PDA

View Full Version : AVG Resident Shield keeps finding "Trojan horse Generic_c", and awsMBR keeps crashing



ZNoEvil
2014-10-05, 07:26
awsMBR in particular hasen't been able to complete scans with crashes with rootkit detection, even after I declined it at launch of the program and doing just a quick scan. Attached is a screenshot of the moment it crashes.

Below are the contents of FRST64.txt and Addition.txt.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01
Ran by tyl2 (administrator) on IMAGINENOHELL on 04-10-2014 09:00:16
Running from D:\Users\tyl2\Desktop
Loaded Profile: tyl2 (Available profiles: tyl2 & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\avgrsa.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\avgcsrva.exe
(AMD) D:\Windows\System32\atiesrxx.exe
(AMD) D:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\avgwdsvc.exe
(Microsoft Corporation) D:\Windows\System32\CISVC.EXE
(CHENGDU YIWO Tech Development Co., Ltd) D:\Program Files (x86)\EaseUS Backup\bin\Agent.exe
(Garmin Ltd or its subsidiaries) D:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Logitech, Inc.) D:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Co.) D:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
() D:\Users\tyl2\AppData\Roaming\Lantern\Lantern.exe
(Hewlett-Packard) D:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\avgui.exe
(MJMSoft Design Limited) D:\Program Files (x86)\KeyText\KeyText.exe
() D:\Program Files (x86)\RSIGuard\RSIGuard.exe
(CHENGDU YIWO Tech Development Co., Ltd) D:\Program Files (x86)\EaseUS Backup\bin\GuardAgent.exe
() D:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Dropbox, Inc.) D:\Users\tyl2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Program Files (x86)\Evernote\EvernoteClipper.exe
(Logitech, Inc.) D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() D:\Users\tyl2\AppData\Roaming\Lantern\pt\flashlight\flashlight.exe
() D:\Users\tyl2\AppData\Roaming\Lantern\pt\flashlight\flashlight.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) D:\Windows\System32\vds.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intuit Inc.) D:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
() D:\Program Files\WinRAR\WinRAR.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => D:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AMD AVT] => D:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [HP Software Update] => D:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => D:\Program Files (x86)\AVG\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LBTWlgn: d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [OfficeSyncProcess] => D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [syshost32] => D:\Users\tyl2\AppData\Local\{1531A5D7-B4F4-5F38-B350-CDF2931D4AB6}\syshost.exe
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [ROC_ROC_APR2013_AV] => D:\Users\tyl2\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 6774ac5ff45f47d1a6cdd1544f45f731-e5ea4db2b6b3f03f7240b4b0f42b1f3c0e56ac5d --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters).
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [AVG-Secure-Search-Update_0913a] => D:\Users\tyl2\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 6774ac5ff45f47d1a6cdd1544f45f731-e5ea4db2b6b3f03f7240b4b0f42b1f3c0e56ac5d --CMPID 0913a
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => D:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [AVG-Secure-Search-Update_0214c] => D:\Users\tyl2\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=6774ac5ff45f47d1a6cdd1544f45f731-e5ea4db2b6b3f03f7240b4b0f42b1f3c0e56ac5d /CMPID=0214c
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\D-Tools\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [Lantern] => D:\Users\tyl2\AppData\Roaming\Lantern\Lantern.exe [236568 2014-08-12] ()
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\MountPoints2: {d39c8ede-05c4-11e3-8c27-dde1fa99cd3b} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\MountPoints2: {d97562d3-22bf-11e3-be4f-a9f332b18c39} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\KeyText.lnk
ShortcutTarget: KeyText.lnk -> D:\Program Files (x86)\KeyText\KeyText.exe (MJMSoft Design Limited)
Startup: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RSIGuard.lnk
ShortcutTarget: RSIGuard.lnk -> D:\Program Files (x86)\RSIGuard\RSIGuard.exe ()
Startup: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
ShortcutTarget: Windows Explorer.lnk -> D:\Windows\explorer.exe (Microsoft Corporation)
Startup: D:\Users\tyl2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: D:\Users\tyl2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> D:\Program Files (x86)\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => D:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => D:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => D:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => D:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => D:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => D:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => D:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0E6309D16E55CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> D:\Program Files (x86)\HotspotShield\HssIE\HssIE_64.dll (AnchorFree Inc.)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> D:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll (SMART Technologies ULC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> D:\Program Files (x86)\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> D:\Program Files (x86)\HotspotShield\HssIE\HssIE.dll (AnchorFree Inc.)
DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Hosts: 127.0.0.1 www.applian.securesites.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{082F969D-2D6E-4721-ADC4-438F88EC8C48}: [NameServer] 209.18.47.61,209.18.47.62,8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{817B83C9-C8ED-4980-9E4D-FC89A0456B59}: [NameServer] 192.168.1.1,8.8.8.8

FireFox:
========
FF ProfilePath: D:\Users\tyl2\AppData\Roaming\Mozilla\Firefox\Profiles\7b5snte1.TYL2
FF Homepage: my.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> D:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> D:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> D:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 -> D:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 -> D:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> D:\Program Files (x86)\Adobe\Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\SharedAppData\Firefox\tyl3\searchplugins\answers.xml
FF SearchPlugin: C:\SharedAppData\Firefox\tyl3\searchplugins\askcom.xml
FF SearchPlugin: C:\SharedAppData\Firefox\tyl3\searchplugins\IMDB.xml
FF SearchPlugin: C:\SharedAppData\Firefox\tyl3\searchplugins\searchplugins-backup
FF SearchPlugin: C:\SharedAppData\Firefox\tyl3\searchplugins\TVGuideMovies.xml
FF SearchPlugin: C:\SharedAppData\Firefox\default\searchplugins\amazon-search-suggestions.xml
FF SearchPlugin: C:\SharedAppData\Firefox\default\searchplugins\IMDB.xml
FF SearchPlugin: C:\SharedAppData\Firefox\default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\SharedAppData\Firefox\default\searchplugins\wikipedia-eng.xml
FF SearchPlugin: C:\SharedAppData\Firefox\default\searchplugins\youtube-video-search.xml
FF SearchPlugin: C:\SharedAppData\Firefox\Imagine\searchplugins\answerscom.xml
FF SearchPlugin: C:\SharedAppData\Firefox\Imagine\searchplugins\babel-fish-en-zh-cn.xml
FF SearchPlugin: C:\SharedAppData\Firefox\Imagine\searchplugins\ebay-us-completed-listings.xml
FF SearchPlugin: C:\SharedAppData\Firefox\Imagine\searchplugins\howjsay.xml
FF SearchPlugin: C:\SharedAppData\Firefox\Imagine\searchplugins\imdb.xml
FF SearchPlugin: C:\SharedAppData\Firefox\Imagine\searchplugins\pharasessearch.xml
FF SearchPlugin: C:\SharedAppData\Firefox\Imagine\searchplugins\tvguidecom---movies.xml
FF Extension: Lantern Proxy Configurator - D:\Users\tyl2\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\lantern@getlantern.org [2014-08-13]
FF Extension: Test Pilot - C:\SharedAppData\Firefox\tyl3\Extensions\testpilot@labs.mozilla.com.xpi [2011-08-07]
FF Extension: Microsoft .NET Framework Assistant - C:\SharedAppData\Firefox\tyl3\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-12-09]
FF Extension: Adblock Plus - C:\SharedAppData\Firefox\tyl3\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-27]
FF Extension: Microsoft .NET Framework Assistant - C:\SharedAppData\Firefox\default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-07]
FF Extension: No Name - C:\SharedAppData\Firefox\default\Extensions\testpilot@labs.mozilla.com.xpi [2011-08-07]
FF Extension: Adblock Plus - C:\SharedAppData\Firefox\default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-08-07]
FF Extension: DownloadHelper - C:\SharedAppData\Firefox\Imagine\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Evernote Web Clipper - C:\SharedAppData\Firefox\Imagine\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-17]
FF Extension: No Name - C:\SharedAppData\Firefox\Imagine\Extensions\html5notifications@paxal.net.xpi [2012-10-08]
FF Extension: No Name - C:\SharedAppData\Firefox\Imagine\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2012-11-03]
FF Extension: No Name - C:\SharedAppData\Firefox\Imagine\Extensions\testpilot@labs.mozilla.com.xpi [2011-08-07]
FF Extension: Easy Youtube Video Downloader Express - C:\SharedAppData\Firefox\Imagine\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-07-31]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Firefox\firefox.exe

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; D:\Program Files (x86)\AVG\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; D:\Program Files (x86)\AVG\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 EaseUS Agent; D:\Program Files (x86)\EaseUS Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Garmin Core Update Service; D:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 Guard Agent; D:\Program Files (x86)\EaseUS Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S4 mozybackup; D:\Program Files\MozyHome\mozybackup.exe [55112 2013-08-05] (Mozy, Inc.)
R2 PassThru Service; D:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
S3 AVG Bonjour Service; D:\Windows\TEMP\avgcu_mDNSResponder.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; D:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R3 AnyDVD; D:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
S3 appliand; D:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
R3 appliandMP; D:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
R1 Avgdiska; D:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; D:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; D:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; D:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; D:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; D:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; D:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
S2 DgiVecp; D:\Windows\system32\Drivers\DgiVecp.sys [53816 2011-05-13] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; D:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-25] (Disc Soft Ltd)
R0 EUBAKUP; D:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; D:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]
R1 EUDSKACS; D:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; D:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S4 LMIRfsClientNP; No ImagePath
R1 mozyFilter; D:\Windows\System32\DRIVERS\mozy.sys [67808 2013-08-05] (Mozy, Inc.)
S3 ptun0901; D:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-09-18] (The OpenVPN Project)
S3 RT73; D:\Windows\System32\DRIVERS\rt73.sys [356352 2006-09-07] (Ralink Technology, Corp.)
R3 RTL8192cu; D:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
S3 SMARTMouseFilterx64; D:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-10-18] (SMART Technologies) [File not signed]
S3 SMARTVHidMiniVistaAmd64; D:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-10-18] (SMART Technologies) [File not signed]
S3 SMARTVTabletPCx64; D:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-10-18] (SMART Technologies ULC) [File not signed]
S2 LMIInfo; \??\D:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 09:00 - 2014-10-04 09:03 - 00020830 _____ () D:\Users\tyl2\Desktop\FRST.txt
2014-10-04 08:42 - 2014-10-04 08:42 - 00000000 ____D () D:\Users\tyl2\Desktop\OpenVPN-Certificate-Bundle-Server1
2014-10-04 08:39 - 2014-10-04 08:39 - 00000000 ____D () D:\Windows\LastGood
2014-10-04 08:13 - 2014-10-04 08:13 - 00013991 _____ () D:\Users\tyl2\Desktop\OpenVPN-Certificate-Bundle-Server1.zip
2014-10-04 08:08 - 2014-10-04 08:08 - 05185536 _____ (AVAST Software) D:\Users\tyl2\Desktop\aswMBR.exe
2014-10-04 08:05 - 2014-10-04 09:01 - 00000000 ____D () D:\FRST
2014-10-04 08:04 - 2014-10-04 08:04 - 02109440 _____ (Farbar) D:\Users\tyl2\Desktop\FRST64.exe
2014-09-30 20:45 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) D:\Windows\system32\qdvd.dll
2014-09-30 20:45 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) D:\Windows\SysWOW64\qdvd.dll
2014-09-29 02:06 - 2014-09-29 02:06 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\AVG2015
2014-09-29 01:52 - 2014-09-29 01:57 - 00000000 ____D () D:\ProgramData\AVG2015
2014-09-29 01:52 - 2014-09-29 01:52 - 00000000 ____D () D:\Users\Guest\AppData\Local\Avg
2014-09-29 01:47 - 2014-09-29 21:53 - 00000000 ____D () D:\Users\tyl2\AppData\Local\Avg2015
2014-09-24 21:54 - 2014-09-24 21:54 - 00000000 ____D () D:\Users\tyl2\AppData\Local\Chromium
2014-09-24 21:54 - 2014-09-24 21:54 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iron
2014-09-24 21:54 - 2014-09-24 21:54 - 00000000 ____D () D:\Program Files (x86)\Iron
2014-09-24 21:24 - 2014-09-24 21:24 - 00000000 ____D () D:\Program Files (x86)\Firefox
2014-09-23 23:34 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) D:\Windows\system32\tzres.dll
2014-09-23 23:34 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) D:\Windows\SysWOW64\tzres.dll
2014-09-18 21:11 - 2014-09-24 22:19 - 00000000 ____D () D:\Program Files (x86)\Firefox.bak
2014-09-18 18:07 - 2014-09-18 18:07 - 00027136 _____ (The OpenVPN Project) D:\Windows\system32\Drivers\ptun0901.sys
2014-09-12 19:15 - 2014-10-04 08:08 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\{38436b9b-fe1c-4d8c-a543-c399fea3632d}
2014-09-12 19:14 - 2014-10-04 08:08 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\{84cd2c9e-4efc-46f2-a3cb-215a42c772c4}
2014-09-09 21:51 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) D:\Windows\system32\iedkcs32.dll
2014-09-09 21:51 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iedkcs32.dll
2014-09-09 21:51 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.dll
2014-09-09 21:51 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.tlb
2014-09-09 21:51 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) D:\Windows\system32\ieetwcollectorres.dll
2014-09-09 21:51 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) D:\Windows\system32\iertutil.dll
2014-09-09 21:51 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) D:\Windows\system32\jscript9.dll
2014-09-09 21:51 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) D:\Windows\system32\vbscript.dll
2014-09-09 21:51 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) D:\Windows\system32\iesetup.dll
2014-09-09 21:51 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) D:\Windows\system32\MshtmlDac.dll
2014-09-09 21:51 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) D:\Windows\system32\ieetwproxystub.dll
2014-09-09 21:51 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9.dll
2014-09-09 21:51 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) D:\Windows\system32\jsproxy.dll
2014-09-09 21:51 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) D:\Windows\system32\iernonce.dll
2014-09-09 21:51 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) D:\Windows\system32\ieui.dll
2014-09-09 21:51 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) D:\Windows\system32\jscript9diag.dll
2014-09-09 21:51 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) D:\Windows\system32\ieUnatt.exe
2014-09-09 21:51 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) D:\Windows\system32\ieetwcollector.exe
2014-09-09 21:51 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.tlb
2014-09-09 21:51 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) D:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-09 21:51 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) D:\Windows\system32\dxtmsft.dll
2014-09-09 21:51 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) D:\Windows\SysWOW64\vbscript.dll
2014-09-09 21:51 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) D:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-09 21:51 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesetup.dll
2014-09-09 21:51 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) D:\Windows\SysWOW64\MshtmlDac.dll
2014-09-09 21:51 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-09 21:51 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iertutil.dll
2014-09-09 21:51 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) D:\Windows\system32\msrating.dll
2014-09-09 21:51 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) D:\Windows\system32\mshtmled.dll
2014-09-09 21:51 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jsproxy.dll
2014-09-09 21:51 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iernonce.dll
2014-09-09 21:51 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) D:\Windows\system32\dxtrans.dll
2014-09-09 21:51 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieui.dll
2014-09-09 21:51 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieUnatt.exe
2014-09-09 21:51 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9diag.dll
2014-09-09 21:51 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\dxtmsft.dll
2014-09-09 21:51 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) D:\Windows\system32\msfeeds.dll
2014-09-09 21:51 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) D:\Windows\system32\ie4uinit.exe
2014-09-09 21:51 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) D:\Windows\system32\inetcpl.cpl
2014-09-09 21:51 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) D:\Windows\system32\mshtmlmedia.dll
2014-09-09 21:51 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) D:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-09 21:51 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msrating.dll
2014-09-09 21:51 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) D:\Windows\SysWOW64\dxtrans.dll
2014-09-09 21:51 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtmled.dll
2014-09-09 21:51 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) D:\Windows\system32\wininet.dll
2014-09-09 21:51 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msfeeds.dll
2014-09-09 21:51 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) D:\Windows\SysWOW64\inetcpl.cpl
2014-09-09 21:51 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-09 21:51 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) D:\Windows\system32\urlmon.dll
2014-09-09 21:51 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wininet.dll
2014-09-09 21:51 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) D:\Windows\SysWOW64\urlmon.dll
2014-09-09 21:51 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) D:\Windows\system32\ieapfltr.dll
2014-09-09 21:51 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieapfltr.dll
2014-09-09 21:50 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.dll
2014-09-09 21:50 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) D:\Windows\system32\ieframe.dll
2014-09-09 21:50 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieframe.dll
2014-09-09 21:39 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) D:\Windows\system32\msmpeg2vdec.dll
2014-09-09 21:39 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 21:35 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) D:\Windows\system32\d3d10warp.dll
2014-09-09 21:35 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) D:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 21:34 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) D:\Windows\system32\lsasrv.dll
2014-09-09 21:34 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) D:\Windows\system32\kerberos.dll
2014-09-09 21:34 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) D:\Windows\SysWOW64\kerberos.dll
2014-09-09 21:34 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) D:\Windows\SysWOW64\secur32.dll
2014-09-09 21:34 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) D:\Windows\SysWOW64\sspicli.dll
2014-09-09 21:33 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) D:\Windows\system32\TSWorkspace.dll
2014-09-09 21:33 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) D:\Windows\SysWOW64\TSWorkspace.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 08:58 - 2011-08-09 14:41 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\Azureus
2014-10-04 08:42 - 2013-03-13 21:50 - 00000830 _____ () D:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-04 08:41 - 2012-01-16 20:01 - 00001854 _____ () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-10-04 08:41 - 2011-08-09 14:41 - 00000000 ____D () D:\Program Files (x86)\Vuze
2014-10-04 08:26 - 2014-08-13 19:06 - 00000000 ____D () D:\Users\tyl2\.lantern
2014-10-04 07:51 - 2011-08-09 01:05 - 00000000 ____D () D:\ProgramData\MFAData
2014-10-04 07:48 - 2011-08-09 14:31 - 00000000 ___RD () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security
2014-10-04 07:05 - 2011-08-17 19:41 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\RSIGuard
2014-10-04 06:27 - 2011-08-08 17:18 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\vlc
2014-10-04 06:25 - 2011-08-07 23:52 - 01324515 _____ () D:\Windows\WindowsUpdate.log
2014-10-04 06:15 - 2009-07-14 00:45 - 00026352 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 06:15 - 2009-07-14 00:45 - 00026352 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 06:08 - 2011-08-11 13:48 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\Dropbox
2014-10-04 06:07 - 2013-10-23 22:29 - 00000266 _____ () D:\Windows\Tasks\AutoKMS.job
2014-10-04 06:07 - 2013-04-29 17:32 - 00053059 _____ () D:\Windows\setupact.log
2014-10-04 06:07 - 2009-07-14 01:08 - 00000006 ____H () D:\Windows\Tasks\SA.DAT
2014-10-01 22:43 - 2011-08-09 01:12 - 00000000 ____D () D:\Program Files (x86)\AVG
2014-09-29 18:09 - 2013-05-28 19:25 - 00285900 _____ () D:\Windows\PFRO.log
2014-09-29 01:57 - 2011-11-13 19:15 - 00000000 ___HD () D:\$AVG
2014-09-28 23:26 - 2012-01-02 21:29 - 00133376 _____ () D:\Users\tyl2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-25 12:41 - 2009-07-13 23:20 - 00000000 ____D () D:\Windows\rescache
2014-09-25 10:52 - 2012-01-03 23:02 - 00480040 _____ () D:\Windows\system32\FNTCACHE.DAT
2014-09-25 10:51 - 2012-04-25 18:14 - 00000000 ____D () D:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 01:32 - 2012-01-08 21:28 - 00000000 ____D () D:\Users\tyl2\Documents\Travel
2014-09-24 21:41 - 2011-08-17 17:43 - 00000000 ____D () D:\Users\tyl2\AppData\Local\Google
2014-09-24 21:39 - 2011-08-08 02:09 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\Mozilla
2014-09-24 21:37 - 2011-09-16 00:17 - 00000000 ____D () D:\Program Files (x86)\MindPoint
2014-09-24 21:36 - 2013-08-15 10:52 - 00210138 _____ () D:\Windows\DPINST.LOG
2014-09-24 21:36 - 2011-08-10 11:40 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMART Technologies
2014-09-24 01:42 - 2013-03-13 21:50 - 00003768 _____ () D:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 01:42 - 2012-03-28 20:40 - 00701104 _____ (Adobe Systems Incorporated) D:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 01:42 - 2011-08-08 17:13 - 00071344 _____ (Adobe Systems Incorporated) D:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 01:51 - 2011-09-10 20:43 - 00000000 ____D () D:\Users\tyl2\AppData\Local\Deployment
2014-09-15 22:29 - 2014-03-25 19:51 - 00001104 _____ () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-15 22:21 - 2012-03-28 23:09 - 00000000 ___SD () D:\Users\tyl2\Documents\My Data Sources
2014-09-13 17:28 - 2011-12-16 07:34 - 00385092 _____ () D:\Windows\system32\prfh0804.dat
2014-09-13 17:28 - 2011-12-16 07:34 - 00120456 _____ () D:\Windows\system32\prfc0804.dat
2014-09-13 17:28 - 2009-07-14 01:13 - 01284420 _____ () D:\Windows\system32\PerfStringBackup.INI
2014-09-13 06:58 - 2012-01-23 18:08 - 00007624 _____ () D:\Users\tyl2\AppData\Local\resmon.resmoncfg
2014-09-12 19:09 - 2011-08-09 11:47 - 00000000 ____D () D:\ProgramData\DAEMON Tools Lite
2014-09-10 02:54 - 2011-08-16 16:18 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\My Streaming Media
2014-09-10 02:09 - 2014-06-13 21:20 - 00000000 ____D () D:\Users\tyl2\AppData\Local\Adobe
2014-09-09 21:49 - 2011-08-09 11:58 - 00000000 ____D () D:\ProgramData\Microsoft Help
2014-09-09 21:47 - 2012-09-18 13:44 - 01280200 _____ () D:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-09 21:46 - 2013-08-15 11:56 - 00000000 ____D () D:\Windows\system32\MRT
2014-09-09 21:41 - 2012-04-16 20:48 - 101694776 _____ (Microsoft Corporation) D:\Windows\system32\MRT.exe

Some content of TEMP:
====================
D:\Users\tyl2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmrimcb.dll
D:\Users\tyl2\AppData\Local\Temp\i4jd1741133671231613728.exe
D:\Users\tyl2\AppData\Local\Temp\i4jdel0.exe
D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.dll
D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.exe
D:\Users\tyl2\AppData\Local\Temp\JExplorer64.2.7.1.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

D:\Windows\System32\winlogon.exe => File is digitally signed
D:\Windows\System32\wininit.exe => File is digitally signed
D:\Windows\SysWOW64\wininit.exe => File is digitally signed
D:\Windows\explorer.exe => File is digitally signed
D:\Windows\SysWOW64\explorer.exe => File is digitally signed
D:\Windows\System32\svchost.exe => File is digitally signed
D:\Windows\SysWOW64\svchost.exe => File is digitally signed
D:\Windows\System32\services.exe => File is digitally signed
D:\Windows\System32\User32.dll => File is digitally signed
D:\Windows\SysWOW64\User32.dll => File is digitally signed
D:\Windows\System32\userinit.exe => File is digitally signed
D:\Windows\SysWOW64\userinit.exe => File is digitally signed
D:\Windows\System32\rpcss.dll => File is digitally signed
D:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-29 19:23

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014 01
Ran by tyl2 at 2014-10-04 09:04:02
Running from D:\Users\tyl2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Alarm (HKLM-x32\...\Alarm_is1) (Version: 2.0.7 - Bluefive software)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.0.9.0 - SlySoft)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4176 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Belkin Wireless G Plus MIMO USB Network Adapter (HKLM-x32\...\InstallShield_{993A352A-2957-4661-A1EF-2D8F6F3C9234}) (Version: 1.00.0002 - Belkin)
Belkin Wireless G Plus MIMO USB Network Adapter (x32 Version: 1.00.0002 - Belkin) Hidden
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.0.8 - BlueJ Team)
Casino Verite Blackjack V5.6 (HKLM-x32\...\{7CBA7A5E-45BF-4500-998C-DF540FE1703A}) (Version: 5.6 - QFIT)
Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CVInstall2 (HKLM-x32\...\{25F75E24-6DD4-48F0-9734-24E1B57CF334}) (Version: 1.00.0000 - QFIT)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DataExtractor (HKCU\...\1fe74cc2101dcd69) (Version: 2.0.9.3 - Datacation)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{42CBCE27-DE9B-4094-B9EB-D4C4C135FFA8}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EaseUS Todo Backup Free 6.5 (HKLM-x32\...\EaseUS Todo Backup Free 6.5_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Eraser 6.0.8.2273 (HKLM\...\{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}) (Version: 6.0.2273 - The Eraser Project)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 4.6.3 (HKLM-x32\...\{4C8BBCC8-8363-11E2-A3F4-984BE15F174E}) (Version: 4.6.3.8096 - Evernote Corp.)
ExamView Assessment Suite (HKLM-x32\...\ExamView Pro) (Version: - )
ffdshow v1.1.3966 [2011-08-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3966.0 - )
ffdshow x64 v1.2.4422 [2012-04-09] (HKLM\...\ffdshow64_is1) (Version: 1.2.4422.0 - )
FreeFileSync 5.6 (HKLM-x32\...\FreeFileSync) (Version: 5.6 - ZenJu)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Greenfoot (HKLM-x32\...\{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}) (Version: 2.2.1 - Greenfoot Team)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HS Activity Generator (1.1.0) (HKLM-x32\...\HS Activity Generator (1.1.0)) (Version: 1.1.0 (en-US) - McDougal Littell)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java 8 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Keynote Connector (HKLM-x32\...\KeynoteConnector) (Version: - )
KeyText v2.25 (HKLM-x32\...\KeyText_is1) (Version: - MJMSoft Design)
Lantern 1.4.6 (HKLM-x32\...\3831-6452-7413-7646) (Version: 1.4.6 - Team Lantern)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.9 - Design Science, Inc.)
McDougal Littell EasyPlanner (HKLM-x32\...\McDougal Littell EasyPlanner) (Version: - )
Microsoft .NET Framework 4.5.1 (CHS) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (简体中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
MIT MathML Fonts 1.0 (HKLM-x32\...\{C6E52B1B-9905-469A-B8CD-399FDFA98873}) (Version: 1.0.0 - MIT)
Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird (3.1.10) (HKLM-x32\...\Mozilla Thunderbird (3.1.10)) (Version: 3.1.10 (en-US) - Mozilla)
MozyHome (HKLM\...\{77A631E9-F5DB-6510-ABCC-3A744ABB77B2}) (Version: 2.22.0.313 - Mozy, Inc.)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NoteTab Light 7 (Remove only) (HKLM-x32\...\NoteTab Light 7_is1) (Version: 7.1 - Fookes Holding Ltd)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - )
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Replay Media Catcher 4 (4.3.2) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.3.2 - Applian Technologies)
RSIGuard Stretch Edition (HKLM-x32\...\{8B9AE68B-8A0D-4963-B452-A07B293A71F0}) (Version: 4.0.34b - Remedy Interactive)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Sketchpad (HKLM-x32\...\Sketchpad) (Version: - Key Curriculum Press)
SMART Common Files (HKLM-x32\...\{26A95DBF-A866-4838-A8C9-FA219FCBD22E}) (Version: 11.5.159.0 - SMART Technologies ULC)
SMART Notebook (HKLM-x32\...\{79660EE7-9C0B-4962-B566-2693FE34719D}) (Version: 11.4.564.0 - SMART Technologies ULC)
Speccy (HKLM\...\Speccy) (Version: 1.12 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SRWare Iron version SRWare Iron 37.2000.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 37.2000.0 - SRWare)
Switch Off (HKLM-x32\...\SwitchOff) (Version: 2.3 - YaSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TestGen (HKLM-x32\...\TestGen) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1953 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wnyiper (x32 Version: 013.000.1366 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{AC36E3B7-5095-43B9-9A74-928420F88714}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebConnect ComObj WCCOM1.22 (HKLM-x32\...\WebConnect ComObj_is1) (Version: - OpenConnect Systems) <==== ATTENTION
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinHTTrack Website Copier 3.48-3 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.3 - HTTrack)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> D:\Users\tyl2\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> D:\Users\tyl2\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

29-09-2014 05:50:38 Installed AVG 2015
29-09-2014 05:52:43 Installed AVG 2015
01-10-2014 00:46:14 Windows Update
04-10-2014 12:17:22 Device Driver Package Install: TAP Provider V9 for Private Tunnel Network adapters
04-10-2014 12:37:44 Device Driver Package Install: TAP-Windows Provider V9 Network adapters

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2012-07-12 22:40 - 00000869 ____A D:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.applian.securesites.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {5BCFD782-BDC5-4845-8443-60835659E694} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => D:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {750599BD-0757-44F8-BBA7-693978A9CCC6} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {7E151230-2EFC-4077-952A-EE1487D47881} - System32\Tasks\Adobe Flash Player Updater => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {EC87E332-D7C3-48CB-BA13-B714667DA2EF} - System32\Tasks\GarminUpdaterTask => D:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: D:\Windows\Tasks\Adobe Flash Player Updater.job => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-08-11 21:40 - 2008-06-04 02:53 - 00027648 _____ () D:\Windows\System32\spd__l.dll
2011-08-11 22:08 - 2007-01-03 12:03 - 00022016 _____ () D:\Windows\System32\sugo3l6.dll
2011-10-07 05:39 - 2011-10-07 05:39 - 01304856 _____ () D:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2014-08-13 19:05 - 2014-08-12 12:07 - 00236568 _____ () D:\Users\tyl2\AppData\Roaming\Lantern\Lantern.exe
2011-08-01 21:25 - 2011-08-01 21:25 - 08902144 _____ () D:\Program Files (x86)\RSIGuard\RSIGuard.exe
2011-08-09 12:59 - 2011-05-28 22:05 - 00164864 _____ () D:\Program Files\WinRAR\rarext.dll
2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () D:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-08-13 19:05 - 2014-08-12 12:07 - 04908544 _____ () D:\Users\tyl2\AppData\Roaming\Lantern\pt\flashlight\flashlight.exe
2011-08-09 12:59 - 2011-05-28 22:03 - 01163264 _____ () D:\Program Files\WinRAR\WinRAR.exe
2014-04-27 08:06 - 2013-09-04 11:19 - 00098888 _____ () D:\Program Files (x86)\EaseUS Backup\bin\CodeLog.dll
2014-04-27 08:06 - 2013-11-14 14:59 - 00031304 _____ () D:\Program Files (x86)\EaseUS Backup\bin\CheckTool.dll
2014-04-27 08:06 - 2008-11-25 17:18 - 01291264 _____ () D:\Program Files (x86)\EaseUS Backup\bin\libxml2.dll
2014-04-27 08:06 - 2004-10-05 03:08 - 00055808 _____ () D:\Program Files (x86)\EaseUS Backup\bin\zlib1.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00029768 _____ () D:\Program Files (x86)\EaseUS Backup\bin\CompressFile.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00050248 _____ () D:\Program Files (x86)\EaseUS Backup\bin\TBGetRemoteNetInfo.dll
2014-04-27 08:06 - 2014-01-13 18:06 - 00105544 _____ () D:\Program Files (x86)\EaseUS Backup\bin\ActivationOnline.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00030280 _____ () D:\Program Files (x86)\EaseUS Backup\bin\DiskSearchImg.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00293960 _____ () D:\Program Files (x86)\EaseUS Backup\bin\ExchBackupSize.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00578632 _____ () D:\Program Files (x86)\EaseUS Backup\bin\ExImage.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00468040 _____ () D:\Program Files (x86)\EaseUS Backup\bin\ExchBackupSizeEx.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00192072 _____ () D:\Program Files (x86)\EaseUS Backup\bin\EmailBackupSize.dll
2014-04-27 08:06 - 2013-12-23 11:01 - 00281672 _____ () D:\Program Files (x86)\EaseUS Backup\bin\AndroidImage.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00068680 _____ () D:\Program Files (x86)\EaseUS Backup\bin\EnumTapeDevice.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00069192 _____ () D:\Program Files (x86)\EaseUS Backup\bin\TbTapeBrowse.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00022600 _____ () D:\Program Files (x86)\EaseUS Backup\bin\AccountManager.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00115784 _____ () D:\Program Files (x86)\EaseUS Backup\bin\NasOperator.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00192584 _____ () D:\Program Files (x86)\EaseUS Backup\bin\EmailBrowser.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00135752 _____ () D:\Program Files (x86)\EaseUS Backup\bin\CloudOperator.dll
2014-04-27 08:06 - 2013-10-22 17:31 - 00037960 _____ () D:\Program Files (x86)\EaseUS Backup\bin\ActiveOnline.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00135240 _____ () D:\Program Files (x86)\EaseUS Backup\bin\VMConfig.dll
2014-04-27 08:06 - 2013-12-24 17:42 - 00017992 _____ () D:\Program Files (x86)\EaseUS Backup\bin\AndroidDeviceManager.dll
2014-04-27 08:06 - 2013-09-04 11:19 - 00096840 _____ () D:\Program Files (x86)\EaseUS Backup\bin\TBFireWall.dll
2014-10-04 06:07 - 2014-10-04 06:07 - 00057344 ____N () D:\Users\tyl2\AppData\Local\Temp\1412417261280-0\jdpapi.dll
2014-08-13 19:06 - 2014-10-04 06:07 - 00009216 _____ () D:\Users\tyl2\.lantern\winproxy4j.dll
2014-08-13 19:06 - 2014-08-13 19:06 - 00202096 _____ () D:\Users\tyl2\.jnaerator\extractedLibraries\jninatpmp.dll
2014-08-13 19:07 - 2014-08-12 12:07 - 00108544 _____ () D:\Users\tyl2\.littleshoot\lib\x86-Windows-gpp\jni\libgcc_s_sjlj-1.dll
2014-08-13 19:07 - 2014-08-12 12:07 - 00863744 _____ () D:\Users\tyl2\.littleshoot\lib\x86-Windows-gpp\jni\libstdc++-6.dll
2014-08-13 19:07 - 2014-08-12 12:07 - 00507393 _____ () D:\Users\tyl2\.littleshoot\lib\x86-Windows-gpp\jni\barchart-udt-core-2.3.0-SNAPSHOT.dll
2011-01-07 15:49 - 2011-01-07 15:49 - 00077320 _____ () D:\Program Files (x86)\RSIGuard\RSIWatch.dll
2011-08-08 18:05 - 2004-05-19 02:25 - 00049152 _____ () D:\Program Files (x86)\KeyText\keytext2.dll
2011-08-08 18:05 - 2004-05-19 02:25 - 00049152 _____ () D:\Program Files (x86)\KeyText\keytext.dll
2014-10-04 06:08 - 2014-10-04 06:08 - 00043008 _____ () d:\users\tyl2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmrimcb.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () D:\Users\tyl2\AppData\Roaming\Dropbox\bin\libcef.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00433664 _____ () D:\Program Files (x86)\Evernote\libxml2.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00315392 _____ () D:\Program Files (x86)\Evernote\libtidy.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: mozybackup => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SMARTHelperService => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupfolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk => D:\Windows\pss\MozyHome Status.lnk.CommonStartup
MSCONFIG\startupreg: EaseUs TB Tray Agent => "D:\Program Files (x86)\TrayPopup\TrayTipAgent.exe"
MSCONFIG\startupreg: EaseUs Tray => "D:\Program Files (x86)\EaseUS Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: EaseUs Watch => "D:\Program Files (x86)\EaseUS Backup\bin\EuWatch.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: sbsdk-server => "D:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"
MSCONFIG\startupreg: SMART Board Service => "D:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -d
MSCONFIG\startupreg: SMART Board Tools => "D:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe"
MSCONFIG\startupreg: SMART Floating Tools => "D:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe"
MSCONFIG\startupreg: SMART Ink => "D:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe" -a
MSCONFIG\startupreg: SMART Tray Tools => "D:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe"
MSCONFIG\startupreg: SMARTNotification => "D:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2357674054-3202477373-2837072881-500 - Administrator - Disabled)
Guest (S-1-5-21-2357674054-3202477373-2837072881-501 - Limited - Enabled) => D:\Users\Guest
HomeGroupUser$ (S-1-5-21-2357674054-3202477373-2837072881-1009 - Limited - Enabled)
tyl2 (S-1-5-21-2357674054-3202477373-2837072881-1000 - Administrator - Enabled) => D:\Users\tyl2

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2014 08:36:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: JExplorer32.2.7.1.exe, version: 2.2.0.0, time stamp: 0x516e9748
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000332b0
Faulting process id: 0x22d8
Faulting application start time: 0xJExplorer32.2.7.1.exe0
Faulting application path: JExplorer32.2.7.1.exe1
Faulting module path: JExplorer32.2.7.1.exe2
Report Id: JExplorer32.2.7.1.exe3

Error: (10/04/2014 08:28:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OpenVPN23.exe version 2.3.9.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e6c

Start Time: 01cfdfcd067285ab

Termination Time: 0

Application Path: C:\Storage\OpenVPN23.exe

Report Id: 8564267e-4bc0-11e4-a07a-001d09a11ec2

Error: (10/04/2014 08:27:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: JExplorer32.2.7.1.exe, version: 2.2.0.0, time stamp: 0x516e9748
Faulting module name: mshtml.dll, version: 11.0.9600.17280, time stamp: 0x53f27d67
Exception code: 0xc0000602
Fault offset: 0x006e9afb
Faulting process id: 0x2010
Faulting application start time: 0xJExplorer32.2.7.1.exe0
Faulting application path: JExplorer32.2.7.1.exe1
Faulting module path: JExplorer32.2.7.1.exe2
Report Id: JExplorer32.2.7.1.exe3

Error: (10/04/2014 08:21:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: JExplorer32.2.7.1.exe, version: 2.2.0.0, time stamp: 0x516e9748
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000332cd
Faulting process id: 0x1d78
Faulting application start time: 0xJExplorer32.2.7.1.exe0
Faulting application path: JExplorer32.2.7.1.exe1
Faulting module path: JExplorer32.2.7.1.exe2
Report Id: JExplorer32.2.7.1.exe3

Error: (10/04/2014 07:10:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: aeinv.dll, version: 6.1.7601.18467, time stamp: 0x536c719a
Exception code: 0xc0000005
Fault offset: 0x0000000000032501
Faulting process id: 0x1614
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3

Error: (10/04/2014 07:10:38 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (10/04/2014 06:08:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 07:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 01:27:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: aeinv.dll, version: 6.1.7601.18467, time stamp: 0x536c719a
Exception code: 0xc0000005
Fault offset: 0x0000000000032501
Faulting process id: 0x7d4
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3

Error: (10/02/2014 01:27:11 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (10/04/2014 06:07:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (10/04/2014 06:07:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (10/04/2014 06:07:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:03:06 AM on ‎10/‎3/‎2014 was unexpected.

Error: (10/02/2014 07:16:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (10/02/2014 07:10:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (10/02/2014 07:10:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (10/02/2014 07:10:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (10/02/2014 07:10:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (10/02/2014 07:10:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:46:17 AM on ‎10/‎2/‎2014 was unexpected.

Error: (10/01/2014 10:35:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (10/04/2014 08:36:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: JExplorer32.2.7.1.exe2.2.0.0516e9748ntdll.dll6.1.7601.18247521ea8e7c0000005000332b022d801cfdfce8ce2ae44D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.exeD:\Windows\SysWOW64\ntdll.dll14f91db6-4bc3-11e4-a07a-001d09a11ec2

Error: (10/04/2014 08:28:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OpenVPN23.exe2.3.9.31e6c01cfdfcd067285ab0C:\Storage\OpenVPN23.exe8564267e-4bc0-11e4-a07a-001d09a11ec2

Error: (10/04/2014 08:27:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: JExplorer32.2.7.1.exe2.2.0.0516e9748mshtml.dll11.0.9600.1728053f27d67c0000602006e9afb201001cfdfce49d0d07cD:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.exeD:\Windows\SysWOW64\mshtml.dllbea9e9e6-4bc1-11e4-a07a-001d09a11ec2

Error: (10/04/2014 08:21:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: JExplorer32.2.7.1.exe2.2.0.0516e9748ntdll.dll6.1.7601.18247521ea8e7c0000005000332cd1d7801cfdfcd9acf83ecD:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.exeD:\Windows\SysWOW64\ntdll.dllf2a54785-4bc0-11e4-a07a-001d09a11ec2

Error: (10/04/2014 07:10:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.1.7600.163854a5bc9e0aeinv.dll6.1.7601.18467536c719ac00000050000000000032501161401cfdfc301ab67adD:\Windows\system32\rundll32.exeD:\Windows\system32\aeinv.dll1a2690a6-4bb7-11e4-a07a-001d09a11ec2

Error: (10/04/2014 07:10:38 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*d:\program files (x86)\SpybotSD\DelZip179.dlld:\program files (x86)\SpybotSD\DelZip179.dll8

Error: (10/04/2014 06:08:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 07:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 01:27:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.1.7600.163854a5bc9e0aeinv.dll6.1.7601.18467536c719ac000000500000000000325017d401cfde00c7d42544D:\Windows\system32\rundll32.exeD:\Windows\system32\aeinv.dllce0025db-49f4-11e4-a077-001d09a11ec2

Error: (10/02/2014 01:27:11 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*d:\program files (x86)\SpybotSD\DelZip179.dlld:\program files (x86)\SpybotSD\DelZip179.dll8


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8300 @ 2.83GHz
Percentage of memory in use: 58%
Total physical RAM: 2046.18 MB
Available physical RAM: 857.54 MB
Total Pagefile: 5115.18 MB
Available Pagefile: 2927.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:534.62 GB) (Free:112.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (7U) (Fixed) (Total:396.84 GB) (Free:136.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=534.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=396.8 GB) - (Type=OF Extended)

==================== End Of Log ============================

Juliet
2014-10-05, 19:45
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CloseProcesses:
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [syshost32] => D:\Users\tyl2\AppData\Local\{1531A5D7-B4F4-5F38-B350-CDF2931D4AB6}\syshost.exe
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [ROC_ROC_APR2013_AV] => D:\Users\tyl2\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 6774ac5ff45f47d1a6cdd1544f45f731-e5ea4db2b6b3f03f7240b4b0f42b1f3c0e56ac5d --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters).
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\MountPoints2: {d39c8ede-05c4-11e3-8c27-dde1fa99cd3b} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\MountPoints2: {d97562d3-22bf-11e3-be4f-a9f332b18c39} - F:\HTC_Sync_Manager_PC.exe
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> D:\Program Files (x86)\HotspotShield\HssIE\HssIE_64.dll (AnchorFree Inc.)
BHO-x32: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> D:\Program Files (x86)\HotspotShield\HssIE\HssIE.dll (AnchorFree Inc.)
D:\Users\tyl2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmrimcb.dll
D:\Users\tyl2\AppData\Local\Temp\i4jd1741133671231613728.exe
D:\Users\tyl2\AppData\Local\Temp\i4jdel0.exe
D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.dll
D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.exe
D:\Users\tyl2\AppData\Local\Temp\JExplorer64.2.7.1.dll
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.




Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~~~~~~~~~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

ZNoEvil
2014-10-07, 06:40
FRST64 crashed after I tried the fix. The following are 3 error logs

from Windows Event Viewer before I ran the tool again, which crashed

again. These logs are followed by the others you requested.

Faulting application name: FRST64.exe, version: 6.10.2014.1, time

stamp: 0x5432d273
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp:

0x521eaf24
Exception code: 0xc00000fd
Fault offset: 0x000000000005626a
Faulting process id: 0x1158
Faulting application start time: 0x01cfe1d7672bff23
Faulting application path: D:\Users\tyl2\Desktop\FRST64.exe
Faulting module path: D:\Windows\SYSTEM32\ntdll.dll
Report Id: f1cd76eb-4dca-11e4-bfb6-001d09a11ec2

Activation context generation failed for "d:\program files

(x86)\SpybotSD\DelZip179.dll".Error in manifest or policy file "d:

\program files (x86)\SpybotSD\DelZip179.dll" on line 8. The value "*"

of attribute "language" in element "assemblyIdentity" is invalid.

Faulting application name: rundll32.exe_aepdu.dll, version:

6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: aeinv.dll, version: 6.1.7601.18467, time stamp:

0x536c719a
Exception code: 0xc0000005
Fault offset: 0x0000000000032501
Faulting process id: 0xed0
Faulting application start time: 0x01cfe1d9ea8bdcbd
Faulting application path: D:\Windows\system32\rundll32.exe
Faulting module path: D:\Windows\system32\aeinv.dll
Report Id: 7bfd34a2-4dcd-11e4-bfb6-001d09a11ec2


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64)

Version: 06-10-2014 01
Ran by tyl2 at 2014-10-06 23:03:33 Run:2
Running from D:\Users\tyl2\Desktop
Loaded Profile: tyl2 (Available profiles: tyl2 & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [syshost32]

=> D:\Users\tyl2\AppData\Local\{1531A5D7-B4F4-5F38-B350-

CDF2931D4AB6}\syshost.exe
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run:

[ROC_ROC_APR2013_AV] => D:\Users\tyl2\AppData\Roaming\AVG April 2013

Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid

6774ac5ff45f47d1a6cdd1544f45f731-

e5ea4db2b6b3f03f7240b4b0f42b1f3c0e56ac5d --CMPID ROC_APR2013_AV --CMPI

(the data entry has 11 more characters).
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\MountPoints2:

{d39c8ede-05c4-11e3-8c27-dde1fa99cd3b} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\MountPoints2:

{d97562d3-22bf-11e3-be4f-a9f332b18c39} - F:\HTC_Sync_Manager_PC.exe
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->

D:\Program Files (x86)\HotspotShield\HssIE\HssIE_64.dll (AnchorFree

Inc.)
BHO-x32: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

-> D:\Program Files (x86)\HotspotShield\HssIE\HssIE.dll (AnchorFree

Inc.)
D:\Users\tyl2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-

5766-8f84-3e3e7ecf0d81}.tmpmrimcb.dll
D:\Users\tyl2\AppData\Local\Temp\i4jd1741133671231613728.exe
D:\Users\tyl2\AppData\Local\Temp\i4jdel0.exe
D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.dll
D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.exe
D:\Users\tyl2\AppData\Local\Temp\JExplorer64.2.7.1.dll
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\Software\Microsoft

\Windows\CurrentVersion\Run\\syshost32 => Value not found.
HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\Software\Microsoft

\Windows\CurrentVersion\Run\\ROC_ROC_APR2013_AV => Value not found.
"HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\SOFTWARE\Microsoft

\Windows\CurrentVersion\Explorer\MountPoints2\{d39c8ede-05c4-11e3-8c27

-dde1fa99cd3b}" => Key not found.
"HKCR\CLSID\{d39c8ede-05c4-11e3-8c27-dde1fa99cd3b}" => Key not found.
"HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\SOFTWARE\Microsoft

\Windows\CurrentVersion\Explorer\MountPoints2\{d97562d3-22bf-11e3-

be4f-a9f332b18c39}" => Key not found.
"HKCR\CLSID\{d97562d3-22bf-11e3-be4f-a9f332b18c39}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key not found.
"HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer

\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key

not found.
"HKCR\Wow6432Node\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key

not found.
"D:\Users\tyl2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-

5766-8f84-3e3e7ecf0d81}.tmpmrimcb.dll" => File/Directory not found.
"D:\Users\tyl2\AppData\Local\Temp\i4jd1741133671231613728.exe" =>

File/Directory not found.
"D:\Users\tyl2\AppData\Local\Temp\i4jdel0.exe" => File/Directory not

found.
"D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.dll" =>

File/Directory not found.
"D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.exe" =>

File/Directory not found.
"D:\Users\tyl2\AppData\Local\Temp\JExplorer64.2.7.1.dll" =>

File/Directory not found.
D:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

|
|
|
|
|

# AdwCleaner v3.311 - Report created 06/10/2014 at 23:12:23
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : tyl2 - IMAGINENOHELL
# Running from : D:\Users\tyl2\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : D:\Users\tyl2\AppData\Roaming\pdfforge

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\HssIE.HssIEApp
Key Deleted : HKLM\SOFTWARE\Classes\HssIE.HssIEApp.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Key Deleted : HKCU\Software\5f07c05bbc68b302
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-

740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats

\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext

\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\hotspotshield
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 en-GB)

[ File : D:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles

\60dp6257.Guest\prefs.js ]


[ File : D:\Users\tyl2\AppData\Roaming\Mozilla\Firefox\Profiles

\7b5snte1.TYL2\prefs.js ]


*************************

AdwCleaner[R0].txt - [2432 octets] - [06/10/2014 23:08:11]
AdwCleaner[S0].txt - [2156 octets] - [06/10/2014 23:12:23]

########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [2216 octets]

##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by tyl2 on Mon 10/06/2014 at 23:25:43.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] D:\Users\tyl2\appdata\local

\{1531A5D7-B4F4-5F38-B350-CDF2931D4AB6}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/06/2014 at 23:28:13.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2014-10-07, 13:58
I have no idea why the tools crashed but I need to ask a question.
When you saved the fixlist.txt, did you use notepad?, reason is, it appears that word wrap might have been enabled?

Let's try a couple things.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


~~~~~~~~~~~~~~~~~~~~~

Also please download Windows Repair (all in one) from here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)

http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/step-4-tab.jpg
Install the program then go to step 4 and create a new system restore point and new registry backup.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
http://i1.ifrm.com/228/109/upload/p22001645.gif



NEXT
On the the Start Repairs tab => Click the Start
http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/start-repairs-tab.jpg


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
http://i1.ifrm.com/228/109/upload/p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.

After doing the above please post back and tell me what the computer is doing now.

ZNoEvil
2014-10-08, 07:40
I have no idea why the tools crashed but I need to ask a question.
When you saved the fixlist.txt, did you use notepad?, reason is, it appears that word wrap might have been enabled?

Yes, I used Notepad and Word Wrap was enabled. But FRST still crashed after I disabled Word Wrap.


Please download and run the following tool to help allow other programs to run.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)


Not really sure what I do after. rkill stopped AVG and other programs, but afterwards I still couldn't run FRST.


Also please download Windows Repair (all in one) from here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)

No issues found.


On the the Start Repairs tab
Click on box next to the Restart System when Finished. Then click on Start.

After doing the above please post back and tell me what the computer is doing now.


What do you mean by "what the computer is doing"? Malabytes didn't find anything, the computer restarted.

Juliet
2014-10-08, 14:15
Is AVG still alerting you it's finding more infections?

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.


*************************************

ZNoEvil
2014-10-09, 13:25
Is AVG still alerting you it's finding more infections?

No, but I've largely avoided this computer since the infection, so I'm not sure if that means much.

C:\$RECYCLE.BIN\S-1-5-21-2357674054-3202477373-2837072881-1000\$RDYKNOK.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield potentially unwanted application
C:\Program Files\Vuze\.install4j\i4j_extf_11_5p83tu.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Program Files\Vuze\.install4j\i4j_extf_4_5p83tu.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Storage\ac3filter26a_full.exe Win32/OpenCandy potentially unsafe application
C:\Storage\CCleaner413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Storage\DaemonToolsLite449.exe Win32/DownWare.L potentially unwanted application
C:\Storage\EaseUsTodoBackup7.exe a variant of Win32/TFTPD32.A potentially unsafe application
C:\Storage\FormatFactory230.zip a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
C:\Storage\FreeFileSync514.exe Win32/OpenCandy potentially unsafe application
C:\Storage\GetFLV88.rar a variant of Win32/HackTool.Patcher.T potentially unsafe application
C:\Storage\GmailNotifier1087.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Storage\HotspotShield270.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Storage\Nero94123Free.exe Win32/Toolbar.AskSBar potentially unwanted application
C:\Storage\PandoraRecovery211.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Storage\pdfcreator173.exe Win32/InstallMonetizer.AQ potentially unwanted application
C:\Storage\Recuva145.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Storage\SopCast383.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Storage\SopCast383.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Storage\Speccy118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\System Volume Information\_restore{F989767A-F049-4785-A079-FBDE7E3DEEC8}\RP11\A0041352.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted application
C:\System Volume Information\_restore{F989767A-F049-4785-A079-FBDE7E3DEEC8}\RP32\A0061062.exe a variant of Win32/HotSpotShield potentially unwanted application
C:\System Volume Information\_restore{F989767A-F049-4785-A079-FBDE7E3DEEC8}\RP33\A0062664.exe a variant of Win32/HotSpotShield potentially unwanted application
C:\System Volume Information\_restore{F989767A-F049-4785-A079-FBDE7E3DEEC8}\RP8\A0009048.exe Win32/OpenCandy potentially unsafe application
D:\Program Files (x86)\EaseUS Backup\bin\PxeServer.dll a variant of Win32/TFTPD32.A potentially unsafe application
D:\Program Files (x86)\EaseUS Backup\BUILDPE\EaseUS\tb\bin\PxeServer.dll a variant of Win32/TFTPD32.A potentially unsafe application
D:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe Win32/Somoto.F potentially unwanted application
D:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll a variant of Win32/Bunndle potentially unsafe application
D:\Users\tyl2\AppData\Roaming\Lantern\upnpc.exe a variant of Win32/MiniUPnP.C potentially unsafe application

Juliet
2014-10-09, 15:09
When downloading applications to your computer it's best practice to chose custom install. Mostly, when doing this, you can opt out of the extra's that install sideline spyware/malware.

Since FRST seems to be crashing, we can try a different tool.

Download OTM by OldTimer Here (http://oldtimer.geekstogo.com/OTM.exe) & save it to your desktop.
Double click on OTM.exe to run it
Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error


:Files
C:\$RECYCLE.BIN\S-1-5-21-2357674054-3202477373-2837072881-1000\$RDYKNOK.exe
C:\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Vuze\.install4j\i4j_extf_11_5p83tu.exe
C:\Program Files\Vuze\.install4j\i4j_extf_4_5p83tu.exe
C:\Storage\ac3filter26a_full.exe
C:\Storage\CCleaner413.exe
C:\Storage\DaemonToolsLite449.exe
C:\Storage\EaseUsTodoBackup7.exe
C:\Storage\FormatFactory230.zip
C:\Storage\FreeFileSync514.exe
C:\Storage\GetFLV88.rar
C:\Storage\GmailNotifier1087.exe
C:\Storage\HotspotShield270.exe
C:\Storage\Nero94123Free.exe
C:\Storage\PandoraRecovery211.exe
C:\Storage\pdfcreator173.exe
C:\Storage\Recuva145.exe
C:\Storage\SopCast383.exe
C:\Storage\SopCast383.zip
C:\Storage\Speccy118.exe
D:\Program Files (x86)\EaseUS Backup\bin\PxeServer.dll
D:\Program Files (x86)\EaseUS Backup\BUILDPE\EaseUS\tb\bin\PxeServer.dll
D:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe
D:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll
D:\Users\tyl2\AppData\Roaming\Lantern\upnpc.exe
:Commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
Click on MoveIt!
When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

ZNoEvil
2014-10-10, 03:34
All processes killed
========== FILES ==========
C:\$RECYCLE.BIN\S-1-5-21-2357674054-3202477373-2837072881-1000\$RDYKNOK.exe moved successfully.
C:\Hotspot Shield\bin\openvpnas.exe moved successfully.
C:\Program Files\Vuze\.install4j\i4j_extf_11_5p83tu.exe moved successfully.
C:\Program Files\Vuze\.install4j\i4j_extf_4_5p83tu.exe moved successfully.
C:\Storage\ac3filter26a_full.exe moved successfully.
C:\Storage\EaseUsTodoBackup7.exe moved successfully.
C:\Storage\FormatFactory230.zip moved successfully.
C:\Storage\FreeFileSync514.exe moved successfully.
C:\Storage\GetFLV88.rar moved successfully.
C:\Storage\GmailNotifier1087.exe moved successfully.
C:\Storage\HotspotShield270.exe moved successfully.
C:\Storage\Nero94123Free.exe moved successfully.
C:\Storage\PandoraRecovery211.exe moved successfully.
C:\Storage\SopCast383.exe moved successfully.
C:\Storage\SopCast383.zip moved successfully.
C:\Storage\Speccy118.exe moved successfully.
DllUnregisterServer procedure not found in D:\Program Files (x86)\EaseUS Backup\bin\PxeServer.dll
D:\Program Files (x86)\EaseUS Backup\bin\PxeServer.dll moved successfully.
DllUnregisterServer procedure not found in D:\Program Files (x86)\EaseUS Backup\BUILDPE\EaseUS\tb\bin\PxeServer.dll
D:\Program Files (x86)\EaseUS Backup\BUILDPE\EaseUS\tb\bin\PxeServer.dll moved successfully.
File/Folder D:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe not found.
File/Folder D:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll not found.
D:\Users\tyl2\AppData\Roaming\Lantern\upnpc.exe moved successfully.
========== COMMANDS ==========
D:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 314414 bytes
->Temporary Internet Files folder emptied: 77840274 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 252164614 bytes
->Flash cache emptied: 6180 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: tyl2
->Temp folder emptied: 237200 bytes
->Temporary Internet Files folder emptied: 251757 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 369433237 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25669610 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 2548299863 bytes

Total Files Cleaned = 3,123.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Public

User: tyl2
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 10092014_092147

Files moved on Reboot...
D:\Users\tyl2\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. D:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Juliet
2014-10-10, 12:44
Looks good.

How is your computer now?
Is it working as it should and returned to normal?

ZNoEvil
2014-10-11, 01:42
How is your computer now?
Is it working as it should and returned to normal?

It's a lot more snappier. Is there another tool that I can run to just double-check?

Thanks so much.

Juliet
2014-10-11, 04:29
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)



On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes


***************************************

ZNoEvil
2014-10-13, 19:09
Nothing found of significance. I was careful unchecking every box during installations but the "program" itself didn't even bother putting up a user interface. That was the problem.

Thanks again.

Juliet
2014-10-14, 00:31
I'm thinking the malware is gone.

How's the computer?

ZNoEvil
2014-10-16, 04:24
Every browser lags, but that was the case before the infection. I just don't have the time to do a clean reinstall, but it's needed. I'm hoping for a great sale on a computer this holiday season so I don't have to do it.

Cheers.

Juliet
2014-10-16, 12:51
First thought is the AVG Antivirus running in the background is causing this.

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/306529-emergency-backup-procedure.html)

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

Place ComboFix.exe on your Desktop <--Important

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...