Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hapilli trojan??


  • This topic is locked This topic is locked
5 replies to this topic

#1 larrythehandyman

larrythehandyman

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 07 February 2014 - 01:01 AM

Hello everyone

 

Im new to this forum and think i may have the Hapilli virus.  I use google chrome as my browser and am constantly getting redirected to random sites instead of my intended one. also i keep getting these adds pop up all over, sometimes multiple on a single screen. This is very annoying and was curious on how to go about ridding my computer of this nuisance.  Im running windows 7 with AVG free edition . i have ran malware anti-malware, hijackthis and AVG but to no avail...

here is my Mbam log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.02.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Larry :: LARRY-HP [administrator]
 
2/6/2014 9:43:26 PM
mbam-log-2014-02-06 (21-43-26).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235626
Time elapsed: 4 minute(s), 15 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
AND MY COMBOFIX LOG
 
ComboFix 14-02-05.02 - Larry 02/06/2014  21:09:13.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8087.5729 [GMT -8:00]
Running from: c:\users\Larry\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\TEMP
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-07 to 2014-02-07  )))))))))))))))))))))))))))))))
.
.
2014-01-29 05:03 . 2014-01-29 05:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-29 05:03 . 2014-01-29 05:03 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 03:14 . 2012-02-17 23:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-06 03:14 . 2012-02-17 23:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-23 02:26 . 2013-12-23 02:27 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-19 11:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-15 08:59 . 2013-11-15 08:59 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-15 08:59 . 2013-11-15 08:59 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-15 08:59 . 2013-11-15 08:59 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-15 08:59 . 2013-11-15 08:59 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-15 08:59 . 2013-11-15 08:59 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-15 08:59 . 2013-11-15 08:59 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-15 08:59 . 2013-11-15 08:59 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-15 08:59 . 2013-11-15 08:59 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-15 08:59 . 2013-11-15 08:59 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-11-15 08:59 . 2013-11-15 08:59 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-15 08:59 . 2013-11-15 08:59 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-15 08:59 . 2013-11-15 08:59 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-15 08:59 . 2013-11-15 08:59 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-11-15 08:59 . 2013-11-15 08:59 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-15 08:59 . 2013-11-15 08:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-15 08:59 . 2013-11-15 08:59 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-15 08:59 . 2013-11-15 08:59 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-15 08:59 . 2013-11-15 08:59 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-15 08:59 . 2013-11-15 08:59 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-15 08:59 . 2013-11-15 08:59 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-15 08:59 . 2013-11-15 08:59 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-15 08:59 . 2013-11-15 08:59 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-15 08:59 . 2013-11-15 08:59 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-15 08:59 . 2013-11-15 08:59 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-15 08:59 . 2013-11-15 08:59 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-15 08:59 . 2013-11-15 08:59 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-15 08:59 . 2013-11-15 08:59 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-15 08:59 . 2013-11-15 08:59 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-15 08:59 . 2013-11-15 08:59 855552 ----a-w- c:\windows\system32\jscript.dll
2013-11-15 08:59 . 2013-11-15 08:59 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-15 08:59 . 2013-11-15 08:59 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-15 08:59 . 2013-11-15 08:59 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-15 08:59 . 2013-11-15 08:59 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-11-15 08:59 . 2013-11-15 08:59 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-15 08:59 . 2013-11-15 08:59 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-15 08:59 . 2013-11-15 08:59 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-11-15 08:59 . 2013-11-15 08:59 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-15 08:59 . 2013-11-15 08:59 526336 ----a-w- c:\windows\system32\ieui.dll
2013-11-15 08:59 . 2013-11-15 08:59 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-15 08:59 . 2013-11-15 08:59 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-15 08:59 . 2013-11-15 08:59 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-11-15 08:59 . 2013-11-15 08:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-15 08:59 . 2013-11-15 08:59 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-15 08:59 . 2013-11-15 08:59 441856 ----a-w- c:\windows\system32\html.iec
2013-11-15 08:59 . 2013-11-15 08:59 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-11-15 08:59 . 2013-11-15 08:59 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-11-15 08:59 . 2013-11-15 08:59 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-15 08:59 . 2013-11-15 08:59 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-15 08:59 . 2013-11-15 08:59 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-15 08:59 . 2013-11-15 08:59 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-15 08:59 . 2013-11-15 08:59 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-11-15 08:59 . 2013-11-15 08:59 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-11-15 08:59 . 2013-11-15 08:59 235008 ----a-w- c:\windows\system32\url.dll
2013-11-15 08:59 . 2013-11-15 08:59 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-11-15 08:59 . 2013-11-15 08:59 216064 ----a-w- c:\windows\system32\msls31.dll
2013-11-15 08:59 . 2013-11-15 08:59 197120 ----a-w- c:\windows\system32\msrating.dll
2013-11-15 08:59 . 2013-11-15 08:59 19269632 ----a-w- c:\windows\system32\mshtml.dll
2013-11-15 08:59 . 2013-11-15 08:59 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-15 08:59 . 2013-11-15 08:59 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-15 08:59 . 2013-11-15 08:59 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-11-15 08:59 . 2013-11-15 08:59 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-15 08:59 . 2013-11-15 08:59 149504 ----a-w- c:\windows\system32\occache.dll
2013-11-15 08:59 . 2013-11-15 08:59 144896 ----a-w- c:\windows\system32\wextract.exe
2013-11-15 08:59 . 2013-11-15 08:59 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-15 08:59 . 2013-11-15 08:59 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-15 08:59 . 2013-11-15 08:59 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-15 08:59 . 2013-11-15 08:59 1364992 ----a-w- c:\windows\system32\urlmon.dll
2013-11-15 08:59 . 2013-11-15 08:59 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-11-15 08:59 . 2013-11-15 08:59 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-15 08:59 . 2013-11-15 08:59 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-15 08:59 . 2013-11-15 08:59 102912 ----a-w- c:\windows\system32\inseng.dll
2013-11-15 08:57 . 2013-11-15 08:57 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-15 08:57 . 2013-11-15 08:57 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-11-15 08:57 . 2013-11-15 08:57 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-11-15 08:57 . 2013-11-15 08:57 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-11-15 08:57 . 2013-11-15 08:57 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-11-15 08:57 . 2013-11-15 08:57 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-15 08:57 . 2013-11-15 08:57 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-15 08:57 . 2013-11-15 08:57 3928064 ----a-w- c:\windows\system32\d2d1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-02-07 05:05 3401752 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll" [2014-02-07 3401752]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"CloudSystemBooster"="c:\program files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe" [2013-12-24 527544]
"AVG-Secure-Search-Update_0214b"="c:\program files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe" [2014-02-07 2606616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-06 1343904]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 439440]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-07-29 75048]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-09-18 505872]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-09-18 374560]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"EverioService"="c:\program files (x86)\CyberLink\PCM4Everio\EverioService.exe" [2007-11-02 151552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-02 285072]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2014-02-07 2535448]
"Anvi AD Blocker"="c:\program files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerTray.exe" [2013-06-14 1256144]
"ADBlocker"="c:\program files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerTray.exe" [2013-06-14 1256144]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/29 09:52;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/10/10 21:38];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 AdblockerSrv;Adblocker Monitor Service;c:\program files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerSrv.exe;c:\program files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerSrv.exe [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 AnviCsbSvc;Anvi Cloud System Booster Speed Service;c:\program files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe;c:\program files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [x]
S2 asdnet;Adblocker Monitor Driver;c:\windows\system32\DRIVERS\asdnet.sys;c:\windows\SYSNATIVE\DRIVERS\asdnet.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys;c:\windows\SYSNATIVE\drivers\Smb_driver.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-17 03:14]
.
2014-02-07 c:\windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job
- c:\program files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe [2014-02-07 03:48]
.
2014-02-07 c:\windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
- c:\program files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe [2014-02-07 03:48]
.
2014-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 15:19]
.
2014-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 15:19]
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3360304057-3309776956-2648380921-1001Core.job
- c:\users\Larry\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 07:23]
.
2014-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3360304057-3309776956-2648380921-1001UA.job
- c:\users\Larry\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 07:23]
.
2014-02-02 c:\windows\Tasks\HPCeeScheduleForLARRY-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
2014-02-07 c:\windows\Tasks\HPCeeScheduleForLarry.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-20 1425408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-01 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-01 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-01 441152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-06  21:17:34
ComboFix-quarantined-files.txt  2014-02-07 05:17
.
Pre-Run: 790,278,971,392 bytes free
Post-Run: 790,005,678,080 bytes free
.
- - End Of File - - 203641736CA57D11E6AE915CC543F8E0
 
ANY THOUGHTS ON THE MATTER WOULD BE GREATLY APPRECIATED.....
 
 


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,384 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 PM

Posted 07 February 2014 - 10:42 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 larrythehandyman

larrythehandyman
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 07 February 2014 - 10:53 AM

Hello Malware and thx for your time.  ok i did what you said

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by Larry (administrator) on LARRY-HP on 07-02-2014 07:51:07
Running from C:\Users\Larry\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerSrv.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
() C:\Windows\System32\valWBFPolicyService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(ArcSoft Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0\ScriptHelper.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Google Inc.) C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-07-29] (cyberlink)
HKLM-x32\...\Run: [PowerDVD12DMREngine] - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [505872 2012-09-17] (CyberLink)
HKLM-x32\...\Run: [PowerDVD12Agent] - C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [374560 2012-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EverioService] - C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe [151552 2007-11-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AllShareAgent] - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2535448 2014-02-06] ()
HKLM-x32\...\Run: [Anvi AD Blocker] - C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerTray.exe [1256144 2013-06-13] (Anvisoft)
HKLM-x32\...\Run: [ADBlocker] - C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerTray.exe [1256144 2013-06-13] (Anvisoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3360304057-3309776956-2648380921-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKU\S-1-5-21-3360304057-3309776956-2648380921-1001\...\Run: [CloudSystemBooster] - C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [527544 2013-12-23] (Anvisoft)
HKU\S-1-5-21-3360304057-3309776956-2648380921-1001\...\Run: [AVG-Secure-Search-Update_0214b] - C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe [2606616 2014-02-06] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-02-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-27] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic.com/?prt=dnsbsc50r1&sp=bing&keywords={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={2FC51327-5F90-40FE-A9A2-D776D2E92EF2}&mid=e9cb944f5c8e47d3b30d71fa8aa17d8d-1b4f98221779b522d3757f6a10c5bf275fa3109a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-06 21:06:14&v=17.3.1.204&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Larry\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Larry\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Larry\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Simple Pass) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0\npwebsitelogon.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Larry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Quick Play) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkjfjbgcobmhgjobigjgmailhoeafmjl [2013-05-19]
CHR Extension: (YouTube) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-24]
CHR Extension: (Adblock Plus) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-22]
CHR Extension: (Google Search) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-24]
CHR Extension: (Website Logon) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2012-10-24]
CHR Extension: (AdBlock) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-22]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2012-11-30]
CHR Extension: (Website Logon) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaaieiajnhcnimjgfmjpccjmmfkploci [2013-01-26]
CHR Extension: (Website Logon) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2013-11-28]
CHR Extension: (AVG SafeGuard) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-12-22]
CHR Extension: (Google Wallet) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-24]
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2012-07-24]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-05]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2014-01-05]
CHR StartMenuInternet: Google Chrome - C:\Users\Larry\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 AdblockerSrv; C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\ADBlockerSrv.exe [314064 2013-06-13] ()
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43072 2012-03-19] (ArcSoft, Inc.)
R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2013-12-23] (Anvisoft)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-09-17] (CyberLink Corp.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-09-17] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-09-17] (CyberLink)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-10-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-10-24] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [272024 2006-12-19] ()
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2099000 2013-10-30] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2013-10-30] (AVG)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-05] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [311872 2011-11-10] ()
R2 asdnet; C:\Windows\system32\DRIVERS\asdnet.sys [19280 2013-06-08] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-12-22] (AVG Technologies)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-10-24] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-09-10] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-07 07:51 - 2014-02-07 07:51 - 00029676 _____ () C:\Users\Larry\Downloads\FRST.txt
2014-02-07 07:50 - 2014-02-07 07:51 - 00000000 ____D () C:\FRST
2014-02-07 07:49 - 2014-02-07 07:49 - 02079744 _____ (Farbar) C:\Users\Larry\Downloads\FRST64.exe
2014-02-06 22:18 - 2014-02-06 22:18 - 01166132 _____ () C:\Users\Larry\Downloads\AdwCleaner.exe
2014-02-06 22:18 - 2014-02-06 22:18 - 00000000 ____D () C:\AdwCleaner
2014-02-06 22:14 - 2014-02-06 22:14 - 04102371 _____ () C:\Users\Larry\Downloads\tdsskiller.zip
2014-02-06 22:14 - 2014-02-06 22:14 - 00030790 _____ () C:\Users\Larry\Desktop\minitoolboxResult.txt
2014-02-06 22:13 - 2014-02-06 22:13 - 00030790 _____ () C:\Users\Larry\Downloads\Result.txt
2014-02-06 22:12 - 2014-02-06 22:12 - 00982016 _____ (Farbar) C:\Users\Larry\Downloads\MiniToolBox.exe
2014-02-06 21:17 - 2014-02-06 21:17 - 00034892 _____ () C:\ComboFix.txt
2014-02-06 21:02 - 2014-02-06 21:03 - 00294376 _____ () C:\Windows\Minidump\020614-62306-01.dmp
2014-02-06 21:01 - 2014-02-06 21:01 - 810383678 _____ () C:\Windows\MEMORY.DMP
2014-02-06 21:01 - 2014-02-06 21:01 - 00000796 _____ () C:\Windows\PFRO.log
2014-02-06 20:59 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-06 20:59 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-06 20:59 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-06 20:59 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-06 20:59 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-06 20:59 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-06 20:59 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-06 20:59 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-06 20:58 - 2014-02-06 21:17 - 00000000 ____D () C:\Qoobox
2014-02-06 20:58 - 2014-02-06 21:16 - 00000000 ____D () C:\Windows\erdnt
2014-02-06 20:57 - 2014-02-06 20:57 - 05180173 ____R (Swearware) C:\Users\Larry\Downloads\ComboFix.exe
2014-02-06 20:30 - 2014-02-06 20:30 - 00002302 _____ () C:\Users\Larry\Desktop\RKreport[0]_S_02062014_203023.txt
2014-02-06 20:26 - 2014-02-06 20:30 - 00000000 ____D () C:\Users\Larry\Desktop\RK_Quarantine
2014-02-06 20:26 - 2014-02-06 20:26 - 03796480 _____ () C:\Users\Larry\Downloads\RogueKiller.exe
2014-02-06 19:49 - 2014-02-06 21:03 - 00000374 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2014-02-06 19:49 - 2014-02-06 21:03 - 00000372 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job
2014-02-06 19:49 - 2014-02-06 19:49 - 00002668 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0214b_rmv
2014-02-06 19:49 - 2014-02-06 19:49 - 00002666 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0214b_rel
2014-02-06 17:53 - 2014-02-06 17:53 - 00002221 _____ () C:\Users\Larry\Desktop\HP Support Assistant.lnk
2014-02-06 17:49 - 2014-02-06 17:49 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-02-03 16:48 - 2014-02-06 22:24 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Larry\Desktop\TDSSKiller.exe
2014-01-28 21:03 - 2014-01-28 21:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-28 21:03 - 2014-01-28 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-28 21:03 - 2014-01-28 21:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-28 20:53 - 2014-01-28 20:53 - 00921000 _____ (Oracle Corporation) C:\Users\Larry\Downloads\chromeinstall-7u51.exe
2014-01-28 20:45 - 2014-01-28 20:47 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-26 18:12 - 2014-02-06 21:02 - 00000056 _____ () C:\Windows\setupact.log
2014-01-26 18:12 - 2014-01-26 18:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-19 16:58 - 2014-01-19 16:58 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-19 16:58 - 2014-01-19 16:58 - 00002019 _____ () C:\ProgramData\Desktop\Adobe Reader X.lnk
 
==================== One Month Modified Files and Folders =======
 
2014-02-07 07:51 - 2014-02-07 07:51 - 00029676 _____ () C:\Users\Larry\Downloads\FRST.txt
2014-02-07 07:51 - 2014-02-07 07:50 - 00000000 ____D () C:\FRST
2014-02-07 07:49 - 2014-02-07 07:49 - 02079744 _____ (Farbar) C:\Users\Larry\Downloads\FRST64.exe
2014-02-07 07:43 - 2009-07-13 21:13 - 00732264 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-07 07:42 - 2012-09-23 07:19 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-07 07:42 - 2012-07-24 23:23 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3360304057-3309776956-2648380921-1001UA.job
2014-02-07 07:41 - 2012-12-07 21:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-07 07:41 - 2012-07-24 23:32 - 01745890 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 22:24 - 2014-02-03 16:48 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Larry\Desktop\TDSSKiller.exe
2014-02-06 22:18 - 2014-02-06 22:18 - 01166132 _____ () C:\Users\Larry\Downloads\AdwCleaner.exe
2014-02-06 22:18 - 2014-02-06 22:18 - 00000000 ____D () C:\AdwCleaner
2014-02-06 22:14 - 2014-02-06 22:14 - 04102371 _____ () C:\Users\Larry\Downloads\tdsskiller.zip
2014-02-06 22:14 - 2014-02-06 22:14 - 00030790 _____ () C:\Users\Larry\Desktop\minitoolboxResult.txt
2014-02-06 22:13 - 2014-02-06 22:13 - 00030790 _____ () C:\Users\Larry\Downloads\Result.txt
2014-02-06 22:12 - 2014-02-06 22:12 - 00982016 _____ (Farbar) C:\Users\Larry\Downloads\MiniToolBox.exe
2014-02-06 21:48 - 2013-12-21 11:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-06 21:32 - 2012-09-23 07:19 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-06 21:31 - 2012-07-24 23:23 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3360304057-3309776956-2648380921-1001Core.job
2014-02-06 21:17 - 2014-02-06 21:17 - 00034892 _____ () C:\ComboFix.txt
2014-02-06 21:17 - 2014-02-06 20:58 - 00000000 ____D () C:\Qoobox
2014-02-06 21:17 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Default
2014-02-06 21:16 - 2014-02-06 20:58 - 00000000 ____D () C:\Windows\erdnt
2014-02-06 21:16 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-06 21:14 - 2009-07-13 20:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 21:14 - 2009-07-13 20:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 21:05 - 2013-12-22 18:26 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-06 21:03 - 2014-02-06 21:02 - 00294376 _____ () C:\Windows\Minidump\020614-62306-01.dmp
2014-02-06 21:03 - 2014-02-06 19:49 - 00000374 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2014-02-06 21:03 - 2014-02-06 19:49 - 00000372 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job
2014-02-06 21:02 - 2014-01-26 18:12 - 00000056 _____ () C:\Windows\setupact.log
2014-02-06 21:02 - 2013-04-24 09:01 - 00000000 ____D () C:\Windows\Minidump
2014-02-06 21:02 - 2013-01-24 00:44 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForLarry.job
2014-02-06 21:02 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-06 21:01 - 2014-02-06 21:01 - 810383678 _____ () C:\Windows\MEMORY.DMP
2014-02-06 21:01 - 2014-02-06 21:01 - 00000796 _____ () C:\Windows\PFRO.log
2014-02-06 20:57 - 2014-02-06 20:57 - 05180173 ____R (Swearware) C:\Users\Larry\Downloads\ComboFix.exe
2014-02-06 20:39 - 2012-07-25 21:33 - 00000000 ____D () C:\Users\Larry\Desktop\WORK
2014-02-06 20:30 - 2014-02-06 20:30 - 00002302 _____ () C:\Users\Larry\Desktop\RKreport[0]_S_02062014_203023.txt
2014-02-06 20:30 - 2014-02-06 20:26 - 00000000 ____D () C:\Users\Larry\Desktop\RK_Quarantine
2014-02-06 20:26 - 2014-02-06 20:26 - 03796480 _____ () C:\Users\Larry\Downloads\RogueKiller.exe
2014-02-06 20:21 - 2013-11-17 08:15 - 00000000 ____D () C:\Users\Larry\Desktop\backups
2014-02-06 20:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-06 20:14 - 2013-05-12 21:53 - 00021395 _____ () C:\Users\Larry\Desktop\hijackthis.log
2014-02-06 19:56 - 2012-07-24 23:38 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9C276508-1B6D-4F9E-87CD-0E128A22FEDD}
2014-02-06 19:49 - 2014-02-06 19:49 - 00002668 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0214b_rmv
2014-02-06 19:49 - 2014-02-06 19:49 - 00002666 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0214b_rel
2014-02-06 17:54 - 2013-01-24 00:44 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLarry
2014-02-06 17:53 - 2014-02-06 17:53 - 00002221 _____ () C:\Users\Larry\Desktop\HP Support Assistant.lnk
2014-02-06 17:53 - 2012-02-17 16:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-06 17:53 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Help
2014-02-06 17:50 - 2012-02-17 15:55 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-02-06 17:49 - 2014-02-06 17:49 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-02-06 17:47 - 2012-07-24 23:35 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\hpqlog
2014-02-06 17:47 - 2012-02-17 16:11 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-02-06 17:47 - 2011-02-10 11:23 - 00000000 ____D () C:\SWSetup
2014-02-05 19:14 - 2012-12-07 21:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 19:14 - 2012-02-17 15:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 19:14 - 2012-02-17 15:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-03 07:56 - 2012-11-15 22:39 - 00000154 _____ () C:\Users\Larry\AppData\default.pls
2014-02-03 07:55 - 2012-09-03 23:23 - 00000116 _____ () C:\Windows\NeroDigital.ini
2014-02-02 19:56 - 2012-10-01 22:23 - 00000000 ____D () C:\Users\Larry\Documents\My Scans
2014-02-01 18:06 - 2012-07-29 08:41 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLARRY-HP$
2014-02-01 18:06 - 2012-07-29 08:41 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForLARRY-HP$.job
2014-02-01 13:24 - 2013-01-12 20:17 - 00000000 ____D () C:\Users\Larry\Desktop\shrunk movie
2014-02-01 13:23 - 2012-10-13 12:36 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-01-30 20:45 - 2012-07-29 08:41 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-30 20:45 - 2012-07-25 21:58 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-01-28 21:04 - 2013-11-16 15:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-28 21:03 - 2014-01-28 21:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-28 21:03 - 2014-01-28 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-28 21:03 - 2014-01-28 21:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-28 20:53 - 2014-01-28 20:53 - 00921000 _____ (Oracle Corporation) C:\Users\Larry\Downloads\chromeinstall-7u51.exe
2014-01-28 20:47 - 2014-01-28 20:45 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-28 20:47 - 2013-03-06 21:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-26 18:12 - 2014-01-26 18:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-25 09:44 - 2012-07-29 11:47 - 00000000 ____D () C:\Users\Larry\AppData\Local\CrashDumps
2014-01-25 09:20 - 2013-12-22 20:41 - 00001276 _____ () C:\Users\Public\Desktop\Cloud System Booster.lnk
2014-01-25 09:20 - 2013-12-22 20:41 - 00001276 _____ () C:\ProgramData\Desktop\Cloud System Booster.lnk
2014-01-19 16:58 - 2014-01-19 16:58 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-19 16:58 - 2014-01-19 16:58 - 00002019 _____ () C:\ProgramData\Desktop\Adobe Reader X.lnk
2014-01-17 08:01 - 2012-08-23 22:31 - 00000000 ____D () C:\Users\Larry\Documents\DVDFab
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-30 21:46
 
==================== End Of Log ============================
 
 
AND
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2014
Ran by Larry at 2014-02-07 07:51:22
Running from C:\Users\Larry\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112 - Adobe Systems, Inc.)
Anvi AD Blocker 2.2 (x32 Version: 2.2 - Anvisoft)
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia Theatre 5 (x32 Version: 5.3.1.146 - ArcSoft)
ArcSoft TotalMedia Theatre 5 (x32 Version: 5.3.1.146 - ArcSoft) Hidden
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
AVG 2014 (Version: 14.0.3697 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.229 - AVG) Hidden
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.229 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.229 - AVG) Hidden
AVG SafeGuard toolbar (x32 Version: 17.3.1.204 - AVG Technologies)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (x32 Version: 2.2.8530 - K-NFB Reading Technology, Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (x32 Version:  - )
Canon Easy-WebPrint EX (x32 Version:  - )
Canon IJ Network Scanner Selector EX (x32 Version:  - )
Canon IJ Network Tool (x32 Version:  - )
Canon MP Navigator EX 5.1 (x32 Version:  - )
Canon MX430 series MP Drivers (Version:  - )
Canon MX430 series On-screen Manual (x32 Version:  - )
Canon MX430 series User Registration (x32 Version:  - )
Canon My Printer (x32 Version:  - )
Canon Solution Menu EX (x32 Version:  - )
Canon Speed Dial Utility (x32 Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cloud System Booster (x32 Version: 3.1 - Anvisoft)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink PowerDVD (x32 Version: 10.0.5.3817 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.5.3817 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (x32 Version: 12.0.2118.57 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2118.57 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Decrypter (Remove Only) (x32 Version:  - )
DVD Shrink 3.2 (x32 Version:  - DVD Shrink)
DVDFab 6.2.1.8 (31/12/2009) (x32 Version:  - Fengtao Software Inc.)
DVDFab 8.0.8.5 (19/03/2011) (x32 Version:  - Fengtao Software Inc.)
DVDFab 8.2.2.9 (18/06/2013) Qt (x32 Version:  - Fengtao Software Inc.)
ESU for Microsoft Windows 7 SP1 (x32 Version: 4.1.2 - Hewlett-Packard)
Evernote v. 4.5.2 (x32 Version: 4.5.2.5904 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free MP3 Cutter 1.01 (x32 Version:  - PolySoft Solutions)
GetSavin (x32 Version: 1.1361393456 - Adpeak, Inc.)
Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Application Assistant (Version: 1.1.466.3970 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP CoolSense (x32 Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.2.0.0 - Hewlett-Packard)
HP Games (x32 Version: 1.0.2.5 - WildTangent)
HP Launch Box (Version: 1.1.5 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 2.1.096 - Hewlett-Packard) Hidden
HP MovieStore (x32 Version: 2.1.21096.0 - Hewlett-Packard Company)
HP On Screen Display (x32 Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (x32 Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (x32 Version: 2.7.2 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (x32 Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (x32 Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass (x32 Version: 6.0.100.276 - Hewlett-Packard)
HP Software Framework (x32 Version: 4.5.12.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.4.45.4 - Hewlett-Packard Company)
IDT Audio (x32 Version: 1.0.6418.0 - IDT)
Intel® Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.0.199 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Motorola Device Manager (x32 Version: 2.4.3 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.07.3101 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.2.0 (Version: 6.2.0 - Motorola Inc.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Nero 7 Premium (x32 Version: 7.02.8039 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA Control Panel 311.00 (Version: 311.00 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.00 (Version: 311.00 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PowerCinema NE for Everio (x32 Version:  - )
PowerDirector Express (x32 Version:  - )
PowerProducer (x32 Version: 074511a(3.7)_Vista_JVC - CyberLink Corp.)
QuickTime (x32 Version: 7.71.80.42 - Apple Inc.)
Ralink RT5390R 802.11b/g/n Wi-Fi Adapter (x32 Version: 5.0.33.1 - Mediatek)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
SoulSeek 157 NS 13e (x32 Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (Version: 4.4.234.0 - Validity Sensors, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.1 (x32 Version: 1.0.1 - VideoLAN Team)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
12-01-2014 18:39:57 Scheduled Checkpoint
22-01-2014 05:10:47 Scheduled Checkpoint
25-01-2014 17:20:56 Anvi CSB 3.1
29-01-2014 04:45:07 Installed Java 7 Update 51
29-01-2014 05:02:34 Removed Java 7 Update 51
29-01-2014 05:03:10 Installed Java 7 Update 51
06-02-2014 06:35:00 Scheduled Checkpoint
07-02-2014 01:49:35 Installed HP Support Assistant
07-02-2014 01:52:17 Windows Modules Installer
07-02-2014 01:53:00 Windows Modules Installer
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2014-02-06 21:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {056B7C2E-061D-44A6-9E44-DACF63E46A64} - System32\Tasks\HPCeeScheduleForLarry => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {157B73ED-72E1-4A0C-9E3B-1D0C5E3C962A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {1F6EAAA9-A9F0-4EFD-B406-3CBBAF577A5F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2980E2D8-C86F-4C99-BAAC-1194C382687F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23] (Google Inc.)
Task: {32668CB0-112D-4716-AFA1-A8D13B85A2E8} - System32\Tasks\AVG-Secure-Search-Update_0214b_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe [2014-02-06] ()
Task: {4D887400-2E0B-4FC2-A875-5E0D488A3624} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink)
Task: {547A3575-0FB6-4447-A406-30B8D6C6B184} - System32\Tasks\AVG-Secure-Search-Update_0214b_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe [2014-02-06] ()
Task: {5ADAFEC8-D488-4C2B-8735-F6EC4971F1A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {6DAB3E64-1044-4D42-A83D-9E9566A79E34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7C6C2751-2A9E-4891-B2E4-D93395E2CAF3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3360304057-3309776956-2648380921-1001UA => C:\Users\Larry\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24] (Google Inc.)
Task: {845A2334-6832-4C63-A415-3CFC346AB2CC} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-10-30] (AVG)
Task: {873D2614-698B-486C-A522-80BE6E84FA8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {8B42E8B8-A39A-4E87-B16C-76863FCB4142} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {9BE05C8A-0ADA-4971-A313-BC39BA1BDDE8} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {AE1A7E1F-C2F1-4B8A-A381-4F37876C01EC} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {B0C54E9A-F457-43BB-B355-E9AFE1422D2F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3360304057-3309776956-2648380921-1001Core => C:\Users\Larry\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24] (Google Inc.)
Task: {C75A0197-EB44-4499-B8F2-B6AAA440CC98} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {C99E7DDB-8781-497E-B635-1707E3108C5F} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {CC84C954-6B6D-4535-BF50-53E002219FBB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23] (Google Inc.)
Task: {D50FAA62-E486-4E86-8CF3-B51FA4F112EB} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D626534E-98F4-4B2B-B3FD-24626CA440ED} - System32\Tasks\Test TimeTrigger => C:\Users\Larry\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {E4A7B208-639F-4A3B-8E5E-4D4926D0EEB7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E8B222A2-3C47-4806-A6B6-FC5EFD03B9EE} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {EB318837-3424-4FBF-A8B9-797F44E1AC8A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {F3FC4F36-8B69-4D40-8AB3-E859D04B3925} - System32\Tasks\HPCeeScheduleForLARRY-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {FEE3DC29-3C2E-40C3-8A90-F3CD75E7218D} - System32\Tasks\Google Updater and Installer => C:\Users\Larry\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3360304057-3309776956-2648380921-1001Core.job => C:\Users\Larry\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3360304057-3309776956-2648380921-1001UA.job => C:\Users\Larry\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLARRY-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLarry.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-07-17 19:41 - 2012-01-18 15:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-13 23:00 - 2013-06-13 23:00 - 00785104 _____ () C:\Program Files (x86)\Anvisoft\Anvi AD Blocker\sqlite3.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-20 13:35 - 2013-06-20 13:35 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-01-05 08:32 - 2014-01-05 08:32 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2013-12-23 17:26 - 2013-12-23 17:26 - 00018616 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\Public.dll
2013-11-27 01:33 - 2013-11-27 01:33 - 00156344 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\ui.dll
2013-11-27 01:33 - 2013-11-27 01:33 - 00090808 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\libglognc.dll
2013-12-23 17:26 - 2013-12-23 17:26 - 00028856 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\extentions\TestExtention.dll
2013-03-20 20:33 - 2007-11-01 16:13 - 00012288 ____N () C:\Program Files (x86)\CyberLink\PCM4Everio\Kernel\common\CLEverioDetector.dll
2013-11-15 00:59 - 2013-11-15 00:59 - 00017408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\9f8bf2460240cf830301102ce8a45366\PSIClient.ni.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 15:46 - 2012-02-22 15:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-05 21:40 - 2012-01-05 21:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
2012-07-17 19:41 - 2012-10-24 16:42 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-02-05 19:16 - 2014-02-01 15:41 - 00715592 _____ () C:\Users\Larry\AppData\Local\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-05 19:16 - 2014-02-01 15:41 - 00100168 _____ () C:\Users\Larry\AppData\Local\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-05 19:16 - 2014-02-01 15:42 - 04055368 _____ () C:\Users\Larry\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-05 19:16 - 2014-02-01 15:42 - 00399688 _____ () C:\Users\Larry\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-05 19:16 - 2014-02-01 15:41 - 01634632 _____ () C:\Users\Larry\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/07/2014 07:41:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33408862
 
Error: (02/07/2014 07:41:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33408862
 
Error: (02/07/2014 07:41:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/06/2014 10:25:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3074
 
Error: (02/06/2014 10:25:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3074
 
Error: (02/06/2014 10:25:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/06/2014 10:24:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013
 
Error: (02/06/2014 10:24:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013
 
Error: (02/06/2014 10:24:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/06/2014 10:24:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
 
System errors:
=============
Error: (02/06/2014 09:16:15 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/06/2014 09:15:45 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (02/06/2014 09:12:28 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/06/2014 09:05:16 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (02/06/2014 09:05:16 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (02/06/2014 09:04:47 PM) (Source: Service Control Manager) (User: )
Description: The HP Software Framework Service service failed to start due to the following error: 
%%1053
 
Error: (02/06/2014 09:04:47 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
 
Error: (02/06/2014 09:04:15 PM) (Source: DCOM) (User: )
Description: 1053hpqwmiex{F5539356-2F02-40D4-999E-FA61F45FE12E}
 
Error: (02/06/2014 09:04:15 PM) (Source: Service Control Manager) (User: )
Description: The HP Software Framework Service service failed to start due to the following error: 
%%1053
 
Error: (02/06/2014 09:04:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-06 21:15:45.244
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-06 21:15:45.202
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-08 19:58:40.277
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-08 19:58:40.276
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-08 19:58:40.274
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-08 19:58:40.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-08 19:58:40.263
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-08 19:58:40.261
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-07 00:18:03.535
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-07 00:18:03.534
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 39%
Total physical RAM: 8087.31 MB
Available physical RAM: 4924.3 MB
Total Pagefile: 16172.8 MB
Available Pagefile: 12529.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:909.56 GB) (Free:735.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:21.66 GB) (Free:2.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 84CA151B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)
 
==================== End Of Log ============================


#4 larrythehandyman

larrythehandyman
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 07 February 2014 - 10:58 AM

sorry i forgot to mention im running Adblock Plus in my browser to alleviate these pop ups for now. The ABP and hand shaped stop signs as well as the EYE have numbers under them which constantly grow. i think these are the pop ups being stopped. right?



#5 aharonov

aharonov

  • Malware Response Team
  • 2,384 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 PM

Posted 10 February 2014 - 04:11 AM

Sorry for the delay.
Is only Google Chrome affected or Internet Explorer too?
How is it going after the following fix?


Please download this attached Attached File  fixlist.txt   568bytes   0 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.


#6 aharonov

aharonov

  • Malware Response Team
  • 2,384 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 PM

Posted 04 March 2014 - 11:28 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users