Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.exe virus, windows shuts down automatically problems.


  • This topic is locked This topic is locked
15 replies to this topic

#1 jeffm518

jeffm518

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 22 April 2013 - 02:19 PM

Hello all, I am new here and i recently got a virus, first it was a .exe virus in which no files could open up for it so I had to start my laptop (HP) in safe mode and do a system restore.

 

Now whenever I am online my laptop will shut down after about 40 minutes are start back up. I get a blue screen then it shuts off. When that happens my laptop will not remember any user name on sites I go to.

 

Anyone have any idea what it can be?

 

Also for the virus scan I use the AVG antivirus/internet security/pc tune up as well.

 

thanks Jeff.



BC AdBot (Login to Remove)

 


#2 jeffm518

jeffm518
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 22 April 2013 - 07:21 PM

Additional information about the problem:

  BCCode:             109

  BCP1:  A3A039D898F57C00

  BCP2:  B3B7465EEB73B866

  BCP3:  FFFFF80000B96BB0

  BCP4:  0000000000000006

  OS Version:      6_1_7600

  Service Pack:    0_0

  Product:             768_1

 

 

this is what pops up when my laptop starts back up:

 

Problem Signature:

 

Problem name Event-blueScreen

os version : 6.1.7600.2.0.0.768.3

locale ID- 1033



#3 jeffm518

jeffm518
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 24 April 2013 - 02:04 PM

I now seem to have somewhat fixed it, now I just get weird pop ups. and my laptop shuts off after about 50 minutes online.



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 PM

Posted 26 April 2013 - 01:58 PM

Hi jeffm518,

 

Welcome to the forum.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 



#5 jeffm518

jeffm518
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 26 April 2013 - 11:42 PM

 Tool (FRST.txt) (x64) Version: 27-04-2013 04
Ran by Jeff (administrator) on 26-04-2013 21:37:34
Running from C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WI3FA5L2
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Farbar) C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WI3FA5L2\FRST64[1].exe

HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1726377485-510308449-175612054-1000\$02815385b3dcaa2ca0832e509dc82d52\n. ATTENTION! ====> ZeroAccess
==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6245408 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$02815385b3dcaa2ca0832e509dc82d52\n. ATTENTION! ====> ZeroAccess
HKCU\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKCU\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-05-19] (Hewlett-Packard Company)
HKCU\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKLM-x32\...\Run: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe" [243544 2010-04-13] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446760 2012-01-06] (Garmin)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1573576 2012-12-10] (Ask)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1151152 2013-02-18] ()
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
SearchScopes: HKLM - {3466FAF9-4F32-4E04-A647-7D60C101D440} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {6F017545-F2B2-4B54-8D91-DF52937F102E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {F9C4E365-FA74-4844-90C4-BF56BCCBFA72} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {3466FAF9-4F32-4E04-A647-7D60C101D440} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {6F017545-F2B2-4B54-8D91-DF52937F102E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {F9C4E365-FA74-4844-90C4-BF56BCCBFA72} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {3466FAF9-4F32-4E04-A647-7D60C101D440} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {6F017545-F2B2-4B54-8D91-DF52937F102E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={2F8C2821-6D00-46F8-9851-7BE85AB40C85}&mid=2be28263563347d09d2eb5781686dd67-547ee5186b3c18f3ea7c99382a5b353053af8c8f&lang=en&ds=AVG&pr=pr&d=2013-01-16 15:31:51&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A775ECB3-729A-41DD-88DD-F21D12236511} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=A06E5B06-E385-4F1D-B4DF-BBA93D00DD0B&apn_sauid=8D1ED4B3-8C0B-4EAF-A73A-BEB0D017891E
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4
SearchScopes: HKCU - {F9C4E365-FA74-4844-90C4-BF56BCCBFA72} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
PDF: HKLM-x32 {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab
PDF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 01 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll [65024] (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 65.183.192.253 65.183.192.254 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

==================== Services (Whitelisted) =================

S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1342024 2012-12-10] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-02] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2149480 2012-07-30] (AVG)
R2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] ()

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-10-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-11-22] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130104.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130104.032\ENG64.SYS [126112 2012-11-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130104.032\EX64.SYS [2084000 2012-11-22] (Symantec Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-04] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
S0 AFS; No ImagePath
S3 SRTSP; \SystemRoot\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [x]
R1 SRTSPX; \SystemRoot\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [x]
R0 SymDS; system32\drivers\N360x64\0502020.003\SYMDS64.SYS [x]
R0 SymEFA; system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [x]
R1 SymIRON; \SystemRoot\system32\drivers\N360x64\0502020.003\Ironx64.SYS [x]
R1 SymNetS; \SystemRoot\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-04-26 21:37 - 2013-04-26 21:37 - 00000000 ____D C:\FRST
2013-04-26 21:29 - 2013-04-26 21:29 - 00277168 ____A C:\Windows\Minidump\042613-34226-01.dmp
2013-04-26 21:14 - 2013-04-26 21:14 - 00277168 ____A C:\Windows\Minidump\042613-38735-01.dmp
2013-04-26 20:31 - 2013-04-26 20:32 - 00000000 ____D C:\Users\Jeff\AppData\Local\{093E8E07-9AE5-46CA-B61B-43F9C7BB6EFE}
2013-04-25 21:36 - 2013-04-25 21:36 - 00277168 ____A C:\Windows\Minidump\042513-39171-01.dmp
2013-04-25 20:54 - 2013-04-25 20:54 - 00000000 ____D C:\Users\Jeff\AppData\Local\{AA7F82F3-2CD9-4713-B2CA-F78FC5171156}
2013-04-25 20:52 - 2013-04-25 20:52 - 00277168 ____A C:\Windows\Minidump\042513-37705-01.dmp
2013-04-25 19:47 - 2013-04-25 19:47 - 00002185 ____A C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2013-04-25 19:47 - 2013-04-25 19:47 - 00002137 ____A C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2013-04-25 19:47 - 2012-07-30 13:56 - 00036456 ____A (AVG) C:\Windows\System32\TURegOpt.exe
2013-04-25 19:47 - 2012-07-30 13:55 - 00027752 ____A (AVG) C:\Windows\System32\authuitu.dll
2013-04-25 19:47 - 2012-07-30 13:55 - 00023144 ____A (AVG) C:\Windows\SysWOW64\authuitu.dll
2013-04-25 19:32 - 2012-08-13 12:27 - 04404648 ____A (AVG Technologies) C:\Users\Jeff\Documents\avg_avc_stb_all_2013_2615.exe
2013-04-25 15:48 - 2013-04-25 15:48 - 00277168 ____A C:\Windows\Minidump\042513-31949-01.dmp
2013-04-25 15:33 - 2013-04-25 15:34 - 00277168 ____A C:\Windows\Minidump\042513-33992-01.dmp
2013-04-25 14:49 - 2013-04-25 14:49 - 00277168 ____A C:\Windows\Minidump\042513-33696-01.dmp
2013-04-25 09:11 - 2013-04-25 09:11 - 00277168 ____A C:\Windows\Minidump\042513-33399-01.dmp
2013-04-25 08:55 - 2013-04-25 08:55 - 00277168 ____A C:\Windows\Minidump\042513-35427-01.dmp
2013-04-25 08:42 - 2013-04-25 08:42 - 00000000 ____D C:\Users\Jeff\AppData\Local\{53012417-014F-4360-BC8A-4CD536D7912A}
2013-04-24 22:24 - 2013-04-24 22:24 - 00277168 ____A C:\Windows\Minidump\042413-36379-01.dmp
2013-04-24 22:10 - 2013-04-24 22:10 - 00277168 ____A C:\Windows\Minidump\042413-34538-01.dmp
2013-04-24 21:25 - 2013-04-24 21:25 - 00277168 ____A C:\Windows\Minidump\042413-36441-01.dmp
2013-04-24 20:39 - 2013-04-24 20:39 - 00277168 ____A C:\Windows\Minidump\042413-31543-01.dmp
2013-04-24 19:54 - 2013-04-24 19:55 - 00277168 ____A C:\Windows\Minidump\042413-33540-01.dmp
2013-04-24 19:10 - 2013-04-24 19:10 - 00277168 ____A C:\Windows\Minidump\042413-35677-01.dmp
2013-04-24 18:26 - 2013-04-24 18:26 - 00277168 ____A C:\Windows\Minidump\042413-39296-01.dmp
2013-04-24 11:54 - 2013-04-24 11:54 - 00012781 ____A C:\Users\Jeff\Desktop\hs_err_pid4228.log
2013-04-24 11:45 - 2013-04-24 11:45 - 00277168 ____A C:\Windows\Minidump\042413-35256-01.dmp
2013-04-24 11:30 - 2013-04-24 11:30 - 00277168 ____A C:\Windows\Minidump\042413-36051-01.dmp
2013-04-24 11:17 - 2013-04-24 11:17 - 00000000 ____D C:\Users\Jeff\AppData\Local\{1DB759E1-61F2-4CAF-9A03-3A2740C0F3AE}
2013-04-23 22:11 - 2013-04-23 22:11 - 00277168 ____A C:\Windows\Minidump\042313-44850-01.dmp
2013-04-23 21:29 - 2013-04-23 21:29 - 00000000 ____D C:\Users\Jeff\AppData\Local\{603486CB-D58C-4A3C-A9B0-80EE5393914B}
2013-04-23 21:26 - 2013-04-26 21:29 - 388721168 ____A C:\Windows\MEMORY.DMP
2013-04-23 21:26 - 2013-04-23 21:27 - 00277168 ____A C:\Windows\Minidump\042313-45380-01.dmp
2013-04-23 21:14 - 2013-04-23 21:14 - 00000000 ____D C:\Users\Jeff\AppData\Local\{745E2193-CFA1-40D1-9E4A-A10B0DA2AFA4}
2013-04-23 20:24 - 2013-04-23 20:24 - 00277168 ____A C:\Windows\Minidump\042313-31574-01.dmp
2013-04-23 19:15 - 2013-04-23 21:10 - 00000000 ____D C:\Program Files (x86)\Skype
2013-04-23 19:15 - 2013-04-23 21:09 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\Skype
2013-04-23 19:10 - 2013-04-23 19:11 - 00000000 ____D C:\Users\Jeff\AppData\Local\{18283345-6CB0-488D-9B3C-503F130DF810}
2013-04-23 08:49 - 2013-04-23 08:49 - 00000000 ____D C:\Users\Jeff\AppData\Local\{AC1588CA-2399-4552-A651-FD1346B5A32F}
2013-04-22 20:00 - 2013-04-23 18:36 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-04-22 11:46 - 2013-04-22 11:46 - 00000000 ____D C:\Users\Jeff\AppData\Local\{593A4257-CA82-4844-83E0-7F8FF3AE5DE7}
2013-04-21 23:46 - 2013-04-21 23:46 - 00000000 ____D C:\Users\Jeff\AppData\Local\{8A513F17-B2EA-4333-A178-55BAEFB07E2D}
2013-04-20 23:30 - 2013-04-20 23:31 - 00000000 ____D C:\Users\Jeff\AppData\Local\{1E8D14D3-3AC6-4ADB-A9D1-4AC45E2149E9}
2013-04-20 05:01 - 2013-04-26 21:29 - 00000000 ____D C:\Windows\Minidump
2013-04-20 04:05 - 2013-04-20 04:06 - 00000000 ____D C:\Users\Jeff\AppData\Local\{B9452ED9-B717-46E5-8987-119CA438DC2D}
2013-04-19 11:14 - 2013-04-19 11:14 - 00000000 ____D C:\Users\Jeff\AppData\Local\{DCCFAE3A-C05B-46F4-90FE-E968C82C0D40}
2013-04-18 15:42 - 2013-04-18 15:42 - 00000000 ____D C:\Users\Jeff\AppData\Local\{928A8240-D3DC-4563-8C37-ED28DD32F10D}
2013-04-17 22:20 - 2013-04-17 22:20 - 00000000 ____D C:\Users\Jeff\AppData\Local\{14CFA314-F6F0-4185-B9D9-6C6BDCEC27B3}
2013-04-17 10:19 - 2013-04-17 10:19 - 00000000 ____D C:\Users\Jeff\AppData\Local\{BEFBFC4C-0166-4C90-97B0-3C117815300F}
2013-04-16 20:41 - 2013-04-16 20:41 - 00000000 ____D C:\Users\Jeff\AppData\Local\{9A9178E8-44C4-4D4A-8726-A8E0581B83C4}
2013-04-16 08:40 - 2013-04-16 08:41 - 00000000 ____D C:\Users\Jeff\AppData\Local\{FF0FC3E9-63B0-43B2-AAC0-C91AF67023F6}
2013-04-15 17:52 - 2013-04-15 17:52 - 00000000 ____D C:\Users\Jeff\2013-04-15
2013-04-15 17:38 - 2013-04-15 17:38 - 00000000 ____D C:\Users\Jeff\AppData\Local\{D9CF6A9A-BF12-4869-A731-BC5E7A264418}
2013-04-14 23:18 - 2013-04-14 23:18 - 00000000 ____D C:\Users\Jeff\AppData\Local\{99FCE20F-522C-4E0A-B32E-9DA1E968A185}
2013-04-13 23:36 - 2013-04-13 23:36 - 00000000 ____D C:\Users\Jeff\AppData\Local\{4182CE2E-CCC9-4C61-B732-0E627DA4792A}
2013-04-13 06:07 - 2013-04-13 06:07 - 00000000 ____D C:\Users\Jeff\AppData\Local\{E0FD9AA8-C43B-45C5-AB97-143B69B96D79}
2013-04-12 14:59 - 2013-04-12 14:59 - 00000000 ____D C:\Users\Jeff\2013-04-12
2013-04-12 12:20 - 2013-04-12 12:20 - 00000000 ____D C:\Users\Jeff\AppData\Local\{DC72437B-7D41-4548-BE90-3A32D8299922}
2013-04-12 00:19 - 2013-04-12 00:19 - 00000000 ____D C:\Users\Jeff\AppData\Local\{B28D2E35-0D53-46E6-93A9-66CDD2FB6733}
2013-04-11 10:59 - 2013-04-11 10:59 - 00000000 ____D C:\Users\Jeff\2013-04-11
2013-04-11 10:39 - 2013-04-11 10:39 - 00000000 ____D C:\Users\Jeff\AppData\Local\{6015AEE4-C809-4C28-9F7D-D5024F4A0979}
2013-04-10 18:17 - 2013-04-10 18:17 - 00000000 ____D C:\Users\Jeff\AppData\Local\{375AE6FC-9859-4046-A7F6-0AB145B81FE1}
2013-04-09 20:48 - 2013-04-09 20:48 - 00000000 ____D C:\Users\Jeff\AppData\Local\{7D9130AD-AC0E-4D38-8D31-EBE3DE2497A0}
2013-04-09 08:47 - 2013-04-09 08:47 - 00000000 ____D C:\Users\Jeff\AppData\Local\{6C5D3292-DFDE-4DE7-8429-7F0C55BB5DD3}
2013-04-08 11:40 - 2013-04-08 11:40 - 00000000 ____D C:\Users\Jeff\AppData\Local\{9F4C490C-2FBA-4822-9114-1D2387475E6E}
2013-04-07 23:39 - 2013-04-07 23:39 - 00000000 ____D C:\Users\Jeff\AppData\Local\{2C2EDC2F-5562-49DB-89CF-6463000B02CC}
2013-04-06 23:28 - 2013-04-06 23:28 - 00000000 ____D C:\Users\Jeff\AppData\Local\{9898D9CE-5A25-447A-9DBE-EC212B69B972}
2013-04-06 08:39 - 2013-04-06 08:39 - 00000000 ____D C:\Users\Jeff\AppData\Local\{CE9338F6-A255-426C-A9B4-E676AEB44137}
2013-04-05 10:50 - 2013-04-05 10:50 - 00000000 ____D C:\Users\Jeff\AppData\Local\{A902C259-B1CF-4817-9E8E-0FC289E3022E}
2013-04-04 22:16 - 2013-04-04 22:16 - 00000000 ____D C:\Users\Jeff\AppData\Local\{3C1DDA1B-4ADD-49BB-AD6A-DB4203775F09}
2013-04-04 10:15 - 2013-04-04 10:15 - 00000000 ____D C:\Users\Jeff\AppData\Local\{2FFA3226-FE9F-45A8-BE80-1F1B3D5A6855}
2013-04-03 10:19 - 2013-04-03 10:19 - 00000000 ____D C:\Users\Jeff\AppData\Local\{E106E764-3814-48F7-86EB-B483D2A6D7B1}
2013-04-02 20:44 - 2013-04-02 20:45 - 00000000 ____D C:\Users\Jeff\AppData\Local\{83AEBA04-91F1-4B12-8F1F-A344E0D27383}
2013-04-02 08:44 - 2013-04-02 08:44 - 00000000 ____D C:\Users\Jeff\AppData\Local\{595E25BD-4816-458E-8926-7695EDC370B6}
2013-04-01 18:35 - 2013-04-01 18:40 - 00016026 ____A C:\Users\Jeff\Documents\EMPLOYMENT_APPLICATION-fillable_9_12[1].txt
2013-04-01 11:32 - 2013-04-01 11:32 - 00000000 ____D C:\Users\Jeff\AppData\Local\{672D78A8-1DD2-4BA9-B86C-85C5855C2D04}
2013-03-31 23:31 - 2013-03-31 23:31 - 00000000 ____D C:\Users\Jeff\AppData\Local\{A6ED6863-3F0D-4A9D-8FA6-7B6F76B86623}
2013-03-30 23:24 - 2013-03-30 23:24 - 00000000 ____D C:\Users\Jeff\AppData\Local\{08788E35-F8AA-44A9-A6B0-2A848F2E8FD6}
2013-03-30 09:31 - 2013-03-30 09:31 - 00000000 ____D C:\Users\Jeff\AppData\Local\{84CB8928-6F80-475E-8DAD-B09B3919DCBC}
2013-03-29 21:23 - 2013-03-29 21:23 - 00000000 ____D C:\Users\Jeff\AppData\Local\{81490D21-CC0D-44A5-83F4-E9F55B1D025C}
2013-03-29 21:17 - 2013-03-29 21:17 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2013-03-29 09:23 - 2013-03-29 09:23 - 00000000 ____D C:\Users\Jeff\AppData\Local\{06AB3D85-7834-4D79-8EB3-8527444D5D49}
2013-03-28 21:08 - 2013-03-28 21:08 - 00000000 ____D C:\Users\Jeff\AppData\Local\{8A8481EB-8ED8-4C46-B3ED-01BD07408628}
2013-03-28 09:07 - 2013-03-28 09:07 - 00000000 ____D C:\Users\Jeff\AppData\Local\{5D8E760C-2269-449D-BF75-4D6A72EC9BC8}
2013-03-27 21:07 - 2013-03-27 21:07 - 00000000 ____D C:\Users\Jeff\AppData\Local\{5C3AE1DC-757A-453A-88F1-01FA9D4B9B86}
2013-03-27 09:06 - 2013-03-27 09:06 - 00000000 ____D C:\Users\Jeff\AppData\Local\{A3094CB9-50BD-4B1C-87CA-A2A4AC44BDB4}

==================== One Month Modified Files and Folders =======

2013-04-26 21:37 - 2013-04-26 21:37 - 00000000 ____D C:\FRST
2013-04-26 21:29 - 2013-04-26 21:29 - 00277168 ____A C:\Windows\Minidump\042613-34226-01.dmp
2013-04-26 21:29 - 2013-04-23 21:26 - 388721168 ____A C:\Windows\MEMORY.DMP
2013-04-26 21:29 - 2013-04-20 05:01 - 00000000 ____D C:\Windows\Minidump
2013-04-26 21:29 - 2012-10-07 04:07 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-26 21:29 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-26 21:29 - 2009-07-13 21:51 - 00230900 ____A C:\Windows\setupact.log
2013-04-26 21:23 - 2012-10-07 04:07 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-26 21:23 - 2009-07-13 21:45 - 00023024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-26 21:23 - 2009-07-13 21:45 - 00023024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-26 21:14 - 2013-04-26 21:14 - 00277168 ____A C:\Windows\Minidump\042613-38735-01.dmp
2013-04-26 20:44 - 2012-08-24 10:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-26 20:32 - 2013-04-26 20:31 - 00000000 ____D C:\Users\Jeff\AppData\Local\{093E8E07-9AE5-46CA-B61B-43F9C7BB6EFE}
2013-04-25 21:36 - 2013-04-25 21:36 - 00277168 ____A C:\Windows\Minidump\042513-39171-01.dmp
2013-04-25 20:54 - 2013-04-25 20:54 - 00000000 ____D C:\Users\Jeff\AppData\Local\{AA7F82F3-2CD9-4713-B2CA-F78FC5171156}
2013-04-25 20:52 - 2013-04-25 20:52 - 00277168 ____A C:\Windows\Minidump\042513-37705-01.dmp
2013-04-25 19:47 - 2013-04-25 19:47 - 00002185 ____A C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2013-04-25 19:47 - 2013-04-25 19:47 - 00002137 ____A C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2013-04-25 15:48 - 2013-04-25 15:48 - 00277168 ____A C:\Windows\Minidump\042513-31949-01.dmp
2013-04-25 15:34 - 2013-04-25 15:33 - 00277168 ____A C:\Windows\Minidump\042513-33992-01.dmp
2013-04-25 14:49 - 2013-04-25 14:49 - 00277168 ____A C:\Windows\Minidump\042513-33696-01.dmp
2013-04-25 09:11 - 2013-04-25 09:11 - 00277168 ____A C:\Windows\Minidump\042513-33399-01.dmp
2013-04-25 08:55 - 2013-04-25 08:55 - 00277168 ____A C:\Windows\Minidump\042513-35427-01.dmp
2013-04-25 08:42 - 2013-04-25 08:42 - 00000000 ____D C:\Users\Jeff\AppData\Local\{53012417-014F-4360-BC8A-4CD536D7912A}
2013-04-24 22:24 - 2013-04-24 22:24 - 00277168 ____A C:\Windows\Minidump\042413-36379-01.dmp
2013-04-24 22:10 - 2013-04-24 22:10 - 00277168 ____A C:\Windows\Minidump\042413-34538-01.dmp
2013-04-24 21:25 - 2013-04-24 21:25 - 00277168 ____A C:\Windows\Minidump\042413-36441-01.dmp
2013-04-24 20:39 - 2013-04-24 20:39 - 00277168 ____A C:\Windows\Minidump\042413-31543-01.dmp
2013-04-24 19:55 - 2013-04-24 19:54 - 00277168 ____A C:\Windows\Minidump\042413-33540-01.dmp
2013-04-24 19:10 - 2013-04-24 19:10 - 00277168 ____A C:\Windows\Minidump\042413-35677-01.dmp
2013-04-24 18:26 - 2013-04-24 18:26 - 00277168 ____A C:\Windows\Minidump\042413-39296-01.dmp
2013-04-24 11:54 - 2013-04-24 11:54 - 00012781 ____A C:\Users\Jeff\Desktop\hs_err_pid4228.log
2013-04-24 11:45 - 2013-04-24 11:45 - 00277168 ____A C:\Windows\Minidump\042413-35256-01.dmp
2013-04-24 11:31 - 2013-01-19 17:41 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForJeff.job
2013-04-24 11:30 - 2013-04-24 11:30 - 00277168 ____A C:\Windows\Minidump\042413-36051-01.dmp
2013-04-24 11:17 - 2013-04-24 11:17 - 00000000 ____D C:\Users\Jeff\AppData\Local\{1DB759E1-61F2-4CAF-9A03-3A2740C0F3AE}
2013-04-23 22:11 - 2013-04-23 22:11 - 00277168 ____A C:\Windows\Minidump\042313-44850-01.dmp
2013-04-23 21:29 - 2013-04-23 21:29 - 00000000 ____D C:\Users\Jeff\AppData\Local\{603486CB-D58C-4A3C-A9B0-80EE5393914B}
2013-04-23 21:27 - 2013-04-23 21:26 - 00277168 ____A C:\Windows\Minidump\042313-45380-01.dmp
2013-04-23 21:14 - 2013-04-23 21:14 - 00000000 ____D C:\Users\Jeff\AppData\Local\{745E2193-CFA1-40D1-9E4A-A10B0DA2AFA4}
2013-04-23 21:12 - 2010-11-26 17:35 - 00000000 ____D C:\users\Jeff
2013-04-23 21:10 - 2013-04-23 19:15 - 00000000 ____D C:\Program Files (x86)\Skype
2013-04-23 21:10 - 2013-01-16 16:40 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\AVG2013
2013-04-23 21:10 - 2010-07-10 20:43 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-04-23 21:10 - 2010-07-10 19:06 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-04-23 21:10 - 2010-07-10 19:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-04-23 21:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\NDF
2013-04-23 21:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2013-04-23 21:09 - 2013-04-23 19:15 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\Skype
2013-04-23 21:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2013-04-23 20:24 - 2013-04-23 20:24 - 00277168 ____A C:\Windows\Minidump\042313-31574-01.dmp
2013-04-23 19:11 - 2013-04-23 19:10 - 00000000 ____D C:\Users\Jeff\AppData\Local\{18283345-6CB0-488D-9B3C-503F130DF810}
2013-04-23 18:36 - 2013-04-22 20:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-04-23 08:49 - 2013-04-23 08:49 - 00000000 ____D C:\Users\Jeff\AppData\Local\{AC1588CA-2399-4552-A651-FD1346B5A32F}
2013-04-22 11:46 - 2013-04-22 11:46 - 00000000 ____D C:\Users\Jeff\AppData\Local\{593A4257-CA82-4844-83E0-7F8FF3AE5DE7}
2013-04-22 00:49 - 2010-12-07 05:33 - 00000000 ____D C:\Users\Jeff\AppData\Local\CrashDumps
2013-04-21 23:46 - 2013-04-21 23:46 - 00000000 ____D C:\Users\Jeff\AppData\Local\{8A513F17-B2EA-4333-A178-55BAEFB07E2D}
2013-04-20 23:31 - 2013-04-20 23:30 - 00000000 ____D C:\Users\Jeff\AppData\Local\{1E8D14D3-3AC6-4ADB-A9D1-4AC45E2149E9}
2013-04-20 04:06 - 2013-04-20 04:05 - 00000000 ____D C:\Users\Jeff\AppData\Local\{B9452ED9-B717-46E5-8987-119CA438DC2D}
2013-04-19 21:50 - 2012-06-19 20:10 - 00000000 ____D C:\Users\Jeff\AppData\Local\Windows Live
2013-04-19 11:14 - 2013-04-19 11:14 - 00000000 ____D C:\Users\Jeff\AppData\Local\{DCCFAE3A-C05B-46F4-90FE-E968C82C0D40}
2013-04-18 15:42 - 2013-04-18 15:42 - 00000000 ____D C:\Users\Jeff\AppData\Local\{928A8240-D3DC-4563-8C37-ED28DD32F10D}
2013-04-17 22:20 - 2013-04-17 22:20 - 00000000 ____D C:\Users\Jeff\AppData\Local\{14CFA314-F6F0-4185-B9D9-6C6BDCEC27B3}
2013-04-17 10:19 - 2013-04-17 10:19 - 00000000 ____D C:\Users\Jeff\AppData\Local\{BEFBFC4C-0166-4C90-97B0-3C117815300F}
2013-04-16 20:41 - 2013-04-16 20:41 - 00000000 ____D C:\Users\Jeff\AppData\Local\{9A9178E8-44C4-4D4A-8726-A8E0581B83C4}
2013-04-16 08:41 - 2013-04-16 08:40 - 00000000 ____D C:\Users\Jeff\AppData\Local\{FF0FC3E9-63B0-43B2-AAC0-C91AF67023F6}
2013-04-15 17:52 - 2013-04-15 17:52 - 00000000 ____D C:\Users\Jeff\2013-04-15
2013-04-15 17:38 - 2013-04-15 17:38 - 00000000 ____D C:\Users\Jeff\AppData\Local\{D9CF6A9A-BF12-4869-A731-BC5E7A264418}
2013-04-14 23:18 - 2013-04-14 23:18 - 00000000 ____D C:\Users\Jeff\AppData\Local\{99FCE20F-522C-4E0A-B32E-9DA1E968A185}
2013-04-13 23:36 - 2013-04-13 23:36 - 00000000 ____D C:\Users\Jeff\AppData\Local\{4182CE2E-CCC9-4C61-B732-0E627DA4792A}
2013-04-13 06:07 - 2013-04-13 06:07 - 00000000 ____D C:\Users\Jeff\AppData\Local\{E0FD9AA8-C43B-45C5-AB97-143B69B96D79}
2013-04-12 14:59 - 2013-04-12 14:59 - 00000000 ____D C:\Users\Jeff\2013-04-12
2013-04-12 12:20 - 2013-04-12 12:20 - 00000000 ____D C:\Users\Jeff\AppData\Local\{DC72437B-7D41-4548-BE90-3A32D8299922}
2013-04-12 00:19 - 2013-04-12 00:19 - 00000000 ____D C:\Users\Jeff\AppData\Local\{B28D2E35-0D53-46E6-93A9-66CDD2FB6733}
2013-04-11 10:59 - 2013-04-11 10:59 - 00000000 ____D C:\Users\Jeff\2013-04-11
2013-04-11 10:39 - 2013-04-11 10:39 - 00000000 ____D C:\Users\Jeff\AppData\Local\{6015AEE4-C809-4C28-9F7D-D5024F4A0979}
2013-04-10 18:17 - 2013-04-10 18:17 - 00000000 ____D C:\Users\Jeff\AppData\Local\{375AE6FC-9859-4046-A7F6-0AB145B81FE1}
2013-04-09 20:48 - 2013-04-09 20:48 - 00000000 ____D C:\Users\Jeff\AppData\Local\{7D9130AD-AC0E-4D38-8D31-EBE3DE2497A0}
2013-04-09 08:47 - 2013-04-09 08:47 - 00000000 ____D C:\Users\Jeff\AppData\Local\{6C5D3292-DFDE-4DE7-8429-7F0C55BB5DD3}
2013-04-08 11:40 - 2013-04-08 11:40 - 00000000 ____D C:\Users\Jeff\AppData\Local\{9F4C490C-2FBA-4822-9114-1D2387475E6E}
2013-04-07 23:39 - 2013-04-07 23:39 - 00000000 ____D C:\Users\Jeff\AppData\Local\{2C2EDC2F-5562-49DB-89CF-6463000B02CC}
2013-04-06 23:28 - 2013-04-06 23:28 - 00000000 ____D C:\Users\Jeff\AppData\Local\{9898D9CE-5A25-447A-9DBE-EC212B69B972}
2013-04-06 08:39 - 2013-04-06 08:39 - 00000000 ____D C:\Users\Jeff\AppData\Local\{CE9338F6-A255-426C-A9B4-E676AEB44137}
2013-04-05 10:50 - 2013-04-05 10:50 - 00000000 ____D C:\Users\Jeff\AppData\Local\{A902C259-B1CF-4817-9E8E-0FC289E3022E}
2013-04-04 22:16 - 2013-04-04 22:16 - 00000000 ____D C:\Users\Jeff\AppData\Local\{3C1DDA1B-4ADD-49BB-AD6A-DB4203775F09}
2013-04-04 10:15 - 2013-04-04 10:15 - 00000000 ____D C:\Users\Jeff\AppData\Local\{2FFA3226-FE9F-45A8-BE80-1F1B3D5A6855}
2013-04-03 10:19 - 2013-04-03 10:19 - 00000000 ____D C:\Users\Jeff\AppData\Local\{E106E764-3814-48F7-86EB-B483D2A6D7B1}
2013-04-02 20:45 - 2013-04-02 20:44 - 00000000 ____D C:\Users\Jeff\AppData\Local\{83AEBA04-91F1-4B12-8F1F-A344E0D27383}
2013-04-02 08:44 - 2013-04-02 08:44 - 00000000 ____D C:\Users\Jeff\AppData\Local\{595E25BD-4816-458E-8926-7695EDC370B6}
2013-04-01 18:40 - 2013-04-01 18:35 - 00016026 ____A C:\Users\Jeff\Documents\EMPLOYMENT_APPLICATION-fillable_9_12[1].txt
2013-04-01 11:32 - 2013-04-01 11:32 - 00000000 ____D C:\Users\Jeff\AppData\Local\{672D78A8-1DD2-4BA9-B86C-85C5855C2D04}
2013-03-31 23:31 - 2013-03-31 23:31 - 00000000 ____D C:\Users\Jeff\AppData\Local\{A6ED6863-3F0D-4A9D-8FA6-7B6F76B86623}
2013-03-30 23:24 - 2013-03-30 23:24 - 00000000 ____D C:\Users\Jeff\AppData\Local\{08788E35-F8AA-44A9-A6B0-2A848F2E8FD6}
2013-03-30 09:31 - 2013-03-30 09:31 - 00000000 ____D C:\Users\Jeff\AppData\Local\{84CB8928-6F80-475E-8DAD-B09B3919DCBC}
2013-03-29 21:23 - 2013-03-29 21:23 - 00000000 ____D C:\Users\Jeff\AppData\Local\{81490D21-CC0D-44A5-83F4-E9F55B1D025C}
2013-03-29 21:17 - 2013-03-29 21:17 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2013-03-29 09:23 - 2013-03-29 09:23 - 00000000 ____D C:\Users\Jeff\AppData\Local\{06AB3D85-7834-4D79-8EB3-8527444D5D49}
2013-03-28 21:08 - 2013-03-28 21:08 - 00000000 ____D C:\Users\Jeff\AppData\Local\{8A8481EB-8ED8-4C46-B3ED-01BD07408628}
2013-03-28 09:07 - 2013-03-28 09:07 - 00000000 ____D C:\Users\Jeff\AppData\Local\{5D8E760C-2269-449D-BF75-4D6A72EC9BC8}
2013-03-27 21:07 - 2013-03-27 21:07 - 00000000 ____D C:\Users\Jeff\AppData\Local\{5C3AE1DC-757A-453A-88F1-01FA9D4B9B86}
2013-03-27 09:06 - 2013-03-27 09:06 - 00000000 ____D C:\Users\Jeff\AppData\Local\{A3094CB9-50BD-4B1C-87CA-A2A4AC44BDB4}

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1726377485-510308449-175612054-1000\$02815385b3dcaa2ca0832e509dc82d52

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$02815385b3dcaa2ca0832e509dc82d52

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-04-17 11:15

==================== End Of Log ============================



ional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2013 04
Ran by Jeff at 2013-04-26 21:38:16 Run:
Running from C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WI3FA5L2
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Reader 9.5.2 MUI (Version: 9.5.2)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.14.0)
Ask Toolbar Updater (Version: 1.2.3.29495)
AVG 2013 (Version: 13.0.2639)
AVG 2013 (Version: 13.0.2899)
AVG 2013 (Version: 2013.0.2899)
AVG PC TuneUp (Version: 12.0.4000.104)
AVG PC TuneUp Language Pack (en-US) (Version: 12.0.4000.104)
AVG Security Toolbar (Version: 14.2.0.1)
Bejeweled 2 Deluxe
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 5.0.1438.0)
Bing Bar Platform (Version: 5.0.1438.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Build-a-lot 2 (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
CinemaNow Media Manager (Version: 1.9.1.105)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CyberLink DVD Suite (Version: 7.0.3003)
CyberLink MediaShow (Version: 5.0.1616)
CyberLink PowerDVD 9 (Version: 9.0.1.4217)
CyberLink YouCam (Version: 3.0.2511)
D3DX10 (Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's Carnival Adventure (Version: 2.2.0.95)
Energy Star Digital Logo (Version: 1.0.1)
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Family Feud 3 (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
Garmin Lifetime Updater (Version: 2.1.7)
Google Chrome (Version: 26.0.1410.64)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP Advisor (Version: 3.4.10262.3295)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.1.0)
HP Games (Version: 1.0.2.5)
HP MediaSmart CinemaNow 2.0 (Version: 2.0)
HP Memories Disc (Version: 1.0.4.805)
HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000)
HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000)
HP Photo Creations (Version: 1.0.0.3611)
HP Power Manager (Version: 1.0.3)
HP Quick Launch (Version: 2.1.5)
HP Setup (Version: 8.1.4186.3400)
HP Software Framework (Version: 4.0.39.1)
HP Support Assistant (Version: 6.1.12.1)
HP Wireless Assistant (Version: 4.0.9.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2086)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
iTunes (Version: 11.0.2.26)
Java 7 Update 11 (Version: 7.0.110)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ 6 Update 26 (Version: 6.0.260)
Jewel Quest 3 (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.2907)
LightScribe System Software (Version: 1.18.15.1)
McAfee Security Scan Plus (Version: 2.1.121.2)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Single Image 2010 (Version: 14.0.4763.1000)
Microsoft Office Word 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (Version: 2.0.271.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word 2010 (Version: 14.0.4763.1000)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Norton 360 (Version: 5.2.2.3)
Peggle Deluxe
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.6904)
Plants vs. Zombies
Plants vs. Zombies (Version: 2.2.0.95)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4204)
PowerDirector (Version: 8.0.3003)
QuickTime (Version: 7.73.80.64)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.18.322.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6122)
REALTEK Wireless LAN Software (Version: 1.00.10.0329)
Recovery Manager (Version: 5.5.3023)
Roxio CinemaNow 2.0 (Version: 1.0.278)
RtVOsd (Version: 1.0.3)
Synaptics Pointing Device Driver (Version: 15.0.18.0)
Update Installer for WildTangent Games App
Virtual Families (Version: 2.2.0.95)
Virtual Villagers - The Secret City (Version: 2.2.0.95)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games App (HP Games) (Version: 4.0.5.5)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinWay Resume Deluxe (Version: 11.00.017)
Zuma Deluxe (Version: 2.2.0.95)

==================== Restore Points  =========================

06-04-2013 03:49:34 Scheduled Checkpoint
22-04-2013 07:45:25 Configured PowerStarter
22-04-2013 07:45:36 Configured MediaShow
22-04-2013 07:48:03 Configured LabelPrint
24-04-2013 04:03:15 Restore Operation
26-04-2013 02:44:45 Installed AVG PC TuneUp

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2013 07:49:30 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 528

Start Time: 01ce422762612108

Termination Time: 60000

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: bb46addb-ae1a-11e2-a5fb-643150623494

Error: (04/23/2013 08:08:01 PM) (Source: Application Hang) (User: )
Description: The program SystemPropertiesAdvanced.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1084

Start Time: 01ce4098d1cd484c

Termination Time: 62

Application Path: C:\Windows\system32\SystemPropertiesAdvanced.exe

Report Id: 291ccb55-ac8c-11e2-badd-643150623494

Error: (04/22/2013 09:10:41 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a7c

Start Time: 01ce3fd7eaa06c9e

Termination Time: 63

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: b8f76ed3-abcb-11e2-bee7-643150623494

Error: (04/22/2013 00:49:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: setup.exe_InstallShield, version: 12.0.0.58851, time stamp: 0x45e5fc0e
Faulting module name: ISSetup.dll, version: 12.0.0.58851, time stamp: 0x45e5fbd0
Exception code: 0xc0000005
Fault offset: 0x00072e03
Faulting process id: 0x1374
Faulting application start time: 0xsetup.exe_InstallShield0
Faulting application path: setup.exe_InstallShield1
Faulting module path: setup.exe_InstallShield2
Report Id: setup.exe_InstallShield3

Error: (04/20/2013 03:53:52 AM) (Source: SignInAssistant) (User: )
Description: EnsureServiceStarted failed with hr = 0x800706ba. Started:(53:47:479), Done:(53:52:596)

Error: (04/20/2013 03:50:22 AM) (Source: SignInAssistant) (User: )
Description: EnsureServiceStarted failed with hr = 0x800706ba. Started:(50:17:777), Done:(50:22:894)

Error: (04/20/2013 03:50:17 AM) (Source: SignInAssistant) (User: )
Description: EnsureServiceStarted failed with hr = 0x800706ba. Started:(50:12:582), Done:(50:17:761)

Error: (04/20/2013 03:50:09 AM) (Source: SignInAssistant) (User: )
Description: EnsureServiceStarted failed with hr = 0x800706ba. Started:(50:04:280), Done:(50:09:350)

Error: (04/20/2013 03:50:03 AM) (Source: SignInAssistant) (User: )
Description: StartService failed with hr = 0x8007006d

Error: (04/20/2013 03:49:46 AM) (Source: SignInAssistant) (User: )
Description: EnsureServiceStarted failed with hr = 0x800706ba. Started:(49:41:98), Done:(49:46:168)

System errors:
=============
Error: (04/26/2013 09:30:22 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (04/26/2013 09:30:22 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (04/26/2013 09:29:39 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFS

Error: (04/26/2013 09:29:39 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (04/26/2013 09:29:26 PM) (Source: Service Control Manager) (User: )
Description: The AVG Firewall service terminated with service-specific error %%-536805289.

Error: (04/26/2013 09:29:25 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (04/26/2013 09:29:24 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (04/26/2013 09:29:24 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (04/26/2013 09:29:22 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.

Error: (04/26/2013 09:29:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Microsoft Office Sessions:
=========================
Error: (04/25/2013 07:49:30 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7600.1638552801ce42276261210860000C:\Program Files (x86)\Internet Explorer\iexplore.exebb46addb-ae1a-11e2-a5fb-643150623494

Error: (04/23/2013 08:08:01 PM) (Source: Application Hang)(User: )
Description: SystemPropertiesAdvanced.exe6.1.7600.16385108401ce4098d1cd484c62C:\Windows\system32\SystemPropertiesAdvanced.exe291ccb55-ac8c-11e2-badd-643150623494

Error: (04/22/2013 09:10:41 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7600.16385a7c01ce3fd7eaa06c9e63C:\Program Files (x86)\Internet Explorer\iexplore.exeb8f76ed3-abcb-11e2-bee7-643150623494

Error: (04/22/2013 00:49:09 AM) (Source: Application Error)(User: )
Description: setup.exe_InstallShield12.0.0.5885145e5fc0eISSetup.dll12.0.0.5885145e5fbd0c000000500072e03137401ce3f2d5b3b0dabC:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\setup.exeC:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\ISSetup.dll1cdff023-ab21-11e2-83c0-643150623494

Error: (04/20/2013 03:53:52 AM) (Source: SignInAssistant)(User: )
Description: EnsureServiceStarted failed with hr = 0x800706ba. Started:(53:47:479), Done:(53:52:596)

Error: (04/20/2013 03:50:22 AM) (Source: SignInAssistant)(User: )
Description: EnsureServiceStarted failed with hr = 0x800706ba. Started:(50:17:777), Done:(50:22:894)

Error: (04/20/2013 03:50:17 AM) (Source: SignInAssistant)(User: )
Description: EnsureServiceStarted failed with hr = 0x800706ba. Started:(50:12:582), Done:(50:17:761)

Error: (04/20/2013 03:50:09 AM) (Source: SignInAssistant)(User: )
Description: EnsureServiceStarted failed with hr = 0x800706ba. Started:(50:04:280), Done:(50:09:350)

Error: (04/20/2013 03:50:03 AM) (Source: SignInAssistant)(User: )
Description: StartService failed with hr = 0x8007006d

Error: (04/20/2013 03:49:46 AM) (Source: SignInAssistant)(User: )
Description: EnsureServiceStarted failed with hr = 0x800706ba. Started:(49:41:98), Done:(49:46:168)

CodeIntegrity Errors:
===================================
  Date: 2013-03-13 22:30:36.271
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-13 22:30:36.234
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 66%
Total physical RAM: 1978.82 MB
Available physical RAM: 667.28 MB
Total Pagefile: 3957.65 MB
Available Pagefile: 2140.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.64 GB) (Free:214.24 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.16 GB) (Free:2.48 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (GARMIN) (Removable) (Total:1.77 GB) (Free:0.41 GB) FAT32 (Disk=1 Partition=1)

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB      0 B        
  Disk 1    Online         1828 MB      0 B        
  Disk 2    No Media           0 B      0 B        

Partitions of Disk 0:
===============

Disk ID: 92636A50

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            199 MB  1024 KB
  Partition 2    Primary            280 GB   200 MB
  Partition 3    Primary             17 GB   280 GB
  Partition 4    Primary            103 MB   297 GB

==================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1         SYSTEM       NTFS   Partition    199 MB  Healthy    System (partition with boot components) 

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    280 GB  Healthy    Boot   

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     D   RECOVERY     NTFS   Partition     17 GB  Healthy           

=========================================================

Disk: 0
Partition 4
Type  : 0C
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4         HP_TOOLS     FAT32  Partition    103 MB  Healthy           

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000001

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
* Partition 1    Primary           1828 MB      0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (Size: 298 GB) (Disk ID: 92636A50)
Partition 1: (Active) - (Size=199 MB) - (Type=07) (NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07) (NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07) (NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

====================================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 PM

Posted 27 April 2013 - 04:09 AM

You have run FRST from a Internet Temporary folder. Please note that you should download FRST and save it to your desktop before running.
  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either AVG 2013 or Norton 360.
  • Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait. If needed the tool will reboot the system to finish the fix.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached Files



#7 jeffm518

jeffm518
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 27 April 2013 - 11:41 AM

Thank you for the help and I did that, but I am still getting pop ups and my laptop will shut off after about 50 minutes of being on. (It is also 4 years old as well).



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 PM

Posted 27 April 2013 - 05:31 PM

I will tell you when we are done. This process of malware removal could take a while depending on  how far you can follow the instructions.

 

Please do as it requested and provide me with what is asked to provide.



#9 jeffm518

jeffm518
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 29 April 2013 - 02:43 AM

fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2013 04
Ran by Jeff at 2013-04-27 05:41:26 Run:1
Running from C:\Users\Jeff\Desktop
Boot Mode: Normal
==============================================

HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\\Default value was restored successfully.
C:\$Recycle.Bin\S-1-5-21-1726377485-510308449-175612054-1000\$02815385b3dcaa2ca0832e509dc82d52\n => File not found.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully.
C:\$Recycle.Bin\S-1-5-18\$02815385b3dcaa2ca0832e509dc82d52\n => File not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000002\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000002\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll

=========  netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

Could not move C:\Windows\assembly\GAC_32\Desktop.ini. => Scheduled to move on reboot.
Could not move C:\Windows\assembly\GAC_64\Desktop.ini. => Scheduled to move on reboot.
C:\$Recycle.Bin\S-1-5-21-1726377485-510308449-175612054-1000\$02815385b3dcaa2ca0832e509dc82d52 moved successfully.
C:\$Recycle.Bin\S-1-5-18\$02815385b3dcaa2ca0832e509dc82d52 moved successfully.

=========== Result of Scheduled Files to move ===========
Could not move C:\Windows\assembly\GAC_32\Desktop.ini.
Could not move C:\Windows\assembly\GAC_64\Desktop.ini.

==== End of Fixlog ====



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 PM

Posted 29 April 2013 - 05:36 AM

Please download the latest version of FRST, run it, press Scan and post the log it makes.



#11 jeffm518

jeffm518
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 29 April 2013 - 11:55 PM

I am not sure if this is the latest version of FRST, I just downloaded the links on this page but I got this again

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-04-2013 02
Ran by Jeff at 2013-04-29 10:18:30 Run:2
Running from C:\Users\Jeff\Desktop
Boot Mode: Normal
==============================================

HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\\Default value was restored successfully.
C:\$Recycle.Bin\S-1-5-21-1726377485-510308449-175612054-1000\$02815385b3dcaa2ca0832e509dc82d52\n => File not found.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully.
C:\$Recycle.Bin\S-1-5-18\$02815385b3dcaa2ca0832e509dc82d52\n => File not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000002\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000002\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll

=========  netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

Could not move C:\Windows\assembly\GAC_32\Desktop.ini. => Scheduled to move on reboot.
Could not move C:\Windows\assembly\GAC_64\Desktop.ini. => Scheduled to move on reboot.
C:\$Recycle.Bin\S-1-5-21-1726377485-510308449-175612054-1000\$02815385b3dcaa2ca0832e509dc82d52 => File not found.
C:\$Recycle.Bin\S-1-5-18\$02815385b3dcaa2ca0832e509dc82d52 => File not found.

=========== Result of Scheduled Files to move ===========
Could not move C:\Windows\assembly\GAC_32\Desktop.ini.
Could not move C:\Windows\assembly\GAC_64\Desktop.ini.

==== End of Fixlog ====



#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 PM

Posted 30 April 2013 - 02:17 AM

Before proceeding I would like to request you to read the instruction carefully before carrying it out. This is to prevent doing harm to your system.

 

This was my post:

 

Please download the latest version of FRST, run it, press Scan and post the log it makes.

 

No harm was done, you ran the fix once more. Please run the scan and post the fresh log.



#13 jeffm518

jeffm518
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 30 April 2013 - 09:42 PM

I apologize if I am doing this wrong, I am not very good with computers. I ran it again but for some reason it will not find it when I try to fix it, so this pops up when I ran it.

 

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-04-2013 01
Ran by Jeff (administrator) on 30-04-2013 19:40:42
Running from C:\Users\Jeff\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6245408 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKCU\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKCU\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-05-19] (Hewlett-Packard Company)
HKCU\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKLM-x32\...\Run: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe" [243544 2010-04-13] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446760 2012-01-06] (Garmin)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1573576 2012-12-10] (Ask)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1151152 2013-02-18] ()
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
SearchScopes: HKLM - {3466FAF9-4F32-4E04-A647-7D60C101D440} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {6F017545-F2B2-4B54-8D91-DF52937F102E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {F9C4E365-FA74-4844-90C4-BF56BCCBFA72} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {3466FAF9-4F32-4E04-A647-7D60C101D440} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {6F017545-F2B2-4B54-8D91-DF52937F102E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {F9C4E365-FA74-4844-90C4-BF56BCCBFA72} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {3466FAF9-4F32-4E04-A647-7D60C101D440} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {6F017545-F2B2-4B54-8D91-DF52937F102E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={2F8C2821-6D00-46F8-9851-7BE85AB40C85}&mid=2be28263563347d09d2eb5781686dd67-547ee5186b3c18f3ea7c99382a5b353053af8c8f&lang=en&ds=AVG&pr=pr&d=2013-01-16 15:31:51&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A775ECB3-729A-41DD-88DD-F21D12236511} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=A06E5B06-E385-4F1D-B4DF-BBA93D00DD0B&apn_sauid=8D1ED4B3-8C0B-4EAF-A73A-BEB0D017891E
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4
SearchScopes: HKCU - {F9C4E365-FA74-4844-90C4-BF56BCCBFA72} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)



#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 PM

Posted 01 May 2013 - 03:02 AM

You don't need to run the fix so no need to press Fix button. The log you have posted is not complete. If you find it difficult to copy and paste the log you may attach it to your post.



#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 PM

Posted 05 May 2013 - 10:00 AM

Are you still there?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users