwin\Desktop\Don\Softwares\Hard Disk Failure Detection and Data Recovery\CrystalDiskInfo6_0_1ShizukuUltimate-en.exe;"Excluded file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Backup.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\D1268853ACD6074F8748A58E20C039A9.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files (x86)\Microsoft Office\Office14\Library\Analysis\ATPVBAEN.XLAM;"Contains macros";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_035b48fb-4376-47d3-91f6-6cc210173862.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\716FDC254E211F547A560E1A71D0E6CA.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\FE978D9B7A5E71D84CFCDA0F2EFBDBF2.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\E43B6945ACF1515A895841AF9B9D052D.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files (x86)\Microsoft Office\Office14\1033\EXPTOOWS.XLA;"Contains macros";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\ED8983DF8EB9B40D35CCEC0672B73C02.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Delwin\Templates\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\Minidump\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\repldata\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-HomeGroup Control Panel%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\17FFDF80330024B07853138CB5AFAD9C.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\Microsoft\Protect\Recovery\Recovery.dat{2c4b50a6-4e55-11e2-9436-642737ec9bda}.TMContainer00000000000000000002.regtrans-ms;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\MFAData\msistorg.dat;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_26b13979-4a0d-47d3-be18-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7601.17514_none_2f54961b4c9f4194\dnary.xsd;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\MFAData\progupd.cfg;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\config\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_937246f0-8ba1-47d2-b2bc-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\E6195BA9E153534E5472835E2F29A5B0.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files (x86)\Microsoft Office\Office14\Library\EUROTOOL.XLAM;"Contains macros";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\807DD20ADF6F5D5EEA0C4E4CF016E69E.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\4C0E926A9CE540D516A8791F043EB9E8.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Default\PrintHood\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Application.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\JOBS\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\Desktop\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\844A429FB6680A32838047A6271F8CD9.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\AVG2014\IDS\outbox\tmp_041fd23b-2bea-47d2-b7ab-b56e71087229.zip;"Password-protected";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\D0F718F60C57DAA7F0D86AE75EADAEEC.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Delwin\Documents\My Pictures\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\iolo Applications.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteApp and Desktop Connections%4Admin.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\sysprep\Panther\IE\setuperr.log;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\Microsoft\Protect\Recovery\Recovery.dat{2c4b50a6-4e55-11e2-9436-642737ec9bda}.TM.blf;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Security.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\A87FD967E816CB9C37F3DDD9D2D5C42A.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\sysprep\Panther\diagwrn.xml;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\security\audit\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\C3A0BE17B37ACE48BE78B31580231AE9.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\HardwareEvents.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\AppCompat\Programs\RecentFileCache.bcf;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\restore\MachineGuid.txt;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Delwin\Documents\My Music\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\6F8564A71977AE6B940705DCC4847A8D.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\518C51C612F4AF81E609EC0D5CF027E1.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\97823DC673AD0F92AB9B83F4C177678B.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\AE7023598F41510BF261111652046301.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\7DF0EB3C2E6D82BFEA2F9230107D2E75.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\Users\Default\Documents\My Music\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\64B9CA5D02571C3A5D29106D06C491DC.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\ProgramData\Favorites\;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Authentication User Interface%4Operational.evtx;"Locked file. Not scanned.";"Notification";"Infected";"Message"
C:\WINDOWS\System32\wbem\AutoRecover\2216426EAF0A8D337949D4F3F58F8309.mof;"Locked file. Not scanned.";"Notification";"Infected";"Message"
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 11.20.2
Run by Delwin at 15:19:40 on 2014-08-31
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.91.1033.18.4002.1665 [GMT 5.5:30]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\windows\system32\BtwRSupportService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Galileo\SSL\SSLClientService.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\windows\SysWOW64\vmnat.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\windows\SysWOW64\vmnetdhcp.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll
uRun: [AVG-Secure-Search-Update_1213b] C:\Users\Delwin\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=20765f6305d147d3ba59b56e71087229-4b3a9775203108b14857e5367a719a6bd4c632d6 /CMPID=1213b
uRun: [uTorrent] "C:\Users\Delwin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [GoogleChromeAutoLaunch_6085FF506555AAB5508346B53958FE3D] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{6D635A0A-A298-472C-8D83-C7EC04A75AE0} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C470B090-2985-44E8-9990-EC11491BD9E0} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C470B090-2985-44E8-9990-EC11491BD9E0}\12E64756C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C470B090-2985-44E8-9990-EC11491BD9E0}\2656C6B696E6E233668336 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C470B090-2985-44E8-9990-EC11491BD9E0}\8545130323230253735303 : DHCPNameServer = 192.168.43.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = userinit.exe,
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-0018-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_05-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 173.252.110.27 facebook.com
Hosts: 74.125.236.102 google.com
Hosts: 206.190.36.45 yahoo.com
Hosts: 72.21.206.80 imdb.com
Hosts: 74.125.236.118 gmail.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2014-6-17 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2013-12-18 32544]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-4-14 55856]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2014-6-17 242968]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 nvkflt;nvkflt;C:\windows\System32\drivers\nvkflt.sys [2013-12-18 300320]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-9-21 89600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-11 3244048]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-11 289328]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\windows\System32\BtwRSupportService.exe [2013-10-2 2253016]
R2 Galileo SSL Tunnel;Galileo SSL Tunnel;C:\Program Files (x86)\Galileo\SSL\SSLClientService.exe [2013-6-18 28672]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-14 13336]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2014-8-2 65657]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2014-4-27 5093216]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-14 2655768]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R3 bcbtums;Bluetooth USB LD Filter;C:\windows\System32\drivers\bcbtums.sys [2013-8-9 170712]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-4-14 176096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 tihub3;TI USB3 Hub Service;C:\windows\System32\drivers\tihub3.sys [2011-7-21 136000]
R3 tixhci;TI XHCI Service;C:\windows\System32\drivers\tixhci.sys [2011-7-21 406336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-10-31 11840000]
S3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2013-8-9 166104]
S3 FACAP;facap, FastAccess Video Capture;C:\windows\System32\drivers\facap.sys [2008-9-25 238848]
S3 FNETTBOH_305;FNETTBOH_305;C:\windows\System32\drivers\FNETTBOH_305.SYS [2013-10-3 32320]
S3 ggflt;SEMC USB Flash Driver Filter;C:\windows\System32\drivers\ggflt.sys [2014-2-2 14448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-8-13 111616]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\My Dell\pcdsrvc_x64.pkms [2013-5-3 25584]
S3 pwdrvio;pwdrvio;C:\windows\System32\pwdrvio.sys [2014-8-3 19152]
S3 pwdspio;pwdspio;C:\windows\System32\pwdspio.sys [2014-8-3 12504]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-4-14 250984]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\windows\System32\drivers\ss_bbus.sys [2009-9-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\windows\System32\drivers\ss_bmdfl.sys [2009-9-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\windows\System32\drivers\ss_bmdm.sys [2009-9-19 161280]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;C:\windows\System32\drivers\ss_bserd.sys [2009-9-19 128000]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-8-30 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2014-7-12 441504]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
FileExt: .reg: Regedit.Document=c:\Winnt\Regedit.exe %1
FileExt: .vbs: VBSFile=C:\windows\SysWow64\WScript.exe "%1" %*
FileExt: .js: jsfile=C:\windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2014-08-30 16:32:49 -------- d-----w- C:\Users\Delwin\AppData\Local\Adobe
2014-08-30 12:48:39 6574592 ----a-w- C:\windows\System32\mstscax.dll
2014-08-30 12:48:39 5694464 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-08-30 12:07:30 -------- d-----w- C:\windows\SysWow64\NV
2014-08-30 12:07:30 -------- d-----w- C:\windows\System32\NV
2014-08-30 11:55:58 855552 ----a-w- C:\windows\SysWow64\rdvidcrl.dll
2014-08-30 11:55:58 1057280 ----a-w- C:\windows\System32\rdvidcrl.dll
2014-08-30 11:12:47 1030144 ----a-w- C:\windows\System32\TSWorkspace.dll
2014-08-30 11:12:46 792576 ----a-w- C:\windows\SysWow64\TSWorkspace.dll
2014-08-30 05:30:27 699568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-08-30 05:30:26 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-30 05:08:01 1643520 ----a-w- C:\windows\System32\DWrite.dll
2014-08-30 05:08:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2014-08-30 04:48:40 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-29 05:31:04 -------- d-----w- C:\Users\Delwin\AppData\Roaming\stetic
2014-08-29 05:30:36 -------- d-----w- C:\Users\Delwin\AppData\Roaming\MonoDevelop-Unity-4.0
2014-08-29 05:30:03 -------- d-----w- C:\Users\Delwin\AppData\Local\MonoDevelop-Unity-4.0
2014-08-27 17:27:51 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-27 17:27:51 3163648 ----a-w- C:\windows\System32\win32k.sys
2014-08-27 17:27:51 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-08-25 02:45:10 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-25 02:44:34 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-25 02:44:34 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-25 02:44:33 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-08-25 02:44:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 14:25:29 -------- d-----w- C:\Users\Delwin\AppData\Local\Apple Computer
2014-08-24 14:25:20 -------- d-----w- C:\ProgramData\Unity
2014-08-24 14:00:35 -------- d-----w- C:\Program Files (x86)\Unity
2014-08-17 04:06:36 -------- d-----w- C:\Users\Delwin\AppData\Local\Microsoft_Corporation
2014-08-13 15:39:49 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-08-13 15:39:49 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-08-13 15:39:48 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-08-13 15:39:48 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-08-13 15:39:46 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-08-13 15:39:46 8856 ----a-w- C:\windows\System32\icardres.dll
2014-08-13 15:38:53 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 15:38:52 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-13 00:51:24 7168 ----a-w- C:\windows\SysWow64\KBDYAK.DLL
2014-08-13 00:51:24 7168 ----a-w- C:\windows\System32\KBDYAK.DLL
2014-08-13 00:51:24 7168 ----a-w- C:\windows\System32\KBDBASH.DLL
2014-08-13 00:51:24 6656 ----a-w- C:\windows\SysWow64\KBDBASH.DLL
2014-08-13 00:26:12 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-08-13 00:26:12 2048 ----a-w- C:\windows\System32\tzres.dll
2014-08-13 00:25:28 3241984 ----a-w- C:\windows\System32\msi.dll
2014-08-13 00:25:28 2363392 ----a-w- C:\windows\SysWow64\msi.dll
2014-08-13 00:25:27 504320 ----a-w- C:\windows\System32\msihnd.dll
2014-08-13 00:25:27 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-08-13 00:25:27 1941504 ----a-w- C:\windows\System32\authui.dll
2014-08-13 00:25:27 1805824 ----a-w- C:\windows\SysWow64\authui.dll
2014-08-13 00:25:27 112064 ----a-w- C:\windows\System32\consent.exe
2014-08-13 00:25:06 985536 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-08-13 00:19:54 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-08-13 00:19:54 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2014-08-13 00:16:20 529920 ----a-w- C:\windows\System32\aepdu.dll
2014-08-13 00:16:19 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-08-03 16:01:01 3050808 ----a-w- C:\windows\System32\pwNative.exe
2014-08-03 16:01:01 19152 ------w- C:\windows\System32\pwdrvio.sys
2014-08-03 16:01:00 12504 ------w- C:\windows\System32\pwdspio.sys
2014-08-03 16:00:52 -------- d-----w- C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1
2014-08-02 15:42:41 -------- d-----w- C:\ProgramData\Motorola
2014-08-02 15:32:45 -------- d-----w- C:\Users\Delwin\AppData\Roaming\Motorola Mobility
2014-08-02 15:31:53 -------- d-----w- C:\Program Files (x86)\Motorola Mobility
2014-08-02 15:31:53 -------- d-----w- C:\Program Files (x86)\Motorola
2014-08-02 15:29:52 -------- d-----w- C:\Program Files\Motorola Mobility LLC
2014-08-02 15:29:49 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2014-08-02 15:27:26 -------- d-----w- C:\Users\Delwin\AppData\Roaming\Motorola
2014-08-01 17:39:09 -------- d-----w- C:\Python27
2014-08-01 11:33:54 2620928 ----a-w- C:\windows\System32\wucltux.dll
2014-08-01 11:33:29 97792 ----a-w- C:\windows\System32\wudriver.dll
2014-08-01 11:33:29 92672 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-08-01 11:32:06 36864 ----a-w- C:\windows\System32\wuapp.exe
2014-08-01 11:32:06 33792 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-08-01 11:32:06 198600 ----a-w- C:\windows\System32\wuwebv.dll
2014-08-01 11:32:06 179656 ----a-w- C:\windows\SysWow64\wuwebv.dll
.
==================== Find3M  ====================
.
2014-08-22 03:23:25 111016 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2014-07-25 14:02:12 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\windows\SysWow64\wininet.dll
2014-06-30 10:38:50 3009536 ----a-w- C:\windows\System32\python27.dll
2014-06-30 07:13:02 152344 ----a-w- C:\windows\System32\drivers\avgdiska.sys
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-17 10:51:34 235800 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2014-06-17 10:37:12 328984 ----a-w- C:\windows\System32\drivers\avgloga.sys
2014-06-17 10:36:58 269080 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2014-06-17 10:36:24 190744 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2014-06-17 10:36:22 242968 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2014-06-17 10:36:20 123672 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2014-06-17 10:36:06 31512 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH: 15:20:15.14 ===============
 
 
I am sorry if I have provided too many or unnecessary details but I had read to give as many details as possible. I don't know what else to do. Any advice would be appreciated.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 05 September 2014 - 05:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/546368 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 donjohn4

donjohn4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 06 September 2014 - 01:41 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 11.20.2
Run by Delwin at 12:01:43 on 2014-09-06
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.91.1033.18.4002.1160 [GMT 5.5:30]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\BtwRSupportService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Galileo\SSL\SSLClientService.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\windows\SysWOW64\vmnat.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
C:\windows\SysWOW64\mmc.exe
C:\Program Files (x86)\Android\android-sdk\platform-tools\adb.exe
C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll
uRun: [AVG-Secure-Search-Update_1213b] C:\Users\Delwin\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=20765f6305d147d3ba59b56e71087229-4b3a9775203108b14857e5367a719a6bd4c632d6 /CMPID=1213b
uRun: [uTorrent] "C:\Users\Delwin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [GoogleChromeAutoLaunch_6085FF506555AAB5508346B53958FE3D] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{6D635A0A-A298-472C-8D83-C7EC04A75AE0} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C470B090-2985-44E8-9990-EC11491BD9E0} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C470B090-2985-44E8-9990-EC11491BD9E0}\12E64756C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C470B090-2985-44E8-9990-EC11491BD9E0}\2656C6B696E6E233668336 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C470B090-2985-44E8-9990-EC11491BD9E0}\8545130323230253735303 : DHCPNameServer = 192.168.43.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = userinit.exe,
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-0018-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_05-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 173.252.110.27 facebook.com
Hosts: 74.125.236.102 google.com
Hosts: 206.190.36.45 yahoo.com
Hosts: 72.21.206.80 imdb.com
Hosts: 74.125.236.118 gmail.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2013-12-18 32544]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-4-14 55856]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 nvkflt;nvkflt;C:\windows\System32\drivers\nvkflt.sys [2013-12-18 300320]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-9-21 89600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\windows\System32\BtwRSupportService.exe [2013-10-2 2253016]
R2 Galileo SSL Tunnel;Galileo SSL Tunnel;C:\Program Files (x86)\Galileo\SSL\SSLClientService.exe [2013-6-18 28672]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-14 13336]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R3 bcbtums;Bluetooth USB LD Filter;C:\windows\System32\drivers\bcbtums.sys [2013-8-9 170712]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-4-14 176096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 tihub3;TI USB3 Hub Service;C:\windows\System32\drivers\tihub3.sys [2011-7-21 136000]
R3 tixhci;TI XHCI Service;C:\windows\System32\drivers\tixhci.sys [2011-7-21 406336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2013-8-9 166104]
S3 FACAP;facap, FastAccess Video Capture;C:\windows\System32\drivers\facap.sys [2008-9-25 238848]
S3 FNETTBOH_305;FNETTBOH_305;C:\windows\System32\drivers\FNETTBOH_305.SYS [2013-10-3 32320]
S3 ggflt;SEMC USB Flash Driver Filter;C:\windows\System32\drivers\ggflt.sys [2014-2-2 14448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-8-13 111616]
S3 pwdrvio;pwdrvio;C:\windows\System32\pwdrvio.sys [2014-8-3 19152]
S3 pwdspio;pwdspio;C:\windows\System32\pwdspio.sys [2014-8-3 12504]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-4-14 250984]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\windows\System32\drivers\ss_bbus.sys [2009-9-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\windows\System32\drivers\ss_bmdfl.sys [2009-9-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\windows\System32\drivers\ss_bmdm.sys [2009-9-19 161280]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;C:\windows\System32\drivers\ss_bserd.sys [2009-9-19 128000]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-8-30 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
.
=============== File Associations ===============
.
FileExt: .reg: Regedit.Document=c:\Winnt\Regedit.exe %1
FileExt: .vbs: VBSFile=C:\windows\SysWow64\WScript.exe "%1" %*
FileExt: .js: jsfile=C:\windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2014-09-02 17:59:32 -------- d-----w- C:\Repositories
2014-09-02 17:59:32 -------- d-----w- C:\Program Files (x86)\VisualSVN Server
2014-09-02 17:38:19 -------- d-----w- C:\Users\Delwin\AppData\Local\GitEye
2014-09-02 17:38:09 -------- d-----w- C:\Users\Delwin\.giteye
2014-09-02 16:09:33 -------- d-----w- C:\Users\Delwin\AppData\Roaming\TortoiseSVN
2014-09-02 16:09:33 -------- d-----w- C:\Users\Delwin\AppData\Local\TortoiseSVN
2014-09-02 03:09:03 -------- d-----w- C:\Users\Delwin\AppData\Roaming\Subversion
2014-09-02 03:09:03 -------- d-----w- C:\Users\Delwin\AppData\Local\TSVNCache
2014-09-01 17:07:00 -------- d-----w- C:\Program Files\TortoiseSVN
2014-09-01 17:07:00 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
2014-09-01 17:07:00 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays
2014-08-30 16:32:49 -------- d-----w- C:\Users\Delwin\AppData\Local\Adobe
2014-08-30 12:48:39 6574592 ----a-w- C:\windows\System32\mstscax.dll
2014-08-30 12:48:39 5694464 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-08-30 12:07:30 -------- d-----w- C:\windows\SysWow64\NV
2014-08-30 12:07:30 -------- d-----w- C:\windows\System32\NV
2014-08-30 11:55:58 855552 ----a-w- C:\windows\SysWow64\rdvidcrl.dll
2014-08-30 11:55:58 1057280 ----a-w- C:\windows\System32\rdvidcrl.dll
2014-08-30 11:12:47 1030144 ----a-w- C:\windows\System32\TSWorkspace.dll
2014-08-30 11:12:46 792576 ----a-w- C:\windows\SysWow64\TSWorkspace.dll
2014-08-30 05:30:27 699568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-08-30 05:30:26 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-30 05:08:01 1643520 ----a-w- C:\windows\System32\DWrite.dll
2014-08-30 05:08:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2014-08-30 04:48:40 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-29 05:31:04 -------- d-----w- C:\Users\Delwin\AppData\Roaming\stetic
2014-08-29 05:30:36 -------- d-----w- C:\Users\Delwin\AppData\Roaming\MonoDevelop-Unity-4.0
2014-08-29 05:30:03 -------- d-----w- C:\Users\Delwin\AppData\Local\MonoDevelop-Unity-4.0
2014-08-27 17:27:51 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-27 17:27:51 3163648 ----a-w- C:\windows\System32\win32k.sys
2014-08-27 17:27:51 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-08-25 02:45:10 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-25 02:44:34 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-25 02:44:34 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-25 02:44:33 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-08-25 02:44:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 14:25:29 -------- d-----w- C:\Users\Delwin\AppData\Local\Apple Computer
2014-08-24 14:25:20 -------- d-----w- C:\ProgramData\Unity
2014-08-24 14:00:35 -------- d-----w- C:\Program Files (x86)\Unity
2014-08-17 04:06:36 -------- d-----w- C:\Users\Delwin\AppData\Local\Microsoft_Corporation
2014-08-13 15:39:49 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-08-13 15:39:49 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-08-13 15:39:48 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-08-13 15:39:48 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-08-13 15:39:46 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-08-13 15:39:46 8856 ----a-w- C:\windows\System32\icardres.dll
2014-08-13 15:38:53 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 15:38:52 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-13 00:51:24 7168 ----a-w- C:\windows\SysWow64\KBDYAK.DLL
2014-08-13 00:51:24 7168 ----a-w- C:\windows\System32\KBDYAK.DLL
2014-08-13 00:51:24 7168 ----a-w- C:\windows\System32\KBDBASH.DLL
2014-08-13 00:51:24 6656 ----a-w- C:\windows\SysWow64\KBDBASH.DLL
2014-08-13 00:26:12 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-08-13 00:26:12 2048 ----a-w- C:\windows\System32\tzres.dll
2014-08-13 00:25:28 3241984 ----a-w- C:\windows\System32\msi.dll
2014-08-13 00:25:28 2363392 ----a-w- C:\windows\SysWow64\msi.dll
2014-08-13 00:25:27 504320 ----a-w- C:\windows\System32\msihnd.dll
2014-08-13 00:25:27 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-08-13 00:25:27 1941504 ----a-w- C:\windows\System32\authui.dll
2014-08-13 00:25:27 1805824 ----a-w- C:\windows\SysWow64\authui.dll
2014-08-13 00:25:27 112064 ----a-w- C:\windows\System32\consent.exe
2014-08-13 00:25:06 985536 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-08-13 00:19:54 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-08-13 00:19:54 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2014-08-13 00:16:20 529920 ----a-w- C:\windows\System32\aepdu.dll
2014-08-13 00:16:19 424448 ----a-w- C:\windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-08-22 03:23:25 111016 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2014-08-06 05:20:04 123672 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2014-07-25 14:02:12 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\windows\SysWow64\wininet.dll
2014-07-21 15:33:12 244504 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2014-06-30 10:38:50 3009536 ----a-w- C:\windows\System32\python27.dll
2014-06-30 07:13:02 152344 ----a-w- C:\windows\System32\drivers\avgdiska.sys
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-17 10:51:34 235800 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2014-06-17 10:37:12 328984 ----a-w- C:\windows\System32\drivers\avgloga.sys
2014-06-17 10:36:58 269080 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2014-06-17 10:36:24 190744 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2014-06-17 10:36:06 31512 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 12:04:16.26 ===============
 
 
I do have my original Windows CD however some of the characters from the product key on the sticker have faded so i'm not completely sure whether I'll be able to guess it correctly. So i'd prefer having re-installing Windows as the final alternative

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:33 PM

Posted 06 September 2014 - 08:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#5 donjohn4

donjohn4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 06 September 2014 - 11:36 PM

Results from the AdwCleaner scan

 

AdwCleaner[R0]

 

# AdwCleaner v3.309 - Report created 07/09/2014 at 09:32:50
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Basic Service Pack 1 (64 bits)
# Username : Delwin - DELWIN-PC
# Running from : C:\Users\Delwin\Downloads\adwcleaner_3.309.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Delwin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
File Found : C:\Users\Delwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
File Found : C:\windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\AmiExt
Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\file scout
Folder Found : C:\Program Files (x86)\SmartTweak
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\DSearchLink
Folder Found : C:\ProgramData\torchcrashhandler
Folder Found : C:\ProgramData\Windows Genuine Advantage
Folder Found : C:\Users\Delwin\AppData\Local\Bundled software uninstaller
Folder Found : C:\Users\Delwin\AppData\Local\Conduit
Folder Found : C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Folder Found : C:\Users\Delwin\AppData\Local\torch
Folder Found : C:\Users\Delwin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Delwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
Folder Found : C:\Users\Delwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Found : C:\Users\Delwin\AppData\Roaming\PerformerSoft
Folder Found : C:\Users\Delwin\AppData\Roaming\StatusWinks
Folder Found : C:\Users\Delwin\AppData\Roaming\Systweak
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AmiExt
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BABSOLUTION
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Found : HKCU\Software\performersoft llc
Key Found : HKCU\Software\smarttweak
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\torch
Key Found : [x64] HKCU\Software\AmiExt
Key Found : [x64] HKCU\Software\BABSOLUTION
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Delta
Key Found : [x64] HKCU\Software\filescout
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\performersoft llc
Key Found : [x64] HKCU\Software\smarttweak
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\torch
Key Found : HKLM\SOFTWARE\5808fdab63ebf43
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902240}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906640}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Delta
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Found : HKLM\SOFTWARE\Lightspark Team
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\appshat-distribution_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\appshat-distribution_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dosbox_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dosbox_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_unrar-extract-and-recover_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_unrar-extract-and-recover_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_visual-basic_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_visual-basic_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\MozillaPlugins\TorchVLC
Key Found : HKLM\SOFTWARE\SafetyNut
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\torch
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902240}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906640}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@vshsolutions.com]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : aaaaimdcedbpbcjjbbnfcbbjcngmomic
Found [Extension] : aidbbndgjnlaclnmhkdimcdjiebjpdel
Found [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
Found [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Found [Extension] : feocblgcojafilfbgoineopkngchgaei
Found [Extension] : hgojaaaiddhmiiakpejiklijbalpckih
Found [Extension] : kiplfnciaokpcennlkldkdaeaaomamof
 
*************************
 
AdwCleaner[R0].txt - [9019 octets] - [07/09/2014 09:32:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9079 octets] ##########
 
 
 
 
 
 
 
 
 
 
 
Log file after cleaning
 
AdwCleaner[S0]
 
# AdwCleaner v3.309 - Report created 07/09/2014 at 09:40:03
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Basic Service Pack 1 (64 bits)
# Username : Delwin - DELWIN-PC
# Running from : C:\Users\Delwin\Downloads\adwcleaner_3.309.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\torchcrashhandler
Folder Deleted : C:\ProgramData\Windows Genuine Advantage
Folder Deleted : C:\Program Files (x86)\AmiExt
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\file scout
Folder Deleted : C:\Program Files (x86)\SmartTweak
Folder Deleted : C:\Users\Delwin\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Delwin\AppData\Local\Conduit
Folder Deleted : C:\Users\Delwin\AppData\Local\torch
Folder Deleted : C:\Users\Delwin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Delwin\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Delwin\AppData\Roaming\StatusWinks
Folder Deleted : C:\Users\Delwin\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Delwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
Folder Deleted : C:\Users\Delwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Deleted : C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\Delwin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
File Deleted : C:\Users\Delwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@vshsolutions.com]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\appshat-distribution_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\appshat-distribution_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\TorchVLC
Key Deleted : HKLM\SOFTWARE\5808fdab63ebf43
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dosbox_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dosbox_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_unrar-extract-and-recover_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_unrar-extract-and-recover_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_visual-basic_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_visual-basic_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902240}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906640}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902240}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906640}
Key Deleted : HKCU\Software\AmiExt
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Delta
Key Deleted : HKLM\SOFTWARE\Lightspark Team
Key Deleted : HKLM\SOFTWARE\SafetyNut
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : aaaaimdcedbpbcjjbbnfcbbjcngmomic
Deleted [Extension] : aidbbndgjnlaclnmhkdimcdjiebjpdel
Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Deleted [Extension] : feocblgcojafilfbgoineopkngchgaei
Deleted [Extension] : hgojaaaiddhmiiakpejiklijbalpckih
Deleted [Extension] : kiplfnciaokpcennlkldkdaeaaomamof
 
*************************
 
AdwCleaner[R0].txt - [9267 octets] - [07/09/2014 09:32:50]
AdwCleaner[S0].txt - [8894 octets] - [07/09/2014 09:40:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8954 octets] ##########
 

 

 

 

 

 

Log files from Farbar Recovery Scan Tool (64 bit)

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014
Ran by Delwin (administrator) on DELWIN-PC on 07-09-2014 09:51:36
Running from C:\Users\Delwin\Downloads
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\WINDOWS\System32\BtwRSupportService.exe
(Galileo International) C:\Program Files (x86)\Galileo\SSL\SSLClientService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Apache Software Foundation) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
(Apache Software Foundation) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103576 2012-10-31] (VMware, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Run: [] =>                                                                                                                                                                                                          (the data entry has 824 more characters).
HKU\S-1-5-21-4076033807-1738934085-3749268866-1001\...\Run: [] =>                                                                                                                                                                                                          (the data entry has 824 more characters).
HKU\S-1-5-21-4076033807-1738934085-3749268866-1001\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Delwin\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=20765f6305d147d3ba59b56e71087229-4b3a9775203108b14857e5367a719a6bd4c632d6 /CMPID=1213b
HKU\S-1-5-21-4076033807-1738934085-3749268866-1001\...\Run: [uTorrent] => C:\Users\Delwin\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-4076033807-1738934085-3749268866-1001\...\Run: [GoogleChromeAutoLaunch_6085FF506555AAB5508346B53958FE3D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
HKU\S-1-5-21-4076033807-1738934085-3749268866-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4076033807-1738934085-3749268866-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4076033807-1738934085-3749268866-1001\...\MountPoints2: {0946f9b1-36db-11e2-850a-642737ec9bda} - G:\Startme.exe
HKU\S-1-5-21-4076033807-1738934085-3749268866-1001\...\MountPoints2: {4d153bf7-385c-11e2-85b1-642737ec9bda} - G:\Startme.exe
HKU\S-1-5-21-4076033807-1738934085-3749268866-1001\...\MountPoints2: {b796f402-8b26-11e3-aaab-642737ec9bda} - E:\Startme.exe
HKU\S-1-5-21-4076033807-1738934085-3749268866-1001\...\MountPoints2: {e5ed5f86-285b-11e3-9299-642737ec9bda} - "G:\WD SmartWare.exe" autoplay=true
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
AppInit_DLLs: , C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (No File)
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = 
SearchScopes: HKCU - {E0AA544C-8391-4358-BBA0-E228A26D4C2C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Delwin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> A8F246A86A65191E18012F798E452372A9FBBBD45E1D441D4CA3FCC1372F3C06
CHR Profile: C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-20]
CHR Extension: (Google Search) - C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-20]
CHR Extension: (Chromebleed) - C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-14]
CHR Extension: (Rapportive) - C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2013-02-15]
CHR Extension: (Typing Test - KeyHero) - C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2013-08-02]
CHR Extension: (Google Wallet) - C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Delwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-20]
CHR HKLM-x32\...\Chrome\Extension: [gcnclcnoadfbhlijffnlahjnegijcbnn] - C:\Users\Delwin\AppData\Roaming\jmp3.crx [2013-01-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2253016 2013-10-02] (Broadcom Corporation.)
R2 Galileo SSL Tunnel; C:\Program Files (x86)\Galileo\SSL\SSLClientService.exe [28672 2013-06-18] (Galileo International) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [36664 2013-01-31] (AVG)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [30008 2013-01-31] (AVG)
R2 VisualSVNServer; C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [24208 2014-08-11] (Apache Software Foundation)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79360 2012-10-31] (VMware, Inc.) [File not signed]
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11840000 2012-10-31] () [File not signed]
S3 vrepocfgsvc; C:\Program Files (x86)\VisualSVN Server\bin\vrepocfgsvc.exe [122000 2014-08-11] (VisualSVN Ltd.)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-10-03] (FNet Co., Ltd.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-18] (NVIDIA Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-07 09:51 - 2014-09-07 09:52 - 00024134 _____ () C:\Users\Delwin\Downloads\FRST.txt
2014-09-07 09:51 - 2014-09-07 09:51 - 00000000 ____D () C:\FRST
2014-09-07 09:42 - 2014-09-07 09:42 - 00000306 _____ () C:\windows\PFRO.log
2014-09-07 09:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-09-07 09:31 - 2014-09-07 09:41 - 00000000 ____D () C:\AdwCleaner
2014-09-06 22:37 - 2014-09-06 22:38 - 02104832 _____ (Farbar) C:\Users\Delwin\Downloads\FRST64.exe
2014-09-06 22:37 - 2014-09-06 22:38 - 01370467 _____ () C:\Users\Delwin\Downloads\adwcleaner_3.309.exe
2014-09-02 23:29 - 2014-09-05 00:39 - 00000000 ____D () C:\Repositories
2014-09-02 23:29 - 2014-09-02 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualSVN
2014-09-02 23:29 - 2014-09-02 23:29 - 00000000 ____D () C:\Program Files (x86)\VisualSVN Server
2014-09-02 23:26 - 2014-09-02 23:27 - 04595712 _____ () C:\Users\Delwin\Downloads\VisualSVN-Server-2.7.8.msi
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Delwin\AppData\Local\GitEye
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Delwin\.giteye
2014-09-02 22:14 - 2014-09-02 22:15 - 05035664 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-02 21:39 - 2014-09-03 00:10 - 00000000 ____D () C:\Users\Delwin\AppData\Local\TortoiseSVN
2014-09-02 21:39 - 2014-09-02 23:51 - 00000000 ____D () C:\Users\Delwin\AppData\Roaming\TortoiseSVN
2014-09-02 08:39 - 2014-09-02 08:39 - 00000000 ____D () C:\Users\Delwin\AppData\Roaming\Subversion
2014-09-02 08:39 - 2014-09-02 08:39 - 00000000 ____D () C:\Users\Delwin\AppData\Local\TSVNCache
2014-09-01 22:37 - 2014-09-01 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
2014-09-01 22:37 - 2014-09-01 22:37 - 00000000 ____D () C:\Program Files\TortoiseSVN
2014-09-01 22:37 - 2014-09-01 22:37 - 00000000 ____D () C:\Program Files\Common Files\TortoiseOverlays
2014-08-31 21:34 - 2014-08-31 21:34 - 00000062 _____ () C:\Users\Delwin\Downloads\link
2014-08-31 17:18 - 2014-09-07 09:42 - 00000168 _____ () C:\windows\setupact.log
2014-08-31 17:18 - 2014-08-31 17:18 - 00000000 _____ () C:\windows\setuperr.log
2014-08-31 16:51 - 2014-08-31 16:55 - 19415040 _____ () C:\Users\Delwin\Downloads\TortoiseSVN-1.8.8.25755-x64-svn-1.8.10.msi
2014-08-31 15:31 - 2014-08-31 15:31 - 00110664 _____ () C:\Users\Delwin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 15:19 - 2014-08-31 15:19 - 00688992 ____R (Swearware) C:\Users\Delwin\Downloads\dds.com
2014-08-30 22:02 - 2014-08-31 13:30 - 00000000 ____D () C:\Users\Delwin\AppData\Local\Adobe
2014-08-30 18:18 - 2014-01-09 07:52 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-08-30 18:18 - 2014-01-04 04:14 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-08-30 17:37 - 2014-08-30 17:37 - 00000000 ____D () C:\windows\SysWOW64\NV
2014-08-30 17:37 - 2014-08-30 17:37 - 00000000 ____D () C:\windows\system32\NV
2014-08-30 17:26 - 2013-10-02 07:52 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-08-30 17:26 - 2013-10-02 07:41 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-30 17:26 - 2013-10-02 07:38 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-30 17:26 - 2013-10-02 07:18 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-08-30 17:26 - 2013-10-02 07:18 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-08-30 17:26 - 2013-10-02 06:59 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-08-30 17:26 - 2013-10-02 06:40 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-08-30 17:26 - 2013-10-02 05:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-08-30 17:26 - 2013-10-02 05:44 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-08-30 17:26 - 2013-10-02 05:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-08-30 17:26 - 2013-10-02 05:31 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-08-30 17:26 - 2013-10-02 05:28 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-08-30 17:26 - 2013-10-02 05:01 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-08-30 17:26 - 2013-10-02 04:04 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-08-30 17:25 - 2013-10-02 05:45 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-08-30 17:25 - 2013-10-02 04:38 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-08-30 16:42 - 2013-09-25 07:53 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-08-30 16:42 - 2013-09-25 07:27 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-08-30 11:00 - 2014-09-07 09:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-30 11:00 - 2014-08-30 11:00 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-30 11:00 - 2014-08-30 11:00 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-30 11:00 - 2014-08-30 11:00 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-30 10:53 - 2014-08-22 08:53 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-08-30 10:38 - 2013-04-10 05:04 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-08-30 10:38 - 2013-04-03 04:21 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-08-30 10:25 - 2014-08-30 10:37 - 31013800 _____ (Oracle Corporation) C:\Users\Delwin\Downloads\jre-7u67-windows-x64.exe
2014-08-30 10:18 - 2014-08-22 08:48 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-30 10:18 - 2014-08-22 08:47 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-30 10:18 - 2014-08-22 08:47 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-29 13:18 - 2014-09-04 08:44 - 00000000 ____D () C:\Users\Delwin\Desktop\Web Site
2014-08-29 11:47 - 2014-08-29 12:16 - 200278016 _____ () C:\Users\Delwin\Downloads\gparted-live-0.19.1-1-i486.iso
2014-08-29 11:01 - 2014-08-29 11:01 - 00000000 ____D () C:\Users\Delwin\AppData\Roaming\stetic
2014-08-29 11:00 - 2014-08-29 11:00 - 00000000 ____D () C:\Users\Delwin\AppData\Roaming\MonoDevelop-Unity-4.0
2014-08-29 11:00 - 2014-08-29 11:00 - 00000000 ____D () C:\Users\Delwin\AppData\Local\MonoDevelop-Unity-4.0
2014-08-27 22:57 - 2014-08-23 07:37 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-27 22:57 - 2014-08-23 07:15 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-27 22:57 - 2014-08-23 06:29 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-26 23:50 - 2014-08-26 23:50 - 00000998 _____ () C:\Users\Delwin\Downloads\New Text Document.txt
2014-08-26 15:53 - 2014-08-28 20:49 - 00000000 ____D () C:\Users\Delwin\Desktop\Demo Derby Project
2014-08-25 17:17 - 2014-08-29 11:48 - 00000000 ____D () C:\Users\Delwin\Desktop\PD
2014-08-25 08:15 - 2014-08-31 11:24 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 08:14 - 2014-08-25 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 08:14 - 2014-08-25 08:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-25 08:14 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-25 08:14 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-25 08:14 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-08-24 19:55 - 2014-09-03 00:01 - 00000000 ____D () C:\ProgramData\Unity
2014-08-24 19:55 - 2014-08-24 19:55 - 00000000 ____D () C:\Users\Delwin\AppData\Roaming\Apple Computer
2014-08-24 19:55 - 2014-08-24 19:55 - 00000000 ____D () C:\Users\Delwin\AppData\Local\Apple Computer
2014-08-24 19:54 - 2014-08-24 19:54 - 00000231 _____ () C:\Users\Delwin\BullseyeCoverageError.txt
2014-08-24 19:51 - 2014-08-28 20:49 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2014-08-24 19:51 - 2014-08-24 19:51 - 00001126 _____ () C:\Users\Public\Desktop\Unity.lnk
2014-08-24 19:50 - 2014-08-24 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2014-08-24 19:30 - 2014-08-24 19:54 - 00000000 ____D () C:\Program Files (x86)\Unity
2014-08-24 08:52 - 2014-08-24 13:01 - 1301255152 _____ (Unity Technologies ApS) C:\Users\Delwin\Downloads\UnitySetup-4.5.3.exe
2014-08-17 09:36 - 2014-08-17 09:36 - 00000000 ____D () C:\Users\Delwin\AppData\Local\Microsoft_Corporation
2014-08-13 21:09 - 2014-07-01 03:54 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-13 21:09 - 2014-07-01 03:44 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-13 21:09 - 2014-03-10 03:18 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-13 21:09 - 2014-03-10 03:18 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-13 21:09 - 2014-03-10 03:17 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-13 21:09 - 2014-03-10 03:17 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-13 21:08 - 2014-06-06 11:46 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-13 21:08 - 2014-06-06 11:42 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-13 06:48 - 2014-07-25 18:58 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-13 06:48 - 2014-07-25 18:03 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-13 06:48 - 2014-07-25 17:58 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 06:48 - 2014-07-25 17:47 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-13 06:48 - 2014-07-25 17:38 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-13 06:48 - 2014-07-25 17:13 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 06:48 - 2014-07-25 17:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-13 06:48 - 2014-07-25 15:30 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-13 06:47 - 2014-08-01 05:11 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-13 06:47 - 2014-08-01 04:46 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-13 06:47 - 2014-07-25 20:22 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-13 06:47 - 2014-07-25 19:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-13 06:47 - 2014-07-25 19:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-13 06:47 - 2014-07-25 19:21 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-13 06:47 - 2014-07-25 19:00 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-13 06:47 - 2014-07-25 18:58 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-13 06:47 - 2014-07-25 18:55 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-13 06:47 - 2014-07-25 18:55 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-13 06:47 - 2014-07-25 18:41 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-13 06:47 - 2014-07-25 18:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-13 06:47 - 2014-07-25 18:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-13 06:47 - 2014-07-25 18:33 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-13 06:47 - 2014-07-25 18:30 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-13 06:47 - 2014-07-25 18:30 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-13 06:47 - 2014-07-25 18:29 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-13 06:47 - 2014-07-25 18:17 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-13 06:47 - 2014-07-25 18:10 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-13 06:47 - 2014-07-25 18:04 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-13 06:47 - 2014-07-25 18:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-13 06:47 - 2014-07-25 18:00 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-13 06:47 - 2014-07-25 17:58 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-13 06:47 - 2014-07-25 17:51 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-13 06:47 - 2014-07-25 17:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-13 06:47 - 2014-07-25 17:48 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-13 06:47 - 2014-07-25 17:47 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-13 06:47 - 2014-07-25 17:42 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-13 06:47 - 2014-07-25 17:40 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-13 06:47 - 2014-07-25 17:40 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-13 06:47 - 2014-07-25 17:36 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-13 06:47 - 2014-07-25 17:22 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-13 06:47 - 2014-07-25 17:17 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-13 06:47 - 2014-07-25 17:12 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-13 06:47 - 2014-07-25 17:09 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-13 06:47 - 2014-07-25 17:09 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-13 06:47 - 2014-07-25 17:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-13 06:47 - 2014-07-25 16:59 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-13 06:47 - 2014-07-25 16:53 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-13 06:47 - 2014-07-25 16:43 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-13 06:47 - 2014-07-25 16:37 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-13 06:47 - 2014-07-25 16:37 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-13 06:47 - 2014-07-25 16:33 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-13 06:47 - 2014-07-25 16:22 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-13 06:47 - 2014-07-25 15:56 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-13 06:47 - 2014-07-25 15:47 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-13 06:47 - 2014-07-25 15:39 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-13 06:47 - 2014-07-25 15:35 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-13 06:21 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-13 06:21 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-13 06:21 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-13 06:21 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-13 06:21 - 2014-07-09 07:33 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-13 06:21 - 2014-07-09 07:01 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-13 06:21 - 2014-07-09 07:01 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-13 06:21 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-13 06:21 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-13 06:21 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-13 06:21 - 2014-07-09 04:08 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-13 06:21 - 2014-07-09 04:00 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-13 05:56 - 2014-07-16 08:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-13 05:56 - 2014-07-16 08:16 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-13 05:55 - 2014-06-16 07:40 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-13 05:55 - 2014-06-03 15:32 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-13 05:55 - 2014-06-03 15:32 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-13 05:55 - 2014-06-03 15:32 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-13 05:55 - 2014-06-03 15:32 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-13 05:55 - 2014-06-03 14:59 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-13 05:55 - 2014-06-03 14:59 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-13 05:55 - 2014-06-03 14:59 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-13 05:54 - 2014-06-25 07:35 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-13 05:54 - 2014-06-25 07:11 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-13 05:49 - 2014-07-14 07:32 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-13 05:49 - 2014-07-14 07:10 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-13 05:46 - 2014-08-07 07:36 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-13 05:46 - 2014-08-07 07:31 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-07 09:52 - 2014-09-07 09:51 - 00024134 _____ () C:\Users\Delwin\Downloads\FRST.txt
2014-09-07 09:51 - 2014-09-07 09:51 - 00000000 ____D () C:\FRST
2014-09-07 09:49 - 2009-07-14 10:15 - 00022624 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-07 09:49 - 2009-07-14 10:15 - 00022624 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-07 09:48 - 2012-04-14 09:53 - 02094565 _____ () C:\windows\WindowsUpdate.log
2014-09-07 09:44 - 2012-12-30 11:27 - 00000000 ____D () C:\ProgramData\VMware
2014-09-07 09:44 - 2012-11-20 13:49 - 00000000 ____D () C:\Users\Delwin\AppData\Roaming\uTorrent
2014-09-07 09:43 - 2013-11-23 10:35 - 00000000 ____D () C:\temp
2014-09-07 09:43 - 2012-11-20 12:53 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-07 09:42 - 2014-09-07 09:42 - 00000306 _____ () C:\windows\PFRO.log
2014-09-07 09:42 - 2014-08-31 17:18 - 00000168 _____ () C:\windows\setupact.log
2014-09-07 09:42 - 2012-04-14 10:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-07 09:42 - 2009-07-14 10:38 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-07 09:41 - 2014-09-07 09:31 - 00000000 ____D () C:\AdwCleaner
2014-09-07 09:21 - 2013-10-09 16:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-07 09:16 - 2012-11-20 12:53 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-07 09:08 - 2014-08-30 11:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 22:38 - 2014-09-06 22:37 - 02104832 _____ (Farbar) C:\Users\Delwin\Downloads\FRST64.exe
2014-09-06 22:38 - 2014-09-06 22:37 - 01370467 _____ () C:\Users\Delwin\Downloads\adwcleaner_3.309.exe
2014-09-06 16:11 - 2013-05-23 21:56 - 00000000 ____D () C:\Program Files\My Dell
2014-09-06 16:11 - 2012-11-20 16:02 - 00000000 ____D () C:\ProgramData\PCDr
2014-09-06 16:03 - 2013-05-23 21:56 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-09-06 10:41 - 2009-07-14 10:43 - 00880274 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-05 00:39 - 2014-09-02 23:29 - 00000000 ____D () C:\Repositories
2014-09-04 08:44 - 2014-08-29 13:18 - 00000000 ____D () C:\Users\Delwin\Desktop\Web Site
2014-09-03 17:50 - 2014-04-01 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-03 00:10 - 2014-09-02 21:39 - 00000000 ____D () C:\Users\Delwin\AppData\Local\TortoiseSVN
2014-09-03 00:01 - 2014-08-24 19:55 - 00000000 ____D () C:\ProgramData\Unity
2014-09-02 23:51 - 2014-09-02 21:39 - 00000000 ____D () C:\Users\Delwin\AppData\Roaming\TortoiseSVN
2014-09-02 23:29 - 2014-09-02 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualSVN
2014-09-02 23:29 - 2014-09-02 23:29 - 00000000 ____D () C:\Program Files (x86)\VisualSVN Server
2014-09-02 23:27 - 2014-09-02 23:26 - 04595712 _____ () C:\Users\Delwin\Downloads\VisualSVN-Server-2.7.8.msi
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Delwin\AppData\Local\GitEye
2014-09-02 23:08 - 2014-09-02 23:08 - 00000000 ____D () C:\Users\Delwin\.giteye
2014-09-02 23:08 - 2012-11-20 12:35 - 00000000 ____D () C:\Users\Delwin
2014-09-02 22:15 - 2014-09-02 22:14 - 05035664 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-02 08:39 - 2014-09-02 08:39 - 00000000 ____D () C:\Users\Delwin\AppData\Roaming\Subversion
2014-09-02 08:39 - 2014-09-02 08:39 - 00000000 ____D () C:\Users\Delwin\AppData\Local\TSVNCache
2014-09-01 22:37 - 2014-09-01 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
2014-09-01 22:37 - 2014-09-01 22:37 - 00000000 ____D () C:\Program Files\TortoiseSVN
2014-09-01 22:37 - 2014-09-01 22:37 - 00000000 ____D () C:\Program Files\Common Files\TortoiseOverlays
2014-08-31 21:34 - 2014-08-31 21:34 - 00000062 _____ () C:\Users\Delwin\Downloads\link
2014-08-31 18:03 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\rescache
2014-08-31 17:18 - 2014-08-31 17:18 - 00000000 _____ () C:\windows\setuperr.log
2014-08-31 16:55 - 2014-08-31 16:51 - 19415040 _____ () C:\Users\Delwin\Downloads\TortoiseSVN-1.8.8.25755-x64-svn-1.8.10.msi
2014-08-31 15:31 - 2014-08-31 15:31 - 00110664 _____ () C:\Users\Delwin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 15:19 - 2014-08-31 15:19 - 00688992 ____R (Swearware) C:\Users\Delwin\Downloads\dds.com
2014-08-31 13:30 - 2014-08-30 22:02 - 00000000 ____D () C:\Users\Delwin\AppData\Local\Adobe
2014-08-31 12:22 - 2013-06-09 11:51 - 00000000 ____D () C:\Users\Delwin\AppData\Roaming\vlc
2014-08-31 11:32 - 2013-06-20 19:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 11:24 - 2014-08-25 08:15 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 22:02 - 2009-07-14 08:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-30 17:39 - 2012-04-14 10:12 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-08-30 17:38 - 2012-04-14 10:12 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-30 17:37 - 2014-08-30 17:37 - 00000000 ____D () C:\windows\SysWOW64\NV
2014-08-30 17:37 - 2014-08-30 17:37 - 00000000 ____D () C:\windows\system32\NV
2014-08-30 17:30 - 2012-04-14 10:12 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-08-30 16:21 - 2013-10-22 23:00 - 00000000 ____D () C:\Users\Delwin\Desktop\Don
2014-08-30 11:00 - 2014-08-30 11:00 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-30 11:00 - 2014-08-30 11:00 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-30 11:00 - 2014-08-30 11:00 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-30 10:52 - 2014-05-23 01:14 - 00000000 ____D () C:\Program Files\Java
2014-08-30 10:37 - 2014-08-30 10:25 - 31013800 _____ (Oracle Corporation) C:\Users\Delwin\Downloads\jre-7u67-windows-x64.exe
2014-08-30 10:18 - 2014-07-09 21:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-30 03:07 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-30 01:44 - 2013-11-07 01:46 - 00000000 ____D () C:\Users\Delwin\Desktop\Serials
2014-08-30 01:26 - 2013-11-27 13:25 - 00000000 ____D () C:\Users\Delwin\AppData\Local\ABBYY
2014-08-30 01:26 - 2013-11-27 13:25 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-30 01:26 - 2013-11-27 13:25 - 00000000 ____D () C:\Program Files (x86)\ABBYY FineReader 10
2014-08-30 01:22 - 2011-02-23 18:38 - 00000000 ____D () C:\windows\Panther
2014-08-30 01:16 - 2012-11-27 20:01 - 00000000 ____D () C:\windows\Minidump
2014-08-29 15:18 - 2012-11-25 00:20 - 00000000 ____D () C:\Users\Delwin\.android
2014-08-29 13:17 - 2014-07-31 21:45 - 00000000 ____D () C:\Users\Delwin\Desktop\Muzik
2014-08-29 12:16 - 2014-08-29 11:47 - 200278016 _____ () C:\Users\Delwin\Downloads\gparted-live-0.19.1-1-i486.iso
2014-08-29 11:48 - 2014-08-25 17:17 - 00000000 ____D () C:\Users\Delwin\Desktop\PD
2014-08-29 11:01 - 2014-08-29 11:01 - 00000000 ____D () C:\Users\Delwin\AppData\Roaming\stetic
2014-08-29 11:00 - 2014-08-29 11:00 - 00000000 ____D () C:\Users\Delwin\AppData\Roaming\MonoDevelop-Unity-4.0
2014-08-29 11:00 - 2014-08-29 11:00 - 00000000 ____D () C:\Users\Delwin\AppData\Local\MonoDevelop-Unity-4.0
2014-08-28 20:49 - 2014-08-26 15:53 - 00000000 ____D () C:\Users\Delwin\Desktop\Demo Derby Project
2014-08-28 20:49 - 2014-08-24 19:51 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2014-08-26 23:50 - 2014-08-26 23:50 - 00000998 _____ () C:\Users\Delwin\Downloads\New Text Document.txt
2014-08-25 09:31 - 2014-04-24 02:09 - 00000000 ____D () C:\Users\Delwin\AppData\Local\Unity
2014-08-25 09:31 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\registration
2014-08-25 09:10 - 2012-11-20 13:55 - 00000000 ____D () C:\Users\Delwin\AppData\Local\CRE
2014-08-25 08:14 - 2014-08-25 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 08:14 - 2014-08-25 08:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-25 08:14 - 2013-06-20 19:29 - 00000000 ____D () C:\Users\Delwin\AppData\Roaming\Malwarebytes
2014-08-24 20:56 - 2014-04-24 02:46 - 00000000 ____D () C:\Users\Delwin\AppData\Roaming\Unity
2014-08-24 19:55 - 2014-08-24 19:55 - 00000000 ____D () C:\Users\Delwin\AppData\Roaming\Apple Computer
2014-08-24 19:55 - 2014-08-24 19:55 - 00000000 ____D () C:\Users\Delwin\AppData\Local\Apple Computer
2014-08-24 19:54 - 2014-08-24 19:54 - 00000231 _____ () C:\Users\Delwin\BullseyeCoverageError.txt
2014-08-24 19:54 - 2014-08-24 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2014-08-24 19:54 - 2014-08-24 19:30 - 00000000 ____D () C:\Program Files (x86)\Unity
2014-08-24 19:51 - 2014-08-24 19:51 - 00001126 _____ () C:\Users\Public\Desktop\Unity.lnk
2014-08-24 13:01 - 2014-08-24 08:52 - 1301255152 _____ (Unity Technologies ApS) C:\Users\Delwin\Downloads\UnitySetup-4.5.3.exe
2014-08-23 07:37 - 2014-08-27 22:57 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 07:15 - 2014-08-27 22:57 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 06:29 - 2014-08-27 22:57 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 09:23 - 2013-11-12 01:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-22 08:53 - 2014-08-30 10:53 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-08-22 08:53 - 2014-05-23 01:15 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-08-22 08:53 - 2014-05-23 01:15 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-08-22 08:53 - 2014-05-23 01:15 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-08-22 08:48 - 2014-08-30 10:18 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-22 08:47 - 2014-08-30 10:18 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-22 08:47 - 2014-08-30 10:18 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-22 08:47 - 2014-07-09 21:36 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-19 20:16 - 2014-02-07 12:55 - 00007501 _____ () C:\Users\Delwin\sslvpn-client.log
2014-08-19 20:16 - 2014-02-07 12:55 - 00002214 _____ () C:\Users\Delwin\sslvpn-client-out-err.log
2014-08-19 19:58 - 2014-02-07 12:42 - 00000094 _____ () C:\Users\Delwin\sslvpn-config.properties
2014-08-17 09:36 - 2014-08-17 09:36 - 00000000 ____D () C:\Users\Delwin\AppData\Local\Microsoft_Corporation
2014-08-17 08:57 - 2014-08-01 23:09 - 00000000 ____D () C:\Python27
2014-08-16 12:56 - 2014-01-14 17:03 - 00012875 _____ () C:\SSLClientService.log
2014-08-13 22:02 - 2013-04-30 15:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 21:58 - 2013-06-29 15:43 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-08-13 21:58 - 2013-06-29 15:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-08-13 21:40 - 2013-07-14 20:13 - 00000000 ____D () C:\windows\system32\MRT
2014-08-13 21:29 - 2012-11-20 14:34 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-13 21:06 - 2014-05-06 21:01 - 00000000 ___SD () C:\windows\system32\CompatTel
 
Some content of TEMP:
====================
C:\Users\Delwin\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 10:39
 
==================== End Of Log ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2014
Ran by Delwin at 2014-09-07 09:52:58
Running from C:\Users\Delwin\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Abacus WorkSpace Generic Script (HKLM-x32\...\{46D895AC-D58D-4C02-BF9A-94C0D5B82D93}) (Version: 1.1.01 - XMLHK)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVG PC TuneUp (x32 Version: 12.0.4020.3 - AVG Technologies) Hidden
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4020.3 - AVG Technologies) Hidden
Blast Pack for Pocket Tanks Deluxe (HKLM-x32\...\Blast Pack for Pocket Tanks Deluxe_is1) (Version: 1.1 - BlitWise Productions, LLC)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CrystalDiskInfo 6.0.1 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.0.1 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.3.2.10 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
EaseUS Data Recovery Wizard 5.8.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 5.8.0_is1) (Version:  - EaseUS)
ETicketViewer (HKLM-x32\...\{D2CB4FC8-67EB-453E-8480-1C7B98EC8555}) (Version: 1.0.2 - ITQ)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.9.0 - Androxyde)
Galileo Desktop (HKLM-x32\...\InstallShield_{CA2A96F0-2A5C-4E2F-95C0-979F5B194A60}) (Version: 5.50 - Travelport)
Galileo Desktop (x32 Version: 5.50 - Travelport) Hidden
Galileo Scripts Iata Version (HKLM-x32\...\{91BBD9A5-4B4A-11D8-92A1-0050BAC5586B}) (Version: 1.1.0 - Atul Kumar Rustagi)
Galileo SSL (HKLM-x32\...\InstallShield_{EB1497CC-C9D1-4531-B9F2-74F58EDB91D7}) (Version: 01.00.0016.00 - Galileo)
Galileo SSL (x32 Version: 01.00.0016.00 - Galileo) Hidden
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Ice Pack for Pocket Tanks Deluxe (HKLM-x32\...\Ice Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)
NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
nLite 1.4.9.3 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.3165 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Party Pack for Pocket Tanks Deluxe (HKLM-x32\...\Party Pack for Pocket Tanks Deluxe_is1) (Version: 1.1 - BlitWise Productions, LLC)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Plasma Pack for Pocket Tanks Deluxe (HKLM-x32\...\Plasma Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
Pocket Tanks Deluxe v1.3 By Argogo (HKLM-x32\...\{98BAFEF4-7A37-4E48-B66C-BA8D730EFFAF}) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
Python 2.7.8 (64-bit) (HKLM\...\{61121B12-88BD-4261-A6EE-AB32610A56De}) (Version: 2.7.8150 - Python Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Ruby 1.9.3-p362 (HKCU\...\{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1) (Version: 1.9.3-p362 - RubyInstaller Team)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
System Checkup 3.4 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.4.4.12 - iolo technologies, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
tools-freebsd (x32 Version: 8.8.5.893925 - VMware, Inc.) Hidden
tools-linux (x32 Version: 8.8.5.893925 - VMware, Inc.) Hidden
tools-netware (x32 Version: 8.8.5.893925 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 8.8.5.893925 - VMware, Inc.) Hidden
tools-windows (x32 Version: 8.8.5.893925 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 8.8.5.893925 - VMware, Inc.) Hidden
TortoiseSVN 1.8.8.25755 (64 bit) (HKLM\...\{7DAA9D5A-ED99-40D2-AA9D-386722FE105A}) (Version: 1.8.25755 - TortoiseSVN)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.14 - Tweaking.com)
Unity (HKLM-x32\...\Unity) (Version: 4.5.3f3 - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VisualSVN Server 2.7.8 (HKLM-x32\...\{1BD3BF0D-11D6-4A96-8070-8F7A54924E92}) (Version: 2.7.8.0 - VisualSVN Ltd.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VmciSockets (Version: 9.1.55.1 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 8.0.5.33341 - VMware, Inc)
VMware Workstation (x32 Version: 8.0.5.33341 - VMware, Inc.) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7600 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.8.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.4 - The Wireshark developer community, http://www.wireshark.org)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-08-2014 10:37:12 Windows Modules Installer
30-08-2014 11:52:06 Windows Update
30-08-2014 15:30:13 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2014-02-07 13:01 - 00003473 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 pcanalysis.net
173.252.110.27   facebook.com
74.125.236.102 google.com
206.190.36.45 yahoo.com
72.21.206.80 imdb.com
74.125.236.118 gmail.com
74.125.236.118 mail.google.com
74.125.236.102 youtube.com
68.142.240.31 mail.yahoo.com
203.199.48.35 venus.abacus.local
203.199.48.35 venus.abacus.local
127.0.0.34 ofep34.sabre.com # Nortel SSL-VPN
127.0.0.23 ofep23.sabre.com # Nortel SSL-VPN
127.0.0.12 ofep12.sabre.com # Nortel SSL-VPN
127.0.0.36 fos.sabre.com # Nortel SSL-VPN
127.0.0.8 ofep08.sabre.com # Nortel SSL-VPN
127.0.0.19 ofep19.sabre.com # Nortel SSL-VPN
127.0.0.21 ofep21.sabre.com # Nortel SSL-VPN
127.0.0.32 ofep32.sabre.com # Nortel SSL-VPN
127.0.0.1 res.sabre.com # Nortel SSL-VPN
127.0.0.44 access.certd.sabre.com # Nortel SSL-VPN
127.0.0.36 frt.sabre.com # Nortel SSL-VPN
127.0.0.10 ofep10.sabre.com # Nortel SSL-VPN
127.0.0.28 ofep28.sabre.com # Nortel SSL-VPN
127.0.0.17 ofep17.sabre.com # Nortel SSL-VPN
127.0.0.30 ofep30.sabre.com # Nortel SSL-VPN
127.0.0.6 ofep06.sabre.com # Nortel SSL-VPN
127.0.0.41 access.tstsa.sabre.com # Nortel SSL-VPN
 
There are 32 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {093B818A-75F3-4B27-B791-4833E7A899BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-20] (Google Inc.)
Task: {3609D458-9AD8-4ADC-96E2-9550434F62E0} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-30] (Oracle Corporation)
Task: {4267066E-03E0-407B-BAA6-9FAF257C2B21} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-19] (PC-Doctor, Inc.)
Task: {54D227F2-2595-4B5C-B009-C12B0130EF04} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {7563455B-75E8-471F-A42A-B8688A1D03A8} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {7C9DD8BC-0CD3-4743-8351-95E0006C2A03} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {9E00E44A-8A92-4CF7-A029-E62BEFE44934} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-12-19] (PC-Doctor, Inc.)
Task: {9FD4F8B9-4ACA-4D4F-9FC1-CA7F9F68DCB2} - System32\Tasks\{FF431135-2C57-434B-BD26-F0D471ED495F} => C:\Program Files (x86)\Android\sdk\tools\lib\SDK Manager.exe
Task: {A8B1311A-7412-48C9-A844-EA1BDC48B16C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-20] (Google Inc.)
Task: {B2ECF032-4EE7-47B4-98C4-3682B3B02417} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {B66173E8-3718-4E45-94C5-E81F9E2F3B18} - System32\Tasks\Automatic Shut Down => C:\windows\system32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {BBB4C9FC-DD33-432F-A101-CE85BE4A835A} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {C2AAC400-62DE-4AA5-A86C-CB06CD9CB6FB} - System32\Tasks\{B173229A-7A6F-47D4-8351-7A2FB6F2DE2B} => C:\Program Files (x86)\Android\sdk\tools\lib\SDK Manager.exe
Task: {DF660687-EC09-4536-A40B-DE1258C32ED7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-30] (Adobe Systems Incorporated)
Task: {E2641C0E-A4CA-4E44-8251-DDE1A2384248} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {FC180A52-2F85-478B-82CB-74BB0639D5C5} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-11-20 20:55 - 2013-10-23 13:50 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-18 13:30 - 2013-06-18 13:30 - 00069632 _____ () C:\Program Files (x86)\Galileo\SSL\GalileoSSLClientLibrary.dll
2014-08-10 16:10 - 2014-08-10 16:10 - 00076032 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-08-10 16:10 - 2014-08-10 16:10 - 00088832 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-14 12:31 - 2011-04-11 00:10 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2013-10-31 20:35 - 2013-10-31 20:35 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2012-10-31 22:55 - 2012-10-31 22:55 - 01260184 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-08-13 17:24 - 2014-08-13 17:24 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93e5a6fd798a9421be63a03caf0228a1\IsdiInterop.ni.dll
2012-04-14 10:01 - 2010-11-06 10:20 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Delwin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Bonus.SSR.FR10 => "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Registration => C:\Program Files (x86)\System Registration\prodreg.exe /boot
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Delwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: SpeedUpMyComputer => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth L2CAP Interface
Description: Bluetooth L2CAP Interface
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwl2cap
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/02/2014 11:29:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt> with error: This operation returned because the timeout period expired.
.
 
Error: (09/02/2014 11:27:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt> with error: This operation returned because the timeout period expired.
.
 
Error: (09/01/2014 10:36:42 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Delwin-PC)
Description: Application or service 'AVG User Interface' could not be shut down.
 
Error: (08/28/2014 09:12:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).
 
Error: (08/25/2014 10:58:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Unity.exe, version: 4.5.3.26353, time stamp: 0x53e492b0
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc000041d
Fault offset: 0x000222d2
Faulting process id: 0x2050
Faulting application start time: 0xUnity.exe0
Faulting application path: Unity.exe1
Faulting module path: Unity.exe2
Report Id: Unity.exe3
 
Error: (08/25/2014 08:35:01 AM) (Source: MsiInstaller) (EventID: 1024) (User: Delwin-PC)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (08/21/2014 00:29:11 PM) (Source: MsiInstaller) (EventID: 1024) (User: Delwin-PC)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (08/19/2014 08:33:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: viewpoint.exe, version: 5.50.0.17, time stamp: 0x4e4008c2
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e3be
Faulting process id: 0x244c
Faulting application start time: 0xviewpoint.exe0
Faulting application path: viewpoint.exe1
Faulting module path: viewpoint.exe2
Report Id: viewpoint.exe3
 
Error: (08/17/2014 01:42:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: viewpoint.exe, version: 5.50.0.17, time stamp: 0x4e4008c2
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e3be
Faulting process id: 0x1358
Faulting application start time: 0xviewpoint.exe0
Faulting application path: viewpoint.exe1
Faulting module path: viewpoint.exe2
Report Id: viewpoint.exe3
 
Error: (08/16/2014 02:27:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: viewpoint.exe, version: 5.50.0.17, time stamp: 0x4e4008c2
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e3be
Faulting process id: 0xbfc
Faulting application start time: 0xviewpoint.exe0
Faulting application path: viewpoint.exe1
Faulting module path: viewpoint.exe2
Report Id: viewpoint.exe3
 
 
System errors:
=============
Error: (09/07/2014 09:47:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (09/07/2014 09:47:04 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (09/07/2014 09:45:10 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (09/07/2014 09:45:06 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The VMware Workstation Server service terminated with service-specific error %%-1.
 
Error: (09/07/2014 09:43:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
%%1058
 
Error: (09/07/2014 09:43:40 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
 
Error: (09/07/2014 09:43:40 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
 
Error: (09/07/2014 09:43:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: 
%%2
 
Error: (09/07/2014 09:43:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error: 
%%1053
 
Error: (09/07/2014 09:43:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (09/02/2014 11:29:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
 
Error: (09/02/2014 11:27:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
 
Error: (09/01/2014 10:36:42 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Delwin-PC)
Description: 1C:\Program Files (x86)\AVG\AVG2014\avgui.exeAVG User Interface0111749000
 
Error: (08/28/2014 09:12:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x81000101
 
Error: (08/25/2014 10:58:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Unity.exe4.5.3.2635353e492b0ntdll.dll6.1.7601.18247521ea8e7c000041d000222d2205001cfc087fa9a3e4aC:\Program Files (x86)\Unity\Editor\Unity.exeC:\windows\SysWOW64\ntdll.dll2a89e719-2c7d-11e4-8d87-642737ec9bda
 
Error: (08/25/2014 08:35:01 AM) (Source: MsiInstaller) (EventID: 1024) (User: Delwin-PC)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
 
Error: (08/21/2014 00:29:11 PM) (Source: MsiInstaller) (EventID: 1024) (User: Delwin-PC)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
 
Error: (08/19/2014 08:33:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: viewpoint.exe5.50.0.174e4008c2ntdll.dll6.1.7601.18247521ea8e7c00000050002e3be244c01cfbbba512b1305C:\fp\swdir\viewpoint.exeC:\windows\SysWOW64\ntdll.dllf83f6401-27b1-11e4-bd77-642737ec9bda
 
Error: (08/17/2014 01:42:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: viewpoint.exe5.50.0.174e4008c2ntdll.dll6.1.7601.18247521ea8e7c00000050002e3be135801cfb9f2351c9c18C:\fp\swdir\viewpoint.exeC:\windows\SysWOW64\ntdll.dll4048227c-25e6-11e4-bd77-642737ec9bda
 
Error: (08/16/2014 02:27:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: viewpoint.exe5.50.0.174e4008c2ntdll.dll6.1.7601.18247521ea8e7c00000050002e3bebfc01cfb9234845d25cC:\fp\swdir\viewpoint.exeC:\windows\SysWOW64\ntdll.dll5b3f73ba-2523-11e4-bd77-642737ec9bda
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-01-29 12:58:41.836
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Delwin\Desktop\testdisk-7.0-WIP\New folder\recup_dir.6\f0728752_avgwdsvc.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 12:58:41.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Delwin\Desktop\testdisk-7.0-WIP\New folder\recup_dir.6\f0728752_avgwdsvc.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 12:58:41.670
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Delwin\Desktop\testdisk-7.0-WIP\New folder\recup_dir.6\f0728752_avgwdsvc.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 12:58:41.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Delwin\Desktop\testdisk-7.0-WIP\New folder\recup_dir.6\f0728752_avgwdsvc.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 12:58:41.546
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Delwin\Desktop\testdisk-7.0-WIP\New folder\recup_dir.6\f0728752_avgwdsvc.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 12:58:41.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Delwin\Desktop\testdisk-7.0-WIP\New folder\recup_dir.6\f0728752_avgwdsvc.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 12:58:41.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Delwin\Desktop\testdisk-7.0-WIP\New folder\recup_dir.6\f0728752_avgwdsvc.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 12:58:41.314
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Delwin\Desktop\testdisk-7.0-WIP\New folder\recup_dir.6\f0728752_avgwdsvc.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 12:35:23.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Delwin\Desktop\testdisk-7.0-WIP\New folder\recup_dir.11\f4375232_avgwdsvc.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-29 12:35:23.579
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Delwin\Desktop\testdisk-7.0-WIP\New folder\recup_dir.11\f4375232_avgwdsvc.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 4002.05 MB
Available physical RAM: 1991.33 MB
Total Pagefile: 8002.27 MB
Available Pagefile: 5996.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:311.88 GB) (Free:39.87 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: ACA39B00)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=311.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=600 GB) - (Type=05)
 
==================== End Of Log ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:33 PM

Posted 07 September 2014 - 08:42 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4076033807-1738934085-3749268866-1001\...\Run: [uTorrent] => C:\Users\Delwin\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-03] (BitTorrent Inc.)
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (No File)
SearchScopes: HKCU - {E0AA544C-8391-4358-BBA0-E228A26D4C2C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
CHR HKLM-x32\...\Chrome\Extension: [gcnclcnoadfbhlijffnlahjnegijcbnn] - C:\Users\Delwin\AppData\Roaming\jmp3.crx [2013-01-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#7 donjohn4

donjohn4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 08 September 2014 - 12:07 PM

I still got the warning from avg after the fix before restarting the computer. nothing since the restart after which i performed the security check. However sometimes the symptoms disappear and return in 2-5 days so i don't really know whether it has gone

 

Below is the log file after the fix.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by Delwin at 2014-09-08 18:46:18 Run:1
Running from C:\Users\Delwin\Desktop\logs
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4076033807-1738934085-3749268866-1001\...\Run: [uTorrent] => C:\Users\Delwin\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-03] (BitTorrent Inc.)
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (No File)
SearchScopes: HKCU - {E0AA544C-8391-4358-BBA0-E228A26D4C2C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
CHR HKLM-x32\...\Chrome\Extension: [gcnclcnoadfbhlijffnlahjnegijcbnn] - C:\Users\Delwin\AppData\Roaming\jmp3.crx [2013-01-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
 
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-4076033807-1738934085-3749268866-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully.
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E0AA544C-8391-4358-BBA0-E228A26D4C2C}" => Key deleted successfully.
"HKCR\CLSID\{E0AA544C-8391-4358-BBA0-E228A26D4C2C}" => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value deleted successfully.
"HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}" => Key not found.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4" => Key deleted successfully.
"HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1" => Key deleted successfully.
C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@flash-Enhancer.com => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gcnclcnoadfbhlijffnlahjnegijcbnn" => Key deleted successfully.
C:\Users\Delwin\AppData\Roaming\jmp3.crx => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Nero BackItUp Scheduler 4.0 => Service deleted successfully.
btwaudio => Service deleted successfully.
btwavdt => Service deleted successfully.
btwl2cap => Service deleted successfully.
btwrchid => Service deleted successfully.
 
==== End of Fixlog ====
 
 
 
 
 
Below is the checkup file generated by the security check.
 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 AVG PC TuneUp   
 AVG PC TuneUp Language Pack (en-US) 
 Java 8 Update 20  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.179  
 Adobe Reader XI  
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:33 PM

Posted 08 September 2014 - 01:11 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

I will keep this topic open for 6 days.
Good luck.

#9 donjohn4

donjohn4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 09 September 2014 - 07:17 AM

Thank You for all your help. Really  appreciate it.

if I do encounter any problem i will inform you immediately.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:33 PM

Posted 15 September 2014 - 08:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users