Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help with trojan backdoor 17


  • This topic is locked This topic is locked
3 replies to this topic

#1 tammala

tammala

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 05 August 2013 - 03:58 PM

Mod Edit: Moved to proper forum ~~ boopme

i am not at all good with computers but my computer is infected with the trojan backdoor 17 virus and i cannot remove it.  i did run some kind of scan that i saw on this forum and pasted results below if that helps.  it would be so helpful is someone knows anything about removal :(  THANKS
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-08-2013
Ran by herricks (administrator) on 05-08-2013 13:44:24
Running from C:\Users\herricks\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MSIService.exe
() C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
(Motorola) C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MGSysCtrl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BtAssist.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [13789728 2009-06-06] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [ITSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM\...\Run: [MGSysCtrl] - C:\Program Files\System Control Manager\MGSysCtrl.exe [2068480 2009-07-24] (Micro-Star International Co., Ltd.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [Monitor] - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [298616 2013-04-01] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2285232 2013-07-29] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-05] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [19676256 2013-06-06] (Google)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-4192467120-2439554175-2073552175-1000\$a8000d736ba2f71c10f452d4aca4cdd0\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {01a933ab-ee00-11e0-afa6-89deda97b58a} - G:\setup.exe -a
MountPoints2: {58f70502-75f2-11e0-aa33-90cadc462e90} - F:\iStudio.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\herricks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=2
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://m.www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig
SearchScopes: HKCU - {033DF326-AD16-4755-8377-4E8334E18BD9} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={758A4ACF-631E-4984-8B4A-6786A8E4587A}&mid=1525af4775b9455495cb5c58fa4b9e18-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=us&ds=AVG&pr=fr&d=2013-01-30 13:09:40&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {B1D63494-F151-44ED-05FF-39F2940B4E3C} URL = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU -Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
Toolbar: HKCU -No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.)
R2 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-04-29] ()
R2 vToolbarUpdater15.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-29] (AVG Secure Search)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-25] (ArcSoft, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-07-29] (AVG Technologies)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-05 13:44 - 2013-08-05 13:44 - 00000000 ____D C:\FRST
2013-08-05 13:43 - 2013-08-05 13:44 - 01228808 _____ (Farbar) C:\Users\herricks\Desktop\FRST.exe
2013-07-29 19:55 - 2013-07-29 19:57 - 00000302 _____ C:\Users\herricks\Desktop\avgrep.txt
2013-07-20 01:51 - 2013-07-20 01:51 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00208184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00171320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00060216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2013-07-16 16:44 - 2013-06-11 16:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-16 16:44 - 2013-06-11 16:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-16 16:44 - 2013-06-11 16:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-16 16:44 - 2013-06-11 16:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-16 16:44 - 2013-06-11 16:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-16 16:44 - 2013-06-11 16:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-16 16:44 - 2013-06-11 16:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-16 16:44 - 2013-06-11 16:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-16 16:44 - 2013-06-11 16:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-16 16:44 - 2013-06-11 16:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-16 16:44 - 2013-06-11 16:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-16 16:44 - 2013-06-11 16:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-16 16:44 - 2013-06-11 16:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-16 16:44 - 2013-06-11 16:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-16 16:44 - 2013-06-11 15:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-16 16:44 - 2013-06-06 19:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-15 15:47 - 2013-07-15 15:47 - 00141618 _____ C:\Windows\PFRO.log
2013-07-15 13:50 - 2013-06-04 20:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-15 13:50 - 2013-06-03 21:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-15 13:50 - 2013-05-05 21:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-15 13:50 - 2013-04-09 16:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-15 13:42 - 2013-07-15 13:42 - 00000000 ____D C:\Users\herricks\AppData\Roaming\AVG2013
2013-07-15 13:40 - 2013-07-30 13:10 - 00000905 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-15 13:40 - 2013-07-15 13:40 - 00000000 ____D C:\Users\herricks\AppData\Roaming\TuneUp Software
2013-07-15 13:37 - 2013-07-15 13:41 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-15 13:34 - 2013-07-29 19:55 - 00000000 ____D C:\Users\herricks\AppData\Local\Avg2013
2013-07-15 13:34 - 2013-07-15 13:34 - 00000000 ____D C:\Users\herricks\AppData\Local\MFAData
2013-07-10 01:32 - 2013-07-10 01:32 - 00039224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2013-07-09 16:42 - 2013-07-09 16:42 - 00000000 ____D C:\Program Files\GUM665F.tmp
2013-07-07 11:26 - 2013-07-07 11:26 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-07 11:26 - 2013-07-07 11:26 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-07 11:26 - 2013-07-07 11:26 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-07 11:26 - 2013-07-07 11:26 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-07 11:26 - 2013-07-07 11:26 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-07 11:26 - 2013-07-07 11:26 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-07 11:26 - 2013-07-07 11:26 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-07 11:26 - 2013-07-07 11:26 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-07 11:26 - 2013-07-07 11:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-07 11:26 - 2013-07-07 11:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-07 11:26 - 2013-07-07 11:26 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-07 11:23 - 2013-07-08 20:44 - 00006571 _____ C:\Windows\IE10_main.log
==================== One Month Modified Files and Folders =======
2013-08-05 14:17 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-08-05 13:44 - 2013-08-05 13:44 - 00000000 ____D C:\FRST
2013-08-05 13:44 - 2013-08-05 13:43 - 01228808 _____ (Farbar) C:\Users\herricks\Desktop\FRST.exe
2013-08-05 13:43 - 2009-09-10 05:46 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-05 13:40 - 2013-05-21 20:50 - 00000000 ___SD C:\Users\herricks\Google Drive
2013-08-05 13:40 - 2009-12-19 14:54 - 00000000 ____D C:\Users\herricks\Tracing
2013-08-05 13:39 - 2013-06-19 14:35 - 00000448 _____ C:\Windows\setupact.log
2013-08-05 13:39 - 2013-06-07 16:57 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-08-05 13:39 - 2012-01-05 19:44 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-05 13:39 - 2011-01-17 18:08 - 00000000 ____D C:\Program Files\Yontoo Layers Client
2013-08-05 13:39 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-05 13:37 - 2013-06-27 14:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-05 13:31 - 2009-07-13 21:34 - 00017600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-05 13:31 - 2009-07-13 21:34 - 00017600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-05 13:27 - 2009-10-27 15:03 - 01902621 _____ C:\Windows\WindowsUpdate.log
2013-08-05 13:00 - 2010-10-18 12:43 - 00000000 ____D C:\ProgramData\MFAData
2013-08-05 12:55 - 2012-01-05 19:44 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-03 15:54 - 2009-10-27 15:30 - 00000000 ____D C:\Users\herricks\AppData\Roaming\ArcSoft
2013-07-30 13:10 - 2013-07-15 13:40 - 00000905 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-29 19:57 - 2013-07-29 19:55 - 00000302 _____ C:\Users\herricks\Desktop\avgrep.txt
2013-07-29 19:55 - 2013-07-15 13:34 - 00000000 ____D C:\Users\herricks\AppData\Local\Avg2013
2013-07-29 19:50 - 2013-06-19 13:31 - 00000000 ____D C:\ProgramData\PCPitstop
2013-07-29 19:50 - 2013-06-19 13:31 - 00000000 ____D C:\Program Files\PCPitstop
2013-07-29 19:50 - 2013-01-30 14:09 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-07-29 19:49 - 2013-02-27 20:35 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2013-07-20 01:51 - 2013-07-20 01:51 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00208184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00171320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00060216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2013-07-18 17:13 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-16 17:08 - 2009-07-13 21:33 - 00344544 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-16 17:06 - 2009-10-27 15:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 17:05 - 2009-09-10 06:28 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-16 17:05 - 2009-07-13 21:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 16:39 - 2009-10-29 20:06 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-16 16:38 - 2009-09-10 05:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-15 17:32 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2013-07-15 15:47 - 2013-07-15 15:47 - 00141618 _____ C:\Windows\PFRO.log
2013-07-15 14:04 - 2010-06-07 19:05 - 00000000 ____D C:\Program Files\AVG
2013-07-15 13:42 - 2013-07-15 13:42 - 00000000 ____D C:\Users\herricks\AppData\Roaming\AVG2013
2013-07-15 13:41 - 2013-07-15 13:37 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-15 13:40 - 2013-07-15 13:40 - 00000000 ____D C:\Users\herricks\AppData\Roaming\TuneUp Software
2013-07-15 13:39 - 2010-12-01 10:52 - 00000000 ___HD C:\$AVG
2013-07-15 13:34 - 2013-07-15 13:34 - 00000000 ____D C:\Users\herricks\AppData\Local\MFAData
2013-07-10 01:32 - 2013-07-10 01:32 - 00039224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2013-07-09 16:43 - 2010-10-25 08:59 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-07-09 16:42 - 2013-07-09 16:42 - 00000000 ____D C:\Program Files\GUM665F.tmp
2013-07-08 20:44 - 2013-07-07 11:23 - 00006571 _____ C:\Windows\IE10_main.log
2013-07-07 11:26 - 2013-07-07 11:26 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-07 11:26 - 2013-07-07 11:26 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-07 11:26 - 2013-07-07 11:26 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-07 11:26 - 2013-07-07 11:26 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-07 11:26 - 2013-07-07 11:26 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-07 11:26 - 2013-07-07 11:26 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-07 11:26 - 2013-07-07 11:26 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-07 11:26 - 2013-07-07 11:26 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-07 11:26 - 2013-07-07 11:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-07 11:26 - 2013-07-07 11:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-07 11:26 - 2013-07-07 11:26 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-07 11:26 - 2013-07-07 11:26 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-4192467120-2439554175-2073552175-1000\$a8000d736ba2f71c10f452d4aca4cdd0
Files to move or delete:
====================
C:\Users\herricks\g2ax_customer_downloadhelper_win32_x86.exe
C:\Windows\Tasks\At1.job
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-03 13:13
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-08-2013
Ran by herricks at 2013-08-05 13:45:54
Running from C:\Users\herricks\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
 Update for Microsoft Office 2007 (KB2508958)
360Share Pro(remove only)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 Plugin (Version: 10.0.22.87)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader 9.5.3 (Version: 9.5.3)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.10.65)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 3.0.255.331)
ArcSoft WebCam Companion 3 (Version: 3.0.32.134)
Atari Breakout (Version: 1.0)
Atari Classics Evolved-Breakout
Atari Classics Evolved-Breakout (Version: 1.0)
AVG 2013 (Version: 13.0.3209)
AVG 2013 (Version: 13.0.3392)
AVG 2013 (Version: 2013.0.3392)
AVG PC Tuneup 2011 (Version: 10.0.0.22)
AVG Security Toolbar (Version: 15.4.0.5)
Bluetooth Stack for Windows by Toshiba (Version: v7.00.05)
Bonjour (Version: 2.0.5.0)
BurnRecovery (Version: 3.0.908.2201)
CCleaner (Version: 3.05)
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.0)
Free Window Registry Repair
Google Drive (Version: 1.10.4769.632)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 3050 J610 series Help (Version: 140.0.63.63)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 22.50.231.0)
HP Photo Creations (Version: 1.0.0.3781)
HP Update (Version: 5.002.006.003)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 39 (Version: 6.0.390)
Junk Mail filter update (Version: 14.0.8050.1202)
LeapFrog Connect (Version: 4.2.14.16426)
LeapFrog Leapster Explorer Plugin (Version: 4.2.13.16151)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
MotoConnect (Version: 1.1.25)
Motorola Driver Installation 4.6.0 (Version: 4.6.0)
Move Media Player
MSI Software Install (Version: 3.0.908.2001)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers (Version: 1.3)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Picasa 3 (Version: 3.8)
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver (Version: 6.0.1.5859)
Search Toolbar (Version: 1.2)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
swMSM (Version: 12.0.0.1)
System Control Manager (Version: 2.209.0724.004.10)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Family Safety (Version: 14.0.8052.1208)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
WinRAR archiver
Yontoo Layers Client 1.10.01 (Version: 1.10.01)
 
==================== Restore Points  =========================
31-07-2013 01:06:37 Scheduled Checkpoint
==================== Hosts content: ==========================
2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {29A94CEB-D6B0-4C7B-876E-4E1C30A37379} - System32\Tasks\5040 => C:\Windows\System32\wscript.exe [2009-07-13] (Microsoft Corporation)
Task: {46654589-63A6-4DCE-895F-ADDC615E5DB7} - System32\Tasks\At1 => C:\Windows\System32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {47449A59-B1F0-4B2A-B2A2-D93939FDA31A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-05] (Google Inc.)
Task: {4BA5F8B3-9EDF-4D19-8DC1-2C24033238AA} - System32\Tasks\MyCleanPC Registry Cleaner => C:\Program Files\CyberDefender\Registry Scanner\CDregclean.exe No File
Task: {6D053452-5725-4E89-ACD3-74F4205A611F} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe [2013-06-11] (Microsoft Corporation)
Task: {771950C7-5C3D-42B6-88B0-4F563F55295A} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {87F12A94-7476-44E5-A2A2-D5D07892F2BB} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{2D746FF7-C712-44B0-86CC-DC1DC98676C4}.exe No File
Task: {914FE1BA-02A4-426C-891F-7ACD05CD5242} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9A0517D-F9FB-4A14-AD1F-86A4E7769AFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-05] (Google Inc.)
Task: {E716DF82-740E-4F3D-949F-36F7AFBB1BED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-27] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => –¥FAH¢æòhfD$jFa<
 sà!Û ,,
rundll32.exePadvpack.dll,DelNodeRunDLL32 C:\Users\herricks\AppData\Local\Temp\MSI8CE2.tmp,14SYSTEMCreated by NetScheduleJobAdd.0Û ,twar;~È›<¾±–ÁX?pÜéØk_>Cïðµ7<JŸ‹Õ.#î`%׳êR&®cÁ“í㾂+?ËôOЩ?-
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{2D746FF7-C712-44B0-86CC-DC1DC98676C4}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/03/2013 03:54:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xc9c
Faulting application start time: 0xACDaemon.exe0
Faulting application path: ACDaemon.exe1
Faulting module path: ACDaemon.exe2
Report Id: ACDaemon.exe3
Error: (08/03/2013 03:54:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: ArcCon.ac, version: 1.1.0.48, time stamp: 0x4c748cdb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xcb4
Faulting application start time: 0xArcCon.ac0
Faulting application path: ArcCon.ac1
Faulting module path: ArcCon.ac2
Report Id: ArcCon.ac3
Error: (07/24/2013 06:09:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16635, time stamp: 0x51b7a921
Faulting module name: AcroRd32.dll_unloaded, version: 0.0.0.0, time stamp: 0x50d1cc1f
Exception code: 0xc0000005
Fault offset: 0x58b0230f
Faulting process id: 0x1b1c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Error: (06/27/2013 02:15:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: InstallFlashPlayer.exe, version: 11.0.1.152, time stamp: 0x4e7d1453
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002e7960
Faulting process id: 0x35e0
Faulting application start time: 0xInstallFlashPlayer.exe0
Faulting application path: InstallFlashPlayer.exe1
Faulting module path: InstallFlashPlayer.exe2
Report Id: InstallFlashPlayer.exe3
Error: (06/14/2013 11:38:00 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16483 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 20fc
Start Time: 01ce692da7cad600
Termination Time: 84
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:
Error: (06/14/2013 11:31:02 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
The parameter is incorrect.
.
Error: (06/14/2013 11:31:00 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
The parameter is incorrect.
.
Error: (06/08/2013 01:01:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
The parameter is incorrect.
.
Error: (06/08/2013 01:01:19 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
The parameter is incorrect.
.
Error: (06/01/2013 11:54:23 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
The parameter is incorrect.
.
System errors:
=============
Error: (08/05/2013 01:39:09 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:36:57 PM on ‎8/‎5/‎2013 was unexpected.
Error: (07/29/2013 07:55:58 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (07/29/2013 07:55:55 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (07/29/2013 07:55:55 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (07/29/2013 07:55:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (07/29/2013 07:55:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (07/29/2013 07:55:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (07/29/2013 07:55:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (07/29/2013 07:55:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (07/29/2013 07:55:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 50%
Total physical RAM: 2815.24 MB
Available physical RAM: 1382.08 MB
Total Pagefile: 5628.77 MB
Available Pagefile: 3909.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.75 MB
==================== Drives ================================
Drive c: (OS_Install) (Fixed) (Total:89.15 GB) (Free:14.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:133.73 GB) (Free:126.5 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 51CCF600)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=89 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=134 GB) - (Type=07 NTFS)
==================== End Of Log ============================

Edited by boopme, 05 August 2013 - 07:44 PM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:14 PM

Posted 07 August 2013 - 03:44 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download a new version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,
Georgi


cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:14 PM

Posted 11 August 2013 - 01:36 AM

Hi,

It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 72 hours.


Regards,
Georgi


cXfZ4wS.png


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:14 PM

Posted 14 August 2013 - 12:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users